Key-collisions in (EC)DSA: Attacking Non-repudiation

A new kind of attack on the non-repudiation property of digital signature schemes is presented. We introduce a notion of key-collisions, which may allow an attacker to claim that the message (presented to a judge) has been signed by someone else. We show how to compute key-collisions for the DSA and ECDSA signature schemes effectively. The main idea of these attacks has been inspired by the well-known notion of message-collisions, where an attacker claims that the signature presented at the court belongs to a different message. Both of these collision-based attacks significantly weaken the non-repudiation property of signature schemes. Moreover, they weaken the non-repudiation of protocols based on these schemes. It is shown that key-collision resistance of the (EC)DSA schemes requires the incorporation of a mechanism ensuring honest generation of (EC)DSA instances. The usage of such a mechanism shall be verifiable by an independent third party without revealing any secret information. We propose and discuss basic general countermeasures against key-collision attacks on the (EC)DSA schemes

Using cases utility for heuristic planning improvement

Proceedings of: 7th International Conference on Case-Based Reasoning (ICCBR07), Belfast, Northern Ireland, UK, 13 - 16 August 2007Current efficient planners employ an informed search guided by a heuristic function that is quite expensive to compute. Thus, ordering nodes in the search tree becomes a key issue, in order to select efficiently nodes to evaluate from the successors of the current search node. In a previous work, we successfully applied a CBR approach to order nodes for evaluation, thus reducing the number of calls to the heuristic function. However, once cases were learned, they were not modified according to their utility on solving planning problems. We present in this work a scheme for learning case quality based on its utility during a validation phase. The qualities obtained determine the way in which these cases are preferred in the retrieval and replay processes. Then, the paper shows some experimental results for several benchmarks taken from the International Planning Competition (IPC). These results show the planning performance improvement when case utilities are used.Publicad

Patients' Desire for Psychological Support When Receiving a Cancer Diagnostic

Cancer patients; Mood disorders; Psychological supportPacients amb càncer; Trastorns de l'estat d'ànim; Suport psicològicPacientes con cáncer; Trastornos del estado de ánimo; Apoyo psicológicoBackground: Factors related to the desire of receiving psychological help in cancer patients are not well known. The aim of this study is to assess the prevalence of patients who would ask for psychological assistance in the first weeks following diagnosis, and to identify their psychosocial and disease-related profile. Method: This cross-sectional study assessed 229 consecutive cancer outpatients at a visit with their oncologist to be informed about the treatment they will receive. Disease-related and medical characteristics were assessed, and patients were asked about their mood states, levels of self-efficacy, and difficulties coping with the disease. Finally, patients were asked about their desire to receive psychological assistance. Results: Only 20% of patients expressed a desire for psychological help. These patients were lower in age and had previous history of mood disorders and reported higher discouragement and coping difficulties. These variables explained 30.6% of variance. Conclusions: Although psycho-oncologists can provide helpful interventions, the percentage of patients interested in receiving psychological assistance in this study is low. Although further studies are needed, results from this study suggest methods that could easily be used by oncologists and nurses to identify patients who would like to receive psychological support

Diseño de un sistema administrativo para mejorar los procedimientos de entrega de facturas en la empresa ferreyros S.A. que a su vez va a permitir que mejoren sus ingresos

La empresa en la que laboró cuenta con muchas áreas, las cuáles todas deben tener el mismo objetivo general de la misma, y para conseguirlo siempre se busca nuevos retos con cambios. Este proyecto realiza el ordenamiento del área administrativa, por lo que se observaron muchas deficiencias para llegar a los objetivos y siempre estando en riesgo a obtener malos resultados en los indicadores de gestión, las cuales se evitó al rediseñar conscientemente el área más organizada y con pronta adaptabilidad al cambio

Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format

Vaudenay has shown in [5] that a CBC encryption mode ([2], [9]) combined with the PKCS#5 padding [3] scheme allows an attacker to invert the underlying block cipher, provided she has access to a valid-padding oracle which for each input ciphertext tells her whether the corresponding plaintext has a valid padding or not. Having on mind the countermeasures against this attack, different padding schemes have been studied in [1]. The best one is referred to as the ABYT-PAD. It is designed for byte-oriented messages. It removes the valid-padding oracle, thereby defeating Vaudenay\u27s attack, since all deciphered plaintexts are valid in this padding scheme. In this paper, we try to combine the well-known cryptographic message syntax standard PKCS#7 [8] with the use of ABYT-PAD instead of PKCS#5. Let us assume that we have access to a PKCS#7CONF oracle that tells us for a given ciphertext (encapsulated in the PKCS#7 structure) whether the deciphered plaintext is correct or not according to the PKCS#7 (v1.6) syntax. This is probably a very natural assumption, because applications usually have to reflect this situation in its behavior. It could be a message for the user, an API error message, an entry in the log file, different timing behavior, etc. We show that access to such an oracle again enables an attacker to invert the underlying block cipher. The attack requires single captured ciphertext and approximately 128 oracle calls per one ciphertext byte. It shows that we cannot hope to fully solve problems with side channel attacks on the CBC encryption mode by using a “magic” padding method or an obscure message-encoding format. Strong cryptographic integrity checks of ciphertexts should be incorporated instead

Strengthened Encryption in the CBC Mode

Vaudenay [1] has presented an attack on the CBC mode of block ciphers, which uses padding according to the PKCS#5 standard. One of the countermeasures, which he has assumed, consisted of the encryption of the message M´= M || padding || hash(M || padding) instead of the original M. This can increase the length of the message by several blocks compared with the present padding. Moreover, Wagner [1] showed a security weakness in this proposal. The next correction, which Vaudenay proposed ( A Fix Which May Work ) has a general character and doesn\u27t solve practical problems with the real cryptographic interfaces used in contemporary applications. In this article we propose three variants of the CBC mode. From the external point of view they behave the same as the present CBC mode with the PKCS#5 padding, but they prevent Vaudenay\u27s attack

Aplicación de estrategias didácticas en el aprendizaje significativo del área de historia, geografía y economía en estudiantes de secundaria, I. E. Nº125 Ricardo Palma, San Juan de Lurigancho - 2014

El objetivo de la investigación fue determinar si las estrategias didácticas influyenen el aprendizaje significativo de los estudiantes de la I. E. Nº125 Ricardo Palma”San Juan de Lurigancho 2014. Fue una investigación de enfoque cuantitativa, de diseño experimental detipo cuasi-experimental, la muestra recayó sobre 66 estudiantes, 33 del 2do “A”(Grupo experimental) y 33 del 2do “B” (Grupo de control). Fue longitudinal porqueel instrumento se aplicó en dos momentos (pre/post). La prueba se aplicó en dosfases: pre test y post test, datos que se analizaron con la Estadística descriptiva, yel programa estadístico SPSS, versión 18 y el contraste de hipótesis con U deMann Whitney. Los resultados estadísticos nos muestran que La aplicación de lasestrategias didácticas influyen significativamente en el aprendizaje significativo enel área de Historia, Geografía y Economía de los estudiantes de la I. E. Nº 125”Ricardo Palma” San Juan de Lurigancho 2014, según la Prueba de : U deMann-Whitney en el postest , que tiene p valor = 0,003<0,05, representando lano igualdad entre los grupos de estudio y siendo los alumnos del grupoexperimental, los que obtuvieron mayores niveles en el nivel logrado con 60,6%frente al 21,2% del grupo control

Attack on Private Signature Keys of the OpenPGP Format, PGP(TM) Programs and Other Applications Compatible with OpenPGP

The article describes an attack on OpenPGP format, which leads to disclosure of the private signature keys of the DSA and RSA algorithms. The OpenPGP format is used in a number of applications including PGP, GNU Privacy Guard and other programs specified on the list of products compatible with OpenPGP, which is available at http://www.pgpi.org/products. Therefore all these applications must undergo the same revision as the actual program PGP. The success of the attack was practically verified and demonstrated on the PGP program, version 7.0.3 with a combination of AES and DH/DSS algorithms. As the private signature key is the basic information of the whole system which is kept secret, it is encrypted using the strong cipher. However, it shows that this protection is illusory, as the attacker has neither to attack this cipher nor user´s secret passphrase. A modification of the private key file in a certain manner and subsequent capturing of one signed message is sufficient for successful attack. Insufficient protection of the integrity of the public as well as private parts of signature keys in the OpenPGP format is analyzed in DSA and RSA algorithms and on the basis of this, a procedure of attacks is shown on both private signature keys. The attacks apply to all lengths of parameters (modules, keys) of RSA and DSA. In the end the cryptographic measures for correction of the OpenPGP format as well as PGP format are proposed