677 research outputs found
Vulnerabilities in first-generation RFID-enabled credit cards
Credit cards ; Radio frequency identification systems
Recommended from our members
Mutagenic Analysis of the Expression Platform of a Model Purine Riboswitch
Riboswitches are RNA based transcription and translation controllers. What makes them unique is their ability to recognize and up or down regulate transcription or translation based upon the presence or absence of a small molecule (ligand)1. Riboswitches have two key domains, an aptamer domain and an expression platform. The aptamer domain is responsible for binding and recognizing the ligand. The expression platform changes confirmation upon ligand binding to adapt a helix that could either halt or allow transcription and translation to occur2. The PbuE adenine-responsive riboswitch isolated from Bacillus subtilis has served as a model system for understanding and studying riboswitch structure and function. The structure and function of the aptamer domain of this switch has been well established3. However, the expression is less well established. The general sequence and structure is known but its function and sequence elements need to be studied in greater detail. To determine the role of strand exchange and the importance of key sequence elements to strand exchange, mutagenic analysis of a key sequence element involved in strange exchange was conducted. The results of this analysis suggest the importance of base pairing, especially towards the end of the helix formed during strand exchange. Additionally, a sequence element connecting the aptamer domain and expression platform was studied. However, this screening did not provide usable conclusions and further screening and analysis is necessary. </p
PROPYLA: Privacy Preserving Long-Term Secure Storage
An increasing amount of sensitive information today is stored electronically
and a substantial part of this information (e.g., health records, tax data,
legal documents) must be retained over long time periods (e.g., several decades
or even centuries). When sensitive data is stored, then integrity and
confidentiality must be protected to ensure reliability and privacy. Commonly
used cryptographic schemes, however, are not designed for protecting data over
such long time periods. Recently, the first storage architecture combining
long-term integrity with long-term confidentiality protection was proposed
(AsiaCCS'17). However, the architecture only deals with a simplified storage
scenario where parts of the stored data cannot be accessed and verified
individually. If this is allowed, however, not only the data content itself,
but also the access pattern to the data (i.e., the information which data items
are accessed at which times) may be sensitive information. Here we present the
first long-term secure storage architecture that provides long-term access
pattern hiding security in addition to long-term integrity and long-term
confidentiality protection. To achieve this, we combine information-theoretic
secret sharing, renewable timestamps, and renewable commitments with an
information-theoretic oblivious random access machine. Our performance analysis
of the proposed architecture shows that achieving long-term integrity,
confidentiality, and access pattern hiding security is feasible.Comment: Few changes have been made compared to proceedings versio
In Things We Trust? Towards trustability in the Internet of Things
This essay discusses the main privacy, security and trustability issues with
the Internet of Things
Fuzzy Authentication using Rank Distance
Fuzzy authentication allows authentication based on the fuzzy matching of two
objects, for example based on the similarity of two strings in the Hamming
metric, or on the similiarity of two sets in the set difference metric. Aim of
this paper is to show other models and algorithms of secure fuzzy
authentication, which can be performed using the rank metric. A few schemes are
presented which can then be applied in different scenarios and applications.Comment: to appear in Cryptography and Physical Layer Security, Lecture Notes
in Electrical Engineering, Springe
DECO: Liberating Web Data Using Decentralized Oracles for TLS
Thanks to the widespread deployment of TLS, users can access private data
over channels with end-to-end confidentiality and integrity. What they cannot
do, however, is prove to third parties the {\em provenance} of such data, i.e.,
that it genuinely came from a particular website. Existing approaches either
introduce undesirable trust assumptions or require server-side modifications.
As a result, the value of users' private data is locked up in its point of
origin. Users cannot export their data with preserved integrity to other
applications without help and permission from the current data holder.
We propose DECO (short for \underline{dec}entralized \underline{o}racle) to
address the above problems. DECO allows users to prove that a piece of data
accessed via TLS came from a particular website and optionally prove statements
about such data in zero-knowledge, keeping the data itself secret. DECO is the
first such system that works without trusted hardware or server-side
modifications.
DECO can liberate data from centralized web-service silos, making it
accessible to a rich spectrum of applications. To demonstrate the power of
DECO, we implement three applications that are hard to achieve without it: a
private financial instrument using smart contracts, converting legacy
credentials to anonymous credentials, and verifiable claims against price
discrimination.Comment: This is the extended version of the CCS'20 pape
A Secure and Privacy-Preserving Targeted Ad-System
Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to to all entities involved
- …