Remote booting in a hostile world: to whom am I speaking? [Computer security]

“This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder." “Copyright IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.”Today's networked computer systems are very vulnerable to attack: terminal software, like that used by the X Window System, is frequently passed across a network, and a trojan horse can easily be inserted while it is in transit. Many other software products, including operating systems, load parts of themselves from a server across a network. Although users may be confident that their workstation is physically secure, some part of the network to which they are attached almost certainly is not secure. Most proposals that recommend cryptographic means to protect remotely loaded software also eliminate the advantages of remote loading-for example, ease of reconfiguration, upgrade distribution, and maintenance. For this reason, they have largely been abandoned before finding their way into commercial products. The article shows that, contrary to intuition, it is no more difficult to protect a workstation that loads its software across an insecure network than to protect a stand-alone workstation. In contrast to prevailing practice, the authors make essential use of a collision-rich hash function to ensure that an exhaustive off-line search by the opponent will produce not one, but many candidate pass words. This strategy forces the opponent into an open, on-line guessing attack and offers the user a defensive strategy unavailable in the case of an off-line attack.Peer reviewe

Inelastic neutron scattering study on the resonance mode in an optimally doped superconductor LaFeAsO0.92_{0.92}F0.08_{0.08}

An optimally doped iron-based superconductor LaFeAsO$_{0.92}$F$_{0.08}$ with $T_c = 29$ K has been studied by inelastic powder neutron scattering. The magnetic excitation at $Q=1.15$ \AA$^{-1}$ is enhanced below $T_c$, leading to a peak at $E_{res}\sim13$ meV as the resonance mode, in addition to the formation of a gap at low energy below the crossover energy $\Delta_{c}\sim10 meV$. The peak energy at $Q=1.15$ \AA$^{-1}$ corresponds to $5.2 k_B T_c$ in good agreement with the other values of resonance mode observed in the various iron-based superconductors, even in the high-$T_c$ cuprates. Although the phonon density of states has a peak at the same energy as the resonance mode in the present superconductor, the $Q$-dependence is consistent with the resonance being of predominately magnetic origin.Comment: 4 pages, 5 Postscript figure

More security or less insecurity

We depart from the conventional quest for ‘Completely Secure Systems’ and ask ‘How can we be more Secure’. We draw heavily from the evolution of the Theory of Justice and the arguments against the institutional approach to Justice. Central to our argument is the identification of redressable insecurity, or weak links. Our contention is that secure systems engineering is not really about building perfectly secure systems but about redressing manifest insecurities.Final Accepted Versio

Ytterbium divalency and lattice disorder in near-zero thermal expansion YbGaGe

While near-zero thermal expansion (NZTE) in YbGaGe is sensitive to stoichiometry and defect concentration, the NZTE mechanism remains elusive. We present x-ray absorption spectra that show unequivocally that Yb is nearly divalent in YbGaGe and the valence does not change with temperature or with nominally 1% B or 5% C impurities, ruling out a valence-fluctuation mechanism. Moreover, substantial changes occur in the local structure around Yb with B and C inclusion. Together with inelastic neutron scattering measurements, these data indicate a strong tendency for the lattice to disorder, providing a possible explanation for NZTE in YbGaGe.Comment: 4 pages, 4 figure, supplementary inf

Low energy magnetic excitations from the Fe1+y−z_{1+y-z}(Ni/Cu)z_{z}Te1−x_{1-x}Sex_{x} system

We report neutron scattering measurements on low energy ($\hbar\omega \sim 5$~meV) magnetic excitations from a series of Fe$_{1+y-z}$(Ni/Cu)$_{z}$Te$_{1-x}$Se$_{x}$ samples which belong to the "11" Fe-chalcogenide family. Our results suggest a strong correlation between the magnetic excitations near (0.5,0.5,0) and the superconducting properties of the system. The low energy magnetic excitations are found to gradually move away from (0.5,0.5,0) to incommensurate positions when superconductivity is suppressed, either by heating or chemical doping, confirming previous observations.Comment: 5 pages, 5 figure