537 research outputs found
Can price transparency contribute to more affordable patient access to medicines?
No abstract available
Quantum cryptography: a practical information security perspective
Quantum Key Exchange (QKE, also known as Quantum Key Distribution or QKD)
allows communicating parties to securely establish cryptographic keys. It is a
well-established fact that all QKE protocols require that the parties have
access to an authentic channel. Without this authenticated link, QKE is
vulnerable to man-in-the-middle attacks. Overlooking this fact results in
exaggerated claims and/or false expectations about the potential impact of QKE.
In this paper we present a systematic comparison of QKE with traditional key
establishment protocols in realistic secure communication systems.Comment: 5 pages, new title, published version, minor changes onl
e-EMV: Emulating EMV for Internet payments using Trusted Computing technology v-2
The introduction of EMV-compliant payment cards, with their
improved cardholder verification and card authentication capabilities,
has resulted in a dramatic reduction in the levels of fraud seen at
Point of Sale (PoS) terminals across Europe. However, this reduction
has been accompanied by an alarming increase in the level of fraud
associated with Internet-based Card Not Present (CNP) transactions.
This increase is largely attributable to the weaker authentication pro-
cedures involved in CNP transactions. This paper shows how the
functionality associated with EMV-compliant payment cards can be
securely emulated in software on platforms supporting Trusted Com-
puting technology. We describe a detailed system architecture encom-
passing user enrollment, card deployment (in the form of software),
card activation, and subsequent transaction processing. Our proposal
is compatible with the existing EMV transaction processing architec-
ture, and thus integrates fully and naturally with already deployed
EMV infrastructure. We show that our proposal, which effectively
makes available the full security of PoS transactions for Internet-based
CNP transactions, has the potential to significantly reduce the oppor-
tunity for fraudulent CNP transactions
Augmenting Internet-based Card Not Present Transactions with Trusted Computing: An Analysis
In this paper, we demonstrate how the staged roll out of Trusted
Computing technology, beginning with ubiquitous client-side Trusted
Platform Modules (TPMs), can be used to enhance the security of
Internet-based Card Not Present (CNP) transactions. This approach can be
seen as an alternative to the proposed mass deployment of unconnected
card readers in the provision of CNP transaction authorisation. Using
TPM functionality (and the new PC architecture that will evolve around
it) we demonstrate how TPM-enabled platforms can integrate with SSL, 3-D
Secure and server-side SET. We highlight how the use of TPM
functionality, as is currently being deployed in the marketplace, is not
a panacea for solving all the problems associated with CNP transactions.
In this instance, a more holistic
approach requiring additional Trusted Computing components incorporating
Operating System, processor and chipset support is required to combat
the threat of malware
Challenges for Trusted Computing
This article identifies and discusses some of the key challenges that need to
be addressed if the vision of Trusted Computing is to become reality. Topics
addressed include issues with setting up and maintaining the PKI required
to support the full set of Trusted Computing functionality, the practical
use and verification of attestation evidence, and backwards compatibility,
usability and compliance issues
Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage
We analyse the security of database encryption schemes supporting range queries against persistent adversaries. The bulk of our work applies to a generic setting, where the adversary's view is limited to the set of records matched by each query (known as access pattern leakage). We also consider a more specific setting where certain rank information is also leaked. The latter is inherent to multiple recent encryption schemes supporting range queries, including Kerschbaum's FH-OPE scheme (CCS 2015), Lewi and Wu's order-revealing encryption scheme (CCS 2016), and the recently proposed Arx scheme of Poddar et al. (IACR eprint 2016/568, 2016/591). We provide three attacks.
First, we consider full reconstruction, which aims to recover the value of every record, fully negating encryption. We show that for dense datasets, full reconstruction is possible within an expected number of queries NlogN+O(N)NlogN+O(N), where NN is the number of distinct plaintext values. This directly improves on a O(N2logN)O(N2logN) bound in the same setting by Kellaris et al. (CCS 2016). We also provide very efficient, data-optimal algorithms that succeed with the minimum possible number of queries (in a strong, information theoretical sense), and prove a matching data lower bound for the number of queries required.
Second, we present an approximate reconstruction attack recovering all plaintext values in a dense dataset within a constant ratio of error (such as a 5% error), requiring the access pattern leakage of only O(N)O(N) queries. We also prove a matching lower bound.
Third, we devise an attack in the common setting where the adversary has access to an auxiliary distribution for the target dataset. This third attack proves highly effective on age data from real-world medical data sets. In our experiments, observing only 25 queries was sufficient to reconstruct a majority of records to within 5 years.
In combination, our attacks show that current approaches to enabling range queries offer little security when the threat model goes beyond snapshot attacks to include a persistent server-side adversary
- …