5,871 research outputs found
On the Security of 2-Key Triple DES
This paper reconsiders the security offered by 2-key triple DES, an
encryption technique that remains widely used despite recently being
de-standardised by NIST. A generalisation of the 1990 van Oorschot-Wiener
attack is described, constituting the first advance in cryptanalysis of 2-key
triple DES since 1990. We give further attack enhancements that together imply
that the widely used estimate that 2-key triple DES provides 80 bits of
security can no longer be regarded as conservative; the widely stated assertion
that the scheme is secure as long as the key is changed regularly is also
challenged. The main conclusion is that, whilst not completely broken, the
margin of safety for 2-key triple DES is slim, and efforts to replace it, at
least with its 3-key variant, should be pursued with some urgency.Comment: Typos in v1 fixe
Retrofitting Mutual Authentication to GSM Using RAND Hijacking
As has been widely discussed, the GSM mobile telephony system only offers
unilateral authentication of the mobile phone to the network; this limitation
permits a range of attacks. While adding support for mutual authentication
would be highly beneficial, changing the way GSM serving networks operate is
not practical. This paper proposes a novel modification to the relationship
between a Subscriber Identity Module (SIM) and its home network which allows
mutual authentication without changing any of the existing mobile
infrastructure, including the phones; the only necessary changes are to the
authentication centres and the SIMs. This enhancement, which could be deployed
piecemeal in a completely transparent way, not only addresses a number of
serious vulnerabilities in GSM but is also the first proposal for enhancing GSM
authentication that possesses such transparency properties.Comment: 17 pages, 2 figure
AutoPass:An automatic password generator
Text password has long been the dominant user authentication technique and is
used by large numbers of Internet services. If they follow recommended
practice, users are faced with the almost insuperable problem of generating and
managing a large number of site-unique and strong (i.e. non-guessable)
passwords. One way of addressing this problem is through the use of a password
generator, i.e. a client-side scheme which generates (and regenerates)
site-specific strong passwords on demand, with the minimum of user input. This
paper provides a detailed specification and analysis of AutoPass, a password
generator scheme previously outlined as part of a general analysis of such
schemes. AutoPass has been designed to address issues identified in previously
proposed password generators, and incorporates novel techniques to address
these issues. Unlike almost all previously proposed schemes, AutoPass enables
the generation of passwords that meet important real-world requirements,
including forced password changes, use of pre-specified passwords, and
generation of passwords meeting site-specific requirements.Comment: 22 page
Effect of a machine learning-based severe sepsis prediction algorithm on patient survival and hospital length of stay: a randomised clinical trial.
IntroductionSeveral methods have been developed to electronically monitor patients for severe sepsis, but few provide predictive capabilities to enable early intervention; furthermore, no severe sepsis prediction systems have been previously validated in a randomised study. We tested the use of a machine learning-based severe sepsis prediction system for reductions in average length of stay and in-hospital mortality rate.MethodsWe conducted a randomised controlled clinical trial at two medical-surgical intensive care units at the University of California, San Francisco Medical Center, evaluating the primary outcome of average length of stay, and secondary outcome of in-hospital mortality rate from December 2016 to February 2017. Adult patients (18+) admitted to participating units were eligible for this factorial, open-label study. Enrolled patients were assigned to a trial arm by a random allocation sequence. In the control group, only the current severe sepsis detector was used; in the experimental group, the machine learning algorithm (MLA) was also used. On receiving an alert, the care team evaluated the patient and initiated the severe sepsis bundle, if appropriate. Although participants were randomly assigned to a trial arm, group assignments were automatically revealed for any patients who received MLA alerts.ResultsOutcomes from 75 patients in the control and 67 patients in the experimental group were analysed. Average length of stay decreased from 13.0 days in the control to 10.3 days in the experimental group (p=0.042). In-hospital mortality decreased by 12.4 percentage points when using the MLA (p=0.018), a relative reduction of 58.0%. No adverse events were reported during this trial.ConclusionThe MLA was associated with improved patient outcomes. This is the first randomised controlled trial of a sepsis surveillance system to demonstrate statistically significant differences in length of stay and in-hospital mortality.Trial registrationNCT03015454
- …