10,654 research outputs found
Review of Considerations for Mobile Device based Secure Access to Financial Services and Risk Handling Strategy for CIOs, CISOs and CTOs
The information technology and security stakeholders like CIOs, CISOs and
CTOs in financial services organization are often asked to identify the risks
with mobile computing channel for financial services that they support. They
are also asked to come up with approaches for handling risks, define risk
acceptance level and mitigate them. This requires them to articulate strategy
for supporting a huge variety of mobile devices from various vendors with
different operating systems and hardware platforms and at the same time stay
within the accepted risk level. These articulations should be captured in
information security policy document or other suitable document of financial
services organization like banks, payment service provider, etc. While risks
and mitigation approaches are available from multiple sources, the senior
stakeholders may find it challenging to articulate the issues in a
comprehensive manner for sharing with business owners and other technology
stakeholders. This paper reviews the current research that addresses the issues
mentioned above and articulates a strategy that the senior stakeholders may use
in their organization. It is assumed that this type of comprehensive strategy
guide for senior stakeholders is not readily available and CIOs, CISOs and CTOs
would find this paper to be very useful
Algorithms and Approaches of Proxy Signature: A Survey
Numerous research studies have been investigated on proxy signatures over the
last decade. This survey reviews the research progress on proxy signatures,
analyzes a few notable proposals, and provides an overall remark of these
proposals.Comment: 29 page
The Nuts and Bolts of Micropayments: A Survey
In this paper, we undertake a comprehensive survey of key trends and
innovations in the development of research-based and commercial micropayment
systems. Based on our study, we argue that past solutions have largely failed
because research has focused heavily on cryptographic and engineering
innovation, whereas fundamental issues pertaining to usability, psychology, and
economics have been neglected. We contextualize the range of existing
challenges for micropayments systems, discuss potential deployment strategies,
and identify critical stumbling blocks, some of which we believe researchers
and developers have yet to fully recognize. We hope this effort will motivate
and guide the development of micropayments systems.Comment: preprin
PKI in Government Identity Management Systems
The purpose of this article is to provide an overview of the PKI project
initiated part of the UAE national ID card program. It primarily shows the
operational model of the PKI implementation that is indented to integrate the
federal government identity management infrastructure with e-government
initiatives owners in the country. It also explicates the agreed structure of
the major components in relation to key stakeholders; represented by federal
and local e-government authorities, financial institutions, and other
organizations in both public and private sectors. The content of this article
is believed to clarify some of the misconceptions about PKI implementation in
national ID schemes, and explain how the project is envisaged to encourage the
diffusion of e-government services in the United Arab Emirates. The study
concludes that governments in the Middle East region have the trust in PKI
technology to support their e-government services and expanding outreach and
population trust, if of course accompanied by comprehensive digital laws and
policies.Comment: 28 pages, 9 figures, 3 table
From Pretty Good To Great: Enhancing PGP using Bitcoin and the Blockchain
PGP is built upon a Distributed Web of Trust in which the trustworthiness of
a user is established by others who can vouch through a digital signature for
that particular identity. Preventing its wholesale adoption are a number of
inherent weaknesses to include (but not limited to) the following: 1) Trust
Relationships are built on a subjective honor system, 2) Only first degree
relationships can be fully trusted, 3) Levels of trust are difficult to
quantify with actual values, and 4) Issues with the Web of Trust itself
(Certification and Endorsement). Although the security that PGP provides is
proven to be reliable, it has largely failed to garner large scale adoption. In
this paper, we propose several novel contributions to address the
aforementioned issues with PGP and associated Web of Trust. To address the
subjectivity of the Web of Trust, we provide a new certificate format based on
Bitcoin which allows a user to verify a PGP certificate using Bitcoin
identity-verification transactions - forming first degree trust relationships
that are tied to actual values (i.e., number of Bitcoins transferred during
transaction). Secondly, we present the design of a novel Distributed PGP key
server that leverages the Bitcoin transaction blockchain to store and retrieve
Bitcoin-Based PGP certificates. Lastly, we provide a web prototype application
that demonstrates several of these capabilities in an actual environment
Security Protocols in a Nutshell
Security protocols are building blocks in secure communications. They deploy
some security mechanisms to provide certain security services. Security
protocols are considered abstract when analyzed, but they can have extra
vulnerabilities when implemented. This manuscript provides a holistic study on
security protocols. It reviews foundations of security protocols, taxonomy of
attacks on security protocols and their implementations, and different methods
and models for security analysis of protocols. Specifically, it clarifies
differences between information-theoretic and computational security, and
computational and symbolic models. Furthermore, a survey on computational
security models for authenticated key exchange (AKE) and password-authenticated
key exchange (PAKE) protocols, as the most important and well-studied type of
security protocols, is provided.Comment: Based on the introduction part of the author's dissertatio
Strange bedfellows? Keyword and conceptual search unite to make sense of relevant ESI in electronic discovery
In the brief history of electronic discovery, the latter part of the twentieth century witnessed the
demise of paper by a digital hero that emancipated the content of paper documents with OCR
and TIFF. This technology added a third dimension to the realm of 2D paper document review
and production that lead to a sea change in discovery methods. By many accounts what we have
before us is a three-stage evolution from paper to digital to clustering in order to overcome the
problems of volume and complexity of ESI. The intent of this position paper is to describe the
development of the digital hero and methodology that is emancipating the content and context of
ESI – conceptual search that spans file formats, languages and technique, and includes keyword
search on a common, shared index
Fully device independent quantum key distribution
The laws of quantum mechanics allow unconditionally secure key distribution
protocols. Nevertheless, security proofs of traditional quantum key
distribution (QKD) protocols rely on a crucial assumption, the trustworthiness
of the quantum devices used in the protocol. In device-independent QKD, even
this last assumption is relaxed: the devices used in the protocol may have been
adversarially prepared, and there is no a priori guarantee that they perform
according to specification. Proving security in this setting had been a central
open problem in quantum cryptography.
We give the first device-independent proof of security of a protocol for
quantum key distribution that guarantees the extraction of a linear amount of
key even when the devices are subject to a constant rate of noise. Our only
assumptions are that the laboratories in which each party holds his or her own
device are spatially isolated, and that both devices, as well as the
eavesdropper, are bound by the laws of quantum mechanics. All previous proofs
of security relied either on the use of many independent pairs of devices, or
on the absence of noise.Comment: 25 page
Fair exchange in e-commerce and certified e-mail, new scenarios and protocols
We are witnessing a steady growth in the use of Internet in the electronic commerce field. This rise is promoting the migration from traditional processes and applications (paper based) to an electronic model. But the security of electronic transactions continues to pose an impediment to its implementation. Traditionally, most business transactions were conducted in person. Signing a contract required the meeting of all interested parties, the postman delivered certified mail in hand, and when paying for goods or services both customer and provider were present. When all parties are physically present, a transaction does not require a complex protocol. The participants acknowledge the presence of the other parties as assurance that they will receive their parts, whether a signature on a contract, or a receipt, etc. But with e-commerce growing in importance as sales and business channel, all these transactions have moved to its digital counterpart. Therefore we have digital signature of contracts, certified delivery of messages and electronic payment systems. With electronic transactions, the physical presence is not required,moreover, most of the times it is even impossible. The participants in a transaction can be thousands of kilometers away from each other, and they may not even be human participants, they can be machines. Thus, the security that the transaction will be executed without incident is not assured per se, we need additional security measures. To address this problem, fair exchange protocols were developed. In a fair exchange every party involved has an item that wants to exchange, but none of the participants is willing to give his item away unless he has an assurance he will receive the corresponding item from the other participants. Fair exchange has many applications, like digital signature of contracts, where the items to be exchanged are signatures on contracts, certified delivery of messages, where we exchange a message for evidence of receipt, or a payment process, where we exchange a payment (e-cash, e-check, visa, etc.) for digital goods or a receipt. The objective of this dissertation is the study of the fair exchange problem. In particular, it presents two new scenarios for digital contracting, the Atomic Multi- Two Party (AM2P) and the Agent Mediated Scenario (AMS), and proposes one optimistic contract signing protocol for each one. Moreover, it studies the efficiency of Multi-Party Contract Signing (MPCS) protocols from their architecture point of view, presenting a new lower bound for each architecture, in terms of minimum number of transactions needed. Regarding Certified Electronic Mail (CEM), this dissertation presents two optimistic CEMprotocols designed to be deployed on thecurrent e-mail infrastructure, therefore they assume the participation of multiple Mail Transfer Agents (MTAs). In one case, the protocol assumes untrusted MTAs whereas in the other one it assumes each User Agent (UA) trusts his own MTA. Regarding payment systems, this dissertation presents a secure and efficient electronic bearer bank check scheme allowing the electronic checks to be transferred fairly and anonymously.L’ús d’Internet en l’à mbit del comerç electrònic està experimentant un creixement estable. Aquest increment d’ús està promovent lamigració de processos tradicionals i aplicacions (basades en paper) cap a un model electrònic. Però la seguretat de les transaccions electròniques continua impedint la seva implantació. Tradicionalment, la majoria de les transaccions s’han dut a terme en persona. La firma d’un contracte requeria la presència de tots els firmants, el carter entrega les cartes certificades enmà , i quan es paga per un bé o servei ambdós venedor i comprador hi són presents. Quan totes les parts hi són presents, les transaccions no requereixen un protocol complex. Els participants assumeixen la presència de les altres parts com assegurança que rebran el que esperen d’elles, ja sigui la firma d’un contracte, un rebut d’entrega o un pagament. Però amb el creixement del comerç electrònic com a canal de venda i negoci, totes aquestes transaccions s’hanmogut al seu equivalent en el món electrònic. Aixà doncs tenim firma electrònica de contractes, enviament certificat de missatges, sistemes de pagament electrònic, etc. En les transaccions electròniques la presència fÃsica no és necessà ria, de fet, la majoria de vegades és fins it tot impossible. Els participants poden estar separats permilers de kilòmetres, i no és necessari que siguin humans, podrien sermà quines. Llavors, la seguretat de que la transacció s’executarà correctament no està assegurada per se, necessitem proporcionar mesures de seguretat addicionals. Per solucionar aquest problema, es van desenvolupar els protocols d’intercanvi equitatiu. En un intercanvi equitatiu totes les parts involucrades tenen un objecte que volen intercanviar, però cap de les parts implicades vol donar el seu objecte si no té la seguretat que rebrà els objectes de les altres parts. L’intercanvi equitatiu té multitud d’aplicacions, com la firma electrònica de contractes, on els elements a intercanviar son firmes de contractes, enviament certificat demissatges, on s’intercanvien unmissatge per una evidència de recepció, o un procés de pagament, on intercanviemun pagament (e-cash, visa, e-xec, etc.) per bens digitals o per un rebut. L’objectiu d’aquesta tesi és estudiar el problema de l’intercanvi equitatiu. En particular, la tesi presenta dos nous escenaris per a la firma electrònica de contractes, l’escenari multi-two party atòmic i l’escenari amb agents intermediaris, i proposa un protocol optimista per a cada un d’ells. A més, presenta un estudi de l’eficiència dels protocols de firma electrònica multi-part (Multi-Party Contract Signing (MPCS) protocols) des del punt de vista de la seva arquitectura, presentant una nova fita per a cada una, en termes de mÃnim nombre de transaccions necessà ries. Pel que fa al correu electrònic certificat, aquesta tesi presenta dos protocols optimistes dissenyats per a ser desplegats damunt l’infraestructura actual de correu electrònic, per tant assumeix la participació demúltiples agents de transferència de correu. Un dels protocols assumeix que cap dels agents de transferència de correu participants és de confiança,mentre que l’altre assumeix que cada usuari confia en el seu propi agent. Pel que fa a sistemes de pagament, la tesi presenta un esquema de xec bancari al portador, eficient i segur, que garanteix que la transferència dels xecs es fa demanera anònima i equitativa
Evaluating e-voting: theory and practice
In the Netherlands as well as many other countries, the use of electronic
voting solutions is a recurrent topic of discussion. While electronic voting
certainly has advantages over paper voting, there are also important risks
involved. This paper presents an analysis of benefits and risks of electronic
voting, and shows the relevance of these issues by means of three case studies
of real-world implementations. Additionally, techniques that may be employed to
improve upon many of the current systems are presented. We conclude that the
advantages of E-voting do not outweigh the disadvantages, as the resulting
reduced verifiability and transparency seem hard to overcome.Comment: 19 page
- …