The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Instant messaging activity plays a major role in our life. With increasing usage of mobile phones and instant messaging users, vulnerabilities against these devices raised exponentially. In this paper, we propose a security analysis testing for secure instant messaging apps in Android which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the...
True Random Numbers represents a sensitive research area for cryptographic algorithms and applications. They are mostly used in generating non-reproducible and non-deterministic patterns used in different cryptographic protocols. A True Random Number Generator basically consists of three main components: a noise generator, that is based on a physical incontrollable phenomenon, a randomness extractor...
Direct-to-consumer (DTC) genetic services refer to genetic tests sold directly to consumers via the Internet, television, and other marketing venues without involving healthcare providers such as physicians, genetic counselors, and other healthcare professionals. Companies such as 23andMe and Navigenics offer genetic tests using genome-wide technology direct to consumers over the Internet. Genetic...
We present a solution which improves the level of privacy possible in location based services (LBS). A core component of LBS is proximity testing of users. Alice wants to know if she is near to Bob (or generally some location). The presented solution support private proximity testing and is actively secure meaning it prevents a number of attacks possible in existing protocols for private proximity...
A fuzzer is a program that attempts to find security vulnerabilities in an application by sending random or semi-random input. Fuzzers have been widely used to find vulnerabilities in protocol implementations. The implementations may conform to the design of the protocol, but most of the times some glitches might remain. As a result vulnerabilities might remain unnoticed. Consequently, different implementations...
With the growing concern for secure and private information protection, several issues pertaining to the traditional biometric authentication system such as the reissuance of biometric template and template security have been raised. To resolve these limitations, many new concepts of revocable biometrics have been introduced. However, the design of a template protection scheme that fulfils all the...
This work explores a new concept in user authentication to improve security on login process. Most authentication systems use some form positive identification (PI) to identify legitimate users. Specifically, these systems use a password profile containing all the user passwords that are authorized to access the system (or the server).
Scan testing has been proven to leak secret information through side-channel attacks. To ensure high security when testing crypto chips without compromising testability, a new secure scan architecture with key authorized test controlling is proposed. In this method, multiple test keys are uniquely integrated into the test vectors by employing a special key fill technique without increasing the test...
Anticipating and mitigating security threats is critical during software development. This work investigates security vulnerabilities and mitigation strategies to help software developers build secure applications. The work examines common vulnerabilities, and relevant mitigation strategies, from several perspectives, including the input environment used to supply the software with needed data, the...
A novel generation key scheme based on DNA is proposed. By using a key expansion matrix, the scheme improves the independence and the strict avalanche of the key. Although it increases computation amount because of using the matrix operation, the random number can be generated by the DNA sequence directly and the speed of the computation is greatly improved. Therefore, the new scheme has wide application...
In order to quickly generate secret key in low-power held-hand devices, Modadugu et al. propose two server-aided RSA key generation protocol, along with Chen et al. sequentially propose four improved protocol. However, one drawback of these protocols is they can??t resist collusion attack. In this paper, we implement a new server-aided RSA key generation protocol, which can resist collusion attack...
Today more then ever, secure communication is a must. Most companies now user network infrastructure to conduct their business, whether internally (intranet model) or externally to reach partners or customers (extranet/Internet models). While it is utopian to consider today's networks as being safe, there are solutions to make them more secure and use them with a bit of trust. The key aspects to securing...
RSA is the most widely used digital signature algorithm in E-Commerce and the complexity of large integer operation is the main factor that affects the efficiency of a RSA system. In this paper, a n carry array based large integer denotation approach is proposed to speed up the large integer calculation in RSA key generation and data encryption/ decryption process, so as to improve the efficiency...
RSA is the most widely used digital signature algorithm in e-commerce and the complexity of large integer operation is the main factor that affects the efficiency of a RSA system. In this paper, a n carry array based large integer denotation approach is proposed to speed up the large integer calculation in RSA key generation and data encryption/decryption process, so as to improve the efficiency of...
This paper carries out a statistical analysis on the nonlinear diffusion & propagation of the SHA message expansion. The nonlinear expansion of the message is realized through the rolled-out and folded-over of the integer tent maps, and a piece-wise-nonlinear message expansion scheme is further given. Compared with SHA-256 message expansion, the message expansion mode presented in this paper has...
This paper presents principles and results of dynamic testing of an SRAM-based FPGA using time- resolved fault injection with a pulsed laser. The synchronization setup and experimental procedure are detailed. Fault injection results obtained with a DES crypto-core application implemented on a Xilinx Virtex II are discussed.
Due to their reconfigurability and their high density of resources, SRAM-based FPGAs are more and more used in embedded systems. For some applications (Pay-TV,Banking, Telecommunication ...), a high level of security is needed. FPGAs are intrinsically sensitive to ionizing effects, such as light stimulation, and attackers can try to exploit faults injected in the downloaded configuration. Previous...
Cryptographic devices are recently implemented with different countermeasures against side channel attacks and fault analysis. Moreover, some usual testing techniques, such as scan chains, are not allowed or restricted for security requirements. In this paper, we analyze the impact that error detecting schemes have on the testability of an implementation of the advanced encryption standard, in particular...
Encryption algorithms could suffer fault injection attacks in order to obtain the secret key. In this paper, a specific protection for any round-based encryption algorithm is presented, analyzed and tested. It is providing a high degree of robustness together with a small penalty in the algorithm throughput when dealing with specific intentional attacks. Experimental results on advanced encryption...
Recent evolution of mobile technologies has opened new use possibilities for mobile devices. At the same time information security problems related to mobile devices have gotten more serious. This study investigated a possibility of remotely and securely transferring files between the mobile device and home computer via the Internet, and the information security threats related to this. We constructed...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.