184 research outputs found
Secret Little Functions and Codebook for Protecting Users from Password Theft
AbstractâIn this paper, we discuss how to prevent usersâ passwords from being stolen by adversaries. We propose differentiated security mechanisms in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security. The tradeoff is that the stronger the scheme, the more complex the scheme may be. Among the schemes, we have a default method (i.e., traditional password scheme), system recommended function, user-specified function, user-specified program, etc. A function/program is used to implement the virtual password concept with a trade off of security for complexity requiring a small amount of human computing. We further propose codebook approach to serve as system recommended functions and provide a security analysis. For user-specified functions, we adopt secret little functions, in which security is enhanced by hiding secret functions/algorithms. I
A secure email login system using virtual password
In today's world password compromise by some adversaries is common for
different purpose. In ICC 2008 Lei et al. proposed a new user authentication
system based on the virtual password system. In virtual password system they
have used linear randomized function to be secure against identity theft
attacks, phishing attacks, keylogging attack and shoulder surfing system. In
ICC 2010 Li's given a security attack on the Lei's work. This paper gives
modification on Lei's work to prevent the Li's attack with reducing the server
overhead. This paper also discussed the problems with current password recovery
system and gives the better approach
Malware Detection and Prevention
Malware first appeared in 1971, before broadband internet even existed. The first variations began with people just testing what they could do and were not malicious. Eventually, that time came to an end once cybercriminals began to realize that they could wreak havoc and profit from creating malware. Almost at the same time, cybersecurity was created to help combat these viruses and malicious attacks by cybercriminals. This project paper will dive into the technical issues that arise from malware detection and prevention. It starts with defining malware and goes over the history of malware from its birth to today. Then this paper will list all of the different variations of malware and the processes they execute to break into systems and propagate. Next, it goes over the different variations of malware defenses, starting with antivirus software. The paper will define antivirus software and how it functions as well as provide a history. Then it will dive into cryptographic defenses to define, provide history, and explain the methods employed by cryptography. Finally, it will go over firewalls explaining how they function and their history. Malware will never cease to exist, so it is highly important to consider what computer and network technologies you should employ to protect yourself. This paper isnât just to dismiss malware but to help people understand better how these technologies can work to prevent malware attacks both during and before the attack even happens.
Key Words: Malware, Antivirus Software, Cryptography, Firewall, Key, Cipher, Gatewa
The Economic Espionage Act of 1996: A 15 Year Review
It is estimated that the United States alone loses $300 billion annually to economic espionage. The purpose of the paper is to understand the occurrence and defining characteristics of economic espionage. This is accomplished through the series of proposed research questions related to the Economic Espionage Act of 1996. These questions include: occurrence rates, offender demographics, victim demographics, and victim-offender relationship. Archival data analysis of all 18 USC §1832 prosecutions from 1996-2011, will answer each proposed research question. The results will provide worldwide corporations with statistical support to help combat economic espionage. Specifically, descriptive statistics, such as mean, median, and mode, will be used to explain the nature and extent of economic espionage as defined under 18 USC §1832. Ultimately, this study found that economic espionage is a major problem for the United States, affecting a variety of classifications of companies
A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends
This paper examines the security vulnerabilities and threats imposed by the
inherent open nature of wireless communications and to devise efficient defense
mechanisms for improving the wireless network security. We first summarize the
security requirements of wireless networks, including their authenticity,
confidentiality, integrity and availability issues. Next, a comprehensive
overview of security attacks encountered in wireless networks is presented in
view of the network protocol architecture, where the potential security threats
are discussed at each protocol layer. We also provide a survey of the existing
security protocols and algorithms that are adopted in the existing wireless
network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term
evolution (LTE) systems. Then, we discuss the state-of-the-art in
physical-layer security, which is an emerging technique of securing the open
communications environment against eavesdropping attacks at the physical layer.
We also introduce the family of various jamming attacks and their
counter-measures, including the constant jammer, intermittent jammer, reactive
jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the
integration of physical-layer security into existing authentication and
cryptography mechanisms for further securing wireless networks. Finally, some
technical challenges which remain unresolved at the time of writing are
summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201
Defending secrets, sharing data: new locks and keys for electronic information
This report examines Federal policies directed at protecting information, particularly in electronic communications systems
An Overview of Cryptography (Updated Version, 3 March 2016)
There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations.
A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998
Measuring Information Security Awareness Efforts in Social Networking Sites â A Proactive Approach
For Social Network Sites to determine the effectiveness of their Information Security Awareness (ISA) techniques, many measurement and evaluation techniques are now in place to ensure controls are working as intended. While these techniques are inexpensive, they are all incident- driven as they are based on the occurrence of incident(s). Additionally, they do not present a true reflection of ISA since cyber-incidents are hardly reported. They are therefore adjudged to be post-mortem and risk permissive, the limitations that are inacceptable in industries where incident tolerance level is low. This paper aims at employing a non-incident statistic approach to measure ISA efforts. Using an object- oriented programming approach, PhP is employed as the coding language with MySQL database engine at the back-end to develop sOcialistOnline â a Social Network Sites (SNS) fully secured with multiple ISA techniques. Rather than evaluating the effectiveness of ISA efforts by success of attacks or occurrence of an event, password scanning is implemented to proactively measure the effects of ISA techniques in sOcialistOnline. Thus, measurement of ISA efforts is shifted from detective and corrective to preventive and anticipatory paradigms which are the best forms of information security approach
NFC Security Solution for Web Applications
Töö eesmÀrgiks on vÔrrelda erinevaid eksisteerivaid veebirakenduste turvalahendusi,
analuÌuÌsida NFC sobivust turvalahenduste loomiseks ning pakkuda vĂ€lja uus NFC
autentimise ja signeerimise lahendus lÀbi Google Cloud Messaging teenuse ja NFC Java
Cardâi. Autori pakutud lahendus vĂ”imaldab kasutajal ennast autentida ja signeerida lĂ€bi
NFC mobiiliseadme ja NFC Java Cardâi, nĂ”udmata kasutajalt eraldi kaardilugejat. Antud
lahendust on vĂ”imalik kasutada kui uÌhtset kasutajatuvastamise viisi erinevatele
rakendustele, ilma lisaarenduseta.This thesis compares existing and possible security solutions for web applications, analyses
NFC compatibility for security solutions and proposes a new NFC authentication and
signing solution using Google Cloud Messaging service and NFC Java Card. This new
proposed solution enables authentication and signing via NFC enabled mobile phone and
NFC Java Card without any additional readers or efforts to be made. This smart card solution
can be used within multiple applications and gives the possibility to use same authentication
solution within different applications
- âŠ