328 research outputs found
The Value of User-Visible Internet Cryptography
Cryptographic mechanisms are used in a wide range of applications, including
email clients, web browsers, document and asset management systems, where
typical users are not cryptography experts. A number of empirical studies have
demonstrated that explicit, user-visible cryptographic mechanisms are not
widely used by non-expert users, and as a result arguments have been made that
cryptographic mechanisms need to be better hidden or embedded in end-user
processes and tools. Other mechanisms, such as HTTPS, have cryptography
built-in and only become visible to the user when a dialogue appears due to a
(potential) problem. This paper surveys deployed and potential technologies in
use, examines the social and legal context of broad classes of users, and from
there, assesses the value and issues for those users
SoK: Why Johnny Can't Fix PGP Standardization
Pretty Good Privacy (PGP) has long been the primary IETF standard for
encrypting email, but suffers from widespread usability and security problems
that have limited its adoption. As time has marched on, the underlying
cryptographic protocol has fallen out of date insofar as PGP is unauthenticated
on a per message basis and compresses before encryption. There have been an
increasing number of attacks on the increasingly outdated primitives and
complex clients used by the PGP eco-system. However, attempts to update the
OpenPGP standard have failed at the IETF except for adding modern cryptographic
primitives. Outside of official standardization, Autocrypt is a "bottom-up"
community attempt to fix PGP, but still falls victim to attacks on PGP
involving authentication. The core reason for the inability to "fix" PGP is the
lack of a simple AEAD interface which in turn requires a decentralized public
key infrastructure to work with email. Yet even if standards like MLS replace
PGP, the deployment of a decentralized PKI remains an open issue
Pretty Good Privacy: An e-mail Security Protocol
Security has been an issue in mail from ancient times. Security is still important today.E-mail is as fast and casual as a voice phone call, but can be save and retrieved withinfinitely greater efficiency than paper letters or taped conversations. Security in maildeals first with reliable delivery to the addressee. Security, that is confidential, reliableand known delivery is essential to the success of e-mail. In other words people will notuse a mail system that they cannot trust to deliver their messages. This paper describes the basic approaches for e-mail security and discusses the advanced email security mechanism i.e. Pretty Good Privacy (PGP
Security: Hash Function-authentications
As security or firewall administrator, we got basically the same concerns (as a plumber) the size of the pipe the contents of the pipe, making sure the correct traffic is in the correct pipes and keeping the pipes from splitting and leaking all over the places of course like plumbers. When the pipes do leak: we are the ones responsible for cleaning up the mess and we are the ones who come up smelling awful. Firewall is a device that is used to provide protection to a system from network-based security threats. The firewall uses service, behavior, user and direction control techniques
Comparison of different ways to avoid internet traffic interception
Projecte fet en col.laboració amb la Norwegian University of Science and Technology. Department of Telematic EngineeringEnglish: The main objective of this thesis is to analyze and compare different ways to avoid the Internet traffic eavesdropping (carried out both by governments or malicious particulars). The analysis consists on a description of the different protocols and technologies involved in each option as well as the difficulties to implement them and the technical knowledge of the users in order to take profit of them
- …