6 research outputs found

    Self-Verification Of Public-Key Agreement Over Voip Using Random Fusion Scheme

    Get PDF
    Telefoni Internet, yang dikenali juga sebagai Suara melalui Protokol Internet (VoIP), menjadi salah satu alternatif telekomunikasi yang popular disebabkan penggunaan Internet yang semakin meluas. Internet memperkaya cara sistem telefoni digunakan, tetapi dalam masa yang sama menimbulkan pelbagai kebimbangan, terutamanya keselamatan Internet telephony, also known as Voice over Internet Protocol (VoIP), has become one of popular alternatives in telecommunication due to the widespread of the Internet usage. The Internet enriches the way of telephony system is used, but in the meantime it elevates many concerns, particularly security

    How to pair with a human

    Get PDF
    We introduce a protocol, that we call Human Key Agreement, that allows pairs of humans to establish a key in a (seemingly hopeless) case where no public-key infrastructure is available, the users do not share any common secret, and have never been connected by any physically-secure channel. Our key agreement scheme, while vulnerable to the human-in-the middle attacks, is secure against any malicious machine-in-the middle. The only assumption that we make is that the attacker is a machine that is not able to break the Captcha puzzles (introduced by von Ahn et al., EUROCRYPT 2003). Our main tool is a primitive that we call a Simultaneous Turing Test, which is a protocol that allows two users to verify if they are both human, in such a way that if one of them is not a human, then he does not learn whether the other one is human, or not. To construct this tool we use a Universally-Composable Password Authenticated Key Agreement of Canetti et al. (EUROCRYPT 2005)

    Proceedings of the 3rd International Workshop on Formal Aspects in Security and Trust (FAST2005)

    Get PDF
    The present report contains the pre-proceedings of the third international Workshop on Formal Aspects in Security and Trust (FAST2005), held in Newcastle upon Tyne, 18-19 July 2005. FAST is an event affliated with the Formal Methods 2005 Congress (FM05). The third international Workshop on Formal Aspects in Security and Trust (FAST2005) aims at continuing the successful effort of the previous two FAST workshop editions for fostering the cooperation among researchers in the areas of security and trust. The new challenges offered by the so-called ambient intelligence space, as a future paradigm in the information society, demand for a coherent and rigorous framework of concepts, tools and methodologies to provide user\u27s trust&confidence on the underlying communication/interaction infrastructure. It is necessary to address issues relating to both guaranteeing security of the infrastructure and the perception of the infrastructure being secure. In addition, user confidence on what is happening must be enhanced by developing trust models effective but also easily comprehensible and manageable by users

    Interorganizational Information Systems: Systematic Literature Mapping Protocol

    Get PDF
    Organizations increasingly need to establish partnerships with other organizations to face environment changes and remain competitive. This interorganizational relationship allows organizations to share resources and collaborate to handle business opportunities better. This technical report present the protocol of the systematic mapping performed to understand what is an IOIS and how these systems support interorganizational relationships

    Formal Aspects in Security and Trust

    Get PDF
    his book constitutes the thoroughly refereed post-proceedings of the Third International Workshop on Formal Aspects in Security and Trust, FAST 2005, held in Newcastle upon Tyne, UK in July 2005. The 17 revised papers presented together with the extended abstract of 1 invited paper were carefully reviewed and selected from 37 submissions. The papers focus on formal aspects in security and trust policy models, security protocol design and analysis, formal models of trust and reputation, logics for security and trust, distributed trust management systems, trust-based reasoning, digital assets protection, data protection, privacy and ID issues, information flow analysis, language-based security, security and trust aspects in ubiquitous computing, validation/analysis tools, web service security/trust/privacy, GRID security, security risk assessment, and case studies

    VIPSec defined

    No full text
    Secure end-to-end information exchange is a constant challenge in electronic communications. Novel security architectures and approaches are proposed constantly, to be followed by announcements of sophisticated attack methods that compromise them, while other more sophisticated attack methods never see the daylight. The traditional approach for securing the communication between two peers is through the use of secret key encryption combined with a public key approach for exchanging the common secret key to be used by the end-peers. The public key part of the communication is based on a trusted authority for providing the public keys, a service provided through a public key infrastructure (PKI). Public key infrastructures are vulnerable to man in the middle attacks, among other approaches that compromise their integrity. A fake certification authority (CA) or a malicious/compromised network between the user and the CA are typical weaknesses. There has been a lot of work for providing robust PKI; the proposed solutions are fairly demanding on network resources, hence public key solutions are not the security approach of choice in several applications that require light weight solutions. In this article we present voice interactive personalized Security (VIPSec) protocol, which is a protocol for media path key exchange to securely establish a session symmetric key for ensuring end-to-end secure communication, where it is possible to have biometric based authentication, exploiting the nature of the application; voice communication is the typical example that we use as our paradigm for describing the method. (C) 2008 Elsevier B.V. All rights reserved
    corecore