Resource management with X.509 inter-domain authorization certificates (InterAC)

Collaboration among independent administrative domains would require: i) confidentiality, integrity, non-repudiation of communication between the domains; ii) minimum and reversible modifications to the intra-domain pre-collaboration setup; iii) maintain functional autonomy while collaborating; and, iv) ability to quickly transform from post-collaboration to pre-collaboration stage. In this paper, we put forward our mechanism that satisfies above requirements while staying within industry standards so that the mechanism becomes practical and deployable. Our approach is based on X.509 certificate extension. We have designed a non-critical extension capturing users' rights in such a unique way that the need for collaboration or the post-collaboration stage does not require update of the certificate. Thus, greatly reducing the revocation costs and size of CRLs. Furthermore, rights amplification and degradation of users from collaborating domains into host domain can be easily performed. Thus, providing functional autonomy to collaborators. Initiation of collaboration among two domains require issuance of one certificate from each domain and revocation of these certificates ends the collaboration - ease of manageability. © 2010 Springer-Verlag

Resource Management with X.509 Inter-domain Authorization Certi\ufb01cates (InterAC)

Collaboration among independent administrative domains would require: i) confidentiality, integrity, non-repudiation of communication between the domains; ii) minimum and reversible modifications to the intra-domain precollaboration setup; iii) maintain functional autonomy while collaborating; and, iv) ability to quickly transform frompost-collaboration to pre-collaboration stage. In this paper, we put forward our mechanism that satisfies above requirements while staying within industry standards so that the mechanism becomes practical and deployable. Our approach is based on X.509 certificate extension. We have designed a non-critical extension capturing users' rights in such a unique way that the need for collaboration or the post-collaboration stage does not require update of the certificate. Thus, greatly reducing the revocation costs and size of CRLs. Furthermore, rights amplification and degradation of users from collaborating domains into host domain can be easily performed. Thus, providing functional autonomy to collaborators. Initiation of collaboration among two domains require issuance of one certificate from each domain and revocation of these certificates ends the collaboration - ease of manageability

Modelli letterari e ideologia nell'età flavia

Atti della III Giornata ghislieriana di Filologia classica (Pavia, 30-31 ottobre 2003)

SILK-TV: Secret information leakage from keystroke timing videos

Shoulder surfing attacks are an unfortunate consequence of entering passwords or PINs into computers, smartphones, PoS terminals, and ATMs. Such attacks generally involve observing the victim\u2019s input device. This paper studies leakage of user secrets (passwords and PINs) based on observations of output devices (screens or projectors) that provide \u201chelpful\u201d feedback to users in the form of masking characters, each corresponding to a keystroke. To this end, we developed a new attack called Secret Information Leakage from Keystroke Timing Videos (SILK-TV). Our attack extracts inter-keystroke timing information from videos of password masking characters displayed when users type their password on a computer, or their PIN at an ATM or PoS. We conducted several studies in various envisaged attack scenarios. Results indicate that, while in some cases leakage is minor, it is quite substantial in others. By leveraging inter-keystroke timings, SILK-TV recovers 8-character alphanumeric passwords in as little as 19 attempts. However, when guessing PINs, SILK-TV yields no substantial speedup compared to brute force. Our results strongly indicate that secure password masking GUIs must consider the information leakage identified in this paper