294 research outputs found
Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061
The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts
Poster: The Unintended Consequences of Algorithm Agility in DNSSEC
Cryptographic algorithm agility is an important property for DNSSEC: it
allows easy deployment of new algorithms if the existing ones are no longer
secure. In this work we show that the cryptographic agility in DNSSEC, although
critical for provisioning DNS with strong cryptography, also introduces a
vulnerability. We find that under certain conditions, when new algorithms are
listed in signed DNS responses, the resolvers do not validate DNSSEC. As a
result, domains that deploy new ciphers may in fact cause the resolvers not to
validate DNSSEC. We exploit this to develop DNSSEC-downgrade attacks and
experimentally and ethically evaluate them against popular DNS resolver
implementations, public DNS providers, and DNS services used by web clients
worldwide. We find that major DNS providers as well as 45% of DNS resolvers
used by web clients are vulnerable to our attacks.Comment: This work has been accepted for publication at the ACM SIGSAC
Conference on Computer and Communications Security (CCS 22
Digitale Schwellen: Freiheit und Privatheit in der digitalisierten Welt
Eine Welt digitaler Techniken im weitesten Sinne verĂ€ndert die Kommunikationsbeziehungen, die sozialen Beziehungen der Menschen untereinander und damit auch die sozialen VerhĂ€ltnisse der Menschen in der Gesellschaft in fundamentaler Weise. Wir stehen ganz offensichtlich erst an der Schwelle des Verstehens dieser komplexen und alle Lebensbereiche verĂ€ndernden Revolution. Die technischen Möglichkeiten, die unser Leben ja auch erleichtern können und schöner und klĂŒger machen, werden in groĂer Geschwindigkeit erweitert, immer neue Schwellen des Mach- und Denkbaren werden permanent ĂŒberschritten.
Redaktionsschluss: April 201
Open Issues in Secure Electronic Commerce
Doing some electronic business on the Internet is already an easy task today. As is cheating and snooping. Several reasons contribute to this insecurity: The Internet does not offer much security per-se. Eavesdropping and acting under false identity is simple. Popular PC operating systems offer little or no security against viri or other malicious software. At the same time, user awareness for security risks is threateningly low. A few specific security tools are in wide use, and several projects have been aiming at more comprehensive security for electronic commerce. Still there are a lot of important open issues. This article reviews these open issues in a structured way. It is based on experience with the European R&D project SEMPER, but it is not a presentation of the project results beyond some useful concrete background for the more general open issues. 1 Introduction Since the invention of the World Wide Web (WWW) in 1991, Internet-based electronic commerce has been transforme..
Optimistic Asynchronous Multi-Party Contract Signing
A contract is a non-repudiable agreement on a given contract text, i.e., it can be used to prove unanimous agreement between its signatories to any verifier. A contract signing protocol is used to fairly compute a contract so that, even if n , 1 of the n signatories misbehave, either all or none of them obtain a contract. Optimisti
- âŠ