35 research outputs found
Best Effort and Practice Activation Codes
Activation Codes are used in many different digital services and known by
many different names including voucher, e-coupon and discount code. In this
paper we focus on a specific class of ACs that are short, human-readable,
fixed-length and represent value. Even though this class of codes is
extensively used there are no general guidelines for the design of Activation
Code schemes. We discuss different methods that are used in practice and
propose BEPAC, a new Activation Code scheme that provides both authenticity and
confidentiality. The small message space of activation codes introduces some
problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on
a general 3-round Feis- tel network of size 2^(2n) . This attack recovers the
complete permutation from at most 2^(n+2) plaintext-ciphertext pairs. For this
reason, BEPAC is designed in such a way that authenticity and confidentiality
are in- dependent properties, i.e. loss of confidentiality does not imply loss
of authenticity.Comment: 15 pages, 3 figures, TrustBus 201
Author's personal copy Roles in information security e A survey and classification of the research area
Motivation The growing diffusion of information technologies within all areas of human society has increased their importance as a critical success factor in the modern world. However, information processing systems are vulnerable to many different kinds of threats that can lead to various types of damage resulting in significant economic losses. Consequently, the importance of Information Security has grown and evolved in a similar manner. In its most basic definition, Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The aim of Information Security is to minimize risks related to the three main security goals confidentiality, integrity, and availability e usually referred to as "CIA" c o m p u t e r s & s e c u r i t y 3 0 ( 2 0 1 1 ) 7 4 8 e7 6 9 0167-4048/$ e see front matter
Infrared/terahertz spectra of the photogalvanic effect in (Bi,Sb)Te based three-dimensional topological insulators
We report on the systematic study of infrared/terahertz spectra of photocurrents in (Bi, Sb) Te based three-dimensional topological insulators. We demonstrate that in a wide range of frequencies, ranging from fractions up to tens of terahertz, the photocurrent is caused by the linear photogalvanic effect (LPGE) excited in the surface states. The photocurrent spectra reveal that at low frequencies the LPGE emerges due to free carrier Drude-like absorption. The spectra allow us to determine the room temperature carrier mobilities in the surface states despite the presence of thermally activated residual impurities in the material bulk. In a number of samples we observed an enhancement of the linear photogalvanic effect at frequencies between 30 and 60 THz, which is attributed to the excitation of electrons from helical surface to bulk conduction band states. Under this condition and applying oblique incidence we also observed the circular photogalvanic effect driven by the radiation helicity
The Deductive Filter Approach to MLS Database Prototyping
of the database. The goal of the prototype is to achieve a concise and non-conflicting specification of the security constraints. Based on a concrete example of the application domain, the database designer and the security officer (or trusted users) are able to examine by using the prototype the adequacy of the database design and of the security classifications specified. In this paper we give the formal basis and implementation details about the prototyping language with which the prototype can be efficiently constructed without involving high development costs. This paper proposes building a prototyping environment as part of the standard design process of multilevel secure database applications. For this paper we see the following contributions: First, based on a careful study of multilevel security requirements we developed a security constraints language (SCL) for specifying application dependent database security semantics. Second, we implemented SCL by using the deductive dat..