Best Effort and Practice Activation Codes

Activation Codes are used in many different digital services and known by many different names including voucher, e-coupon and discount code. In this paper we focus on a specific class of ACs that are short, human-readable, fixed-length and represent value. Even though this class of codes is extensively used there are no general guidelines for the design of Activation Code schemes. We discuss different methods that are used in practice and propose BEPAC, a new Activation Code scheme that provides both authenticity and confidentiality. The small message space of activation codes introduces some problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on a general 3-round Feis- tel network of size 2^(2n) . This attack recovers the complete permutation from at most 2^(n+2) plaintext-ciphertext pairs. For this reason, BEPAC is designed in such a way that authenticity and confidentiality are in- dependent properties, i.e. loss of confidentiality does not imply loss of authenticity.Comment: 15 pages, 3 figures, TrustBus 201

Author's personal copy Roles in information security e A survey and classification of the research area

Motivation The growing diffusion of information technologies within all areas of human society has increased their importance as a critical success factor in the modern world. However, information processing systems are vulnerable to many different kinds of threats that can lead to various types of damage resulting in significant economic losses. Consequently, the importance of Information Security has grown and evolved in a similar manner. In its most basic definition, Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The aim of Information Security is to minimize risks related to the three main security goals confidentiality, integrity, and availability e usually referred to as "CIA" c o m p u t e r s & s e c u r i t y 3 0 ( 2 0 1 1 ) 7 4 8 e7 6 9 0167-4048/$ e see front matter

Infrared/terahertz spectra of the photogalvanic effect in (Bi,Sb)Te based three-dimensional topological insulators

We report on the systematic study of infrared/terahertz spectra of photocurrents in (Bi, Sb) Te based three-dimensional topological insulators. We demonstrate that in a wide range of frequencies, ranging from fractions up to tens of terahertz, the photocurrent is caused by the linear photogalvanic effect (LPGE) excited in the surface states. The photocurrent spectra reveal that at low frequencies the LPGE emerges due to free carrier Drude-like absorption. The spectra allow us to determine the room temperature carrier mobilities in the surface states despite the presence of thermally activated residual impurities in the material bulk. In a number of samples we observed an enhancement of the linear photogalvanic effect at frequencies between 30 and 60 THz, which is attributed to the excitation of electrons from helical surface to bulk conduction band states. Under this condition and applying oblique incidence we also observed the circular photogalvanic effect driven by the radiation helicity

The Deductive Filter Approach to MLS Database Prototyping

of the database. The goal of the prototype is to achieve a concise and non-conflicting specification of the security constraints. Based on a concrete example of the application domain, the database designer and the security officer (or trusted users) are able to examine by using the prototype the adequacy of the database design and of the security classifications specified. In this paper we give the formal basis and implementation details about the prototyping language with which the prototype can be efficiently constructed without involving high development costs. This paper proposes building a prototyping environment as part of the standard design process of multilevel secure database applications. For this paper we see the following contributions: First, based on a careful study of multilevel security requirements we developed a security constraints language (SCL) for specifying application dependent database security semantics. Second, we implemented SCL by using the deductive dat..