1,521 research outputs found
Homomorphic Encryption for Speaker Recognition: Protection of Biometric Templates and Vendor Model Parameters
Data privacy is crucial when dealing with biometric data. Accounting for the
latest European data privacy regulation and payment service directive,
biometric template protection is essential for any commercial application.
Ensuring unlinkability across biometric service operators, irreversibility of
leaked encrypted templates, and renewability of e.g., voice models following
the i-vector paradigm, biometric voice-based systems are prepared for the
latest EU data privacy legislation. Employing Paillier cryptosystems, Euclidean
and cosine comparators are known to ensure data privacy demands, without loss
of discrimination nor calibration performance. Bridging gaps from template
protection to speaker recognition, two architectures are proposed for the
two-covariance comparator, serving as a generative model in this study. The
first architecture preserves privacy of biometric data capture subjects. In the
second architecture, model parameters of the comparator are encrypted as well,
such that biometric service providers can supply the same comparison modules
employing different key pairs to multiple biometric service operators. An
experimental proof-of-concept and complexity analysis is carried out on the
data from the 2013-2014 NIST i-vector machine learning challenge
From Quantum Cheating to Quantum Security
For thousands of years, code-makers and code-breakers have been competing for
supremacy. Their arsenals may soon include a powerful new weapon: quantum
mechanics. We give an overview of quantum cryptology as of November 2000.Comment: 14 pages, 4 figures. Originally appeared in Physics Today:
. This article may be
downloaded for personal use only. Any other use requires prior permission of
both the author and the American Institute of Physic
Agonistic behavior of captive saltwater crocodile, crocodylus porosus in Kota Tinggi, Johor
Agonistic behavior in Crocodylus porosus is well known in the wild, but the available data regarding this behavior among the captive individuals especially in a farm setting is rather limited. Studying the aggressive behavior of C. porosus in captivity is important because the data obtained may contribute for conservation and the safety for handlers and visitors. Thus, this study focuses on C. porosus in captivity to describe systematically the agonistic behaviour of C. porosus in relation to feeding time, daytime or night and density per pool. This study was carried out for 35 days in two different ponds. The data was analysed using Pearson’s chi-square analysis to see the relationship between categorical factors. The study shows that C. porosus was more aggressive during daylight, feeding time and non-feeding time in breeding enclosure (Pond C, stock density =0.0369 crocodiles/m2) as compared to non-breeding pond (Pond B, stock density =0.3317 crocodiles/m2) where it is only aggressive during the nighttime. Pond C shows the higher domination in the value of aggression in feeding and non-feeding time where it is related to its function as breeding ground. Chi-square analysis shows that there is no significant difference between ponds (p=0.47, χ2= 2.541, df= 3), thus, there is no relationship between categorical factors. The aggressive behaviour of C. porosus is important for the farm management to evaluate the risk in future for the translocation process and conservation of C. porosus generally
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
The State-of-the-Art Practices of the Internet Banking in Taiwan
This paper reports an investigation into the state-of-the-art practices of Internet banking in Taiwan. Emphasis is focused on the adoption of security technology. Three kinds of security utilities—SSL, SET, and Non-SET—are compared in terms of risks and supported functions. The author also analyzes factors that influence the development of Internet banking.
The Ministry of Finance of the Taiwanese government has adopted a policy that fosters the development of Internet banking. However, understanding security technologies demands in-depth expert knowledge, and goes beyond the capacity of general citizens. The authors suggest that the first priority is given to the authority’s promulgation of laws and guidelines. Second, the banking industry needs to integrate the security mechanisms of Internet banking services with the existing environment. Finally, a risk allotment policy would help to remove fear and doubt from customer’s minds
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Interoperability, Trust Based Information Sharing Protocol and Security: Digital Government Key Issues
Improved interoperability between public and private organizations is of key
significance to make digital government newest triumphant. Digital Government
interoperability, information sharing protocol and security are measured the
key issue for achieving a refined stage of digital government. Flawless
interoperability is essential to share the information between diverse and
merely dispersed organisations in several network environments by using
computer based tools. Digital government must ensure security for its
information systems, including computers and networks for providing better
service to the citizens. Governments around the world are increasingly
revolving to information sharing and integration for solving problems in
programs and policy areas. Evils of global worry such as syndrome discovery and
manage, terror campaign, immigration and border control, prohibited drug
trafficking, and more demand information sharing, harmonization and cooperation
amid government agencies within a country and across national borders. A number
of daunting challenges survive to the progress of an efficient information
sharing protocol. A secure and trusted information-sharing protocol is required
to enable users to interact and share information easily and perfectly across
many diverse networks and databases globally.Comment: 20 page
The Security of Simplified Data Encryption Standard
The Data Encryption Standard (DES) is the most widely used symmetric key cryptosystem in the commercial world. DES was published in 1975 by the National Bureau of Standards, and since then it and its variants have been commonly used. DES is utilized in many modern industries and products including the Blackberry, electronic financial transactions, and access cards to corporate offices. An efficient but secure cryptosystem is challenging to produce and even after it has been deemed “secure” new attacks and vulnerabilities are often discovered. By investigating the algebraic structure of a simplified version of DES we are able to analyze the structure and security of DES used in the commercial world in an attempt to improve and understand its current security and potential threats
- …