Your search keyword '"Bart Preneel"' showing total 20 results

1. Collateral damage of Facebook third-party applications: a comprehensive study

Author

Fatemeh Shirazi, Gergely Biczók, Bart Preneel, Cristina Pérez-Solà, Iraklis Symeonidis, and Jessica Schroers

Subjects

Computer science [C05] [Engineering, computing & technology], Facebook, Application providers, Transparency enhancing technologies (TETs), Data collection, General Computer Science, business.industry, Collateral, Computer science, Internet privacy, Dashboard (business), Access control, 02 engineering and technology, Audit, Interdependent privacy, Sciences informatiques [C05] [Ingénierie, informatique & technologie], Transparency (behavior), 020204 information systems, General Data Protection Regulation, Applications, 0202 electrical engineering, electronic engineering, information engineering, Profiling (information science), 020201 artificial intelligence & image processing, business, Law

Abstract

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers.

Published

2018

2. Practical identity-based private sharing for online social networks

Author

Stijn Meul, Bart Preneel, and Filipe Beato

Subjects

Computer Networks and Communications, business.industry, Privacy software, Computer science, Information sharing, Internet privacy, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Server, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Key management, business, Dissemination, Broadcast encryption, computer

Abstract

Novel practical solution using Identity based Encryption with multiple untrusted Key Servers (PKGs) to be used on top of current Online Social Networks (OSNs) to protect privacy as condentiality of the content.An outsider anonymous Identity Based broadcast encryption protocol with a multi-PKG model to support multiple recipients.A prototype implementation as Firefox extension requiring a relatively small overhead. Online Social Networks (OSNs) constitute vital communication and information sharing channels. Unfortunately, existing coarse-grained privacy preferences insufficiently protect the shared information. Although cryptographic techniques provide interesting mechanisms to protect privacy, several issues remain problematic, such as, OSN provider acceptance, user adoption, key management and usability. To mitigate these problems, we propose a practical solution that uses Identity-Based Encryption to simplify key management and enforce data confidentiality. Moreover, we devise an Identity-Based outsider anonymous private sharing scheme to disseminate information among multiple users. Furthermore, we demonstrate the viability and tolerable overhead of our solution via an open-source prototype.

Published

2016

3. A taxonomy of self-modifying code for obfuscation

Author

Bart Preneel, Nikos Mavrogiannopoulos, and Nessim Kisserli

Subjects

Obfuscation (software), Self-modifying code, Theoretical computer science, General Computer Science, Computer science, Taxonomy (general), Obfuscation, Code (cryptography), Adversary, Layer (object-oriented design), Law

Abstract

Self-modifying code is frequently used as an additional layer of complexity when obfuscating code. Although it does not provide a provable level of obfuscation, it is generally assumed to make attacks more expensive. This paper attempts to quantify the cost of attacking self-modified code by defining a taxonomy for it and systematically categorising an adversary's capabilities. A number of published methods and techniques for self-modifying code are then classified according to both the taxonomy and the model.

Published

2011

4. Delegation and digital mandates: Legal requirements and security objectives

Author

Jos Dumortier, Bart Preneel, Brendan Van Alsenoy, D. De Cock, and Koen Simoens

Subjects

Delegation, Computer Networks and Communications, media_common.quotation_subject, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Service provider, Computer security, computer.software_genre, General Business, Management and Accounting, Identity management, Management information systems, Issuer, Agency (sociology), Identity (object-oriented programming), Mandate, Business, Law, computer, media_common, Law and economics

Abstract

Now that more and more legal transactions are being performed online, it is increasingly necessary to enable integration of legal mandates within identity and information management systems. The purpose of this article is to outline the legal framework surrounding delegation and to identify basic requirements for any technical application which seeks to provide recognition to legal mandates and delegation processes. Special consideration is also given to the legal implications in situations where a (presumed) mandate holder acts without or outside his authority. Based on these considerations, this article attempts to outline an approach which can significantly reduce the potential risks for both mandate issuers and relying service providers.

Published

2009

5. Remote attestation on legacy operating systems with trusted platform modules

Author

Brecht Wyseur, Bart Preneel, and Dries Schellekens

Subjects

Remote software authentication, Trusted platform module, General Computer Science, Computer science, Network communication, Cryptography, computer.software_genre, Theoretical Computer Science, Secure cryptoprocessor, Attestation, Direct Anonymous Attestation, Trusted service manager, business.industry, Timed execution, Trusted Computing, Trusted Network Connect, Software security assurance, Embedded system, Next-Generation Secure Computing Base, Partial solution, Operating system, Trusted Platform Module, business, computer, Software, Computer Science(all)

Abstract

A lot of progress has been made to secure network communication, e.g., through the use of cryptographic algorithms. However, this offers only a partial solution as long as the communicating end points still suffer from security problems. A number of applications require remote verification of software executing on an untrusted platform. Trusted computing solutions propose to solve this problem through software and hardware changes, typically a secure operating system and the addition of a secure coprocessor respectively. On the other hand, timed execution of code checksum calculations aims for a solution on legacy platforms, but can not provide strong security assurance. We present a mixed solution by using the trusted computing hardware, namely the time stamping functionality of the trusted platform module, in combination with a timing based remote code integrity verification mechanism. In this way, we do not require a secure operating system, but at the same time the overall security of the timed execution scheme can be improved.

Published

2008

6. Insights on identity documents based on the Belgian case study

Author

Koen Simoens, Bart Preneel, and D. De Cock

Subjects

World Wide Web, Identification (information), Computer Networks and Communications, business.industry, Computer science, Internet privacy, Identity (object-oriented programming), ComputingMilieux_LEGALASPECTSOFCOMPUTING, Access control, Safety, Risk, Reliability and Quality, business, Software, Electronic signature

Abstract

Efficient eGovernment and eCommerce require the ability to authenticate citizens and transactions online, whereas the increasing mobility of citizens demands reliable identification. Identity documents tend to become the most popular form of identity tokens used for these purposes. An important problem, however, is that they can easily be passed on or used by a fraudster. We discuss the use of identity documents and the problem of linking these documents with their genuine holder. We discuss ePassports and eID cards in general using the Belgian identity documents as a reference.

Published

2008

7. HW/SW co-design for public-key cryptosystems on the 8051 micro-controller

Author

Bart Preneel, Kazuo Sakiyama, Ingrid Verbauwhede, and Lejla Batina

Subjects

Coprocessor, General Computer Science, Modular arithmetic, business.industry, Computer science, Parallel computing, cosic, Microcontroller, Application-specific integrated circuit, Control and Systems Engineering, Embedded system, Multiplication, Hardware_ARITHMETICANDLOGICSTRUCTURES, Electrical and Electronic Engineering, Elliptic curve cryptography, business, FPGA prototype, Gezel

Abstract

It is a challenge to implement large word length public-key algorithms on embedded systems. Examples are smartcards, RF-ID tags and mobile terminals. This paper presents a HW/SW co-design solution for RSA and Elliptic Curve Cryptography (ECC) over GF(p) on a 12 MHz 8-bit 8051 micro-controller. The hardware coprocessor has a Modular Arithmetic Logic Unit (MALU) of which the digit size (d) is variable. It can be adapted to the speed and bandwidth of the micro-controller to which it is connected. The HW/SW co-design space exploration is based on the GEZEL system-level design environment. It allows the designer to find the best performance-area combination for the digit size. As a case study of an FPGA prototyping, 160-bit ECC over GF(p) (ECC-160p) was implemented on Xilinx Virtex-II PRO (XC2VP30). The results show that one point multiplication takes only 130 ms including all communications between the 8051 and the coprocessor. The performance is 40 times faster than the most optimized SW implementation on a small CPU in literature. This is achieved by the HW/SW co-design exploration in order to find the optimized digit size of the MALU. On the other hand, the design of ECC-160p maintains a high level of flexibility by using coprocessor instructions. Our proposed architecture proves that HW/SW co-design provides a high performance close to ASIC solutions with a flexible feature of SW even on a small CPU. © 2007 Elsevier Ltd. All rights reserved. ispartof: Computers & Electrical Engineering vol:33 issue:5 pages:324-332 status: published

Published

2007

8. A survey of recent developments in cryptographic algorithms for smart cards

Author

Bart Preneel

Subjects

Key Wrap, Computer Networks and Communications, Computer science, Hash function, Cryptography, Encryption, Computer security, computer.software_genre, Padding, law.invention, Public-key cryptography, Collision resistance, Digital signature, law, SHA-1, Security of cryptographic hash functions, Hardware_ARITHMETICANDLOGICSTRUCTURES, Elliptic curve cryptography, Stream cipher, Block cipher, Authentication, Cryptographic primitive, business.industry, Hash-based message authentication code, Elliptic curve, Smart card, business, Cryptanalysis, Algorithm, computer

Abstract

This article presents an update on recent developments in the area of cryptographic algorithms that are relevant for smart cards. It includes a review of the status of hash functions, block ciphers and stream ciphers and presents an update on authenticated or unforgeable encryption. Finally the issue of secure padding for the RSA algorithm is discussed and the status of Elliptic Curve Cryptography is briefly reviewed.

Published

2007

9. Recent attacks on alleged SecurID and their practical implications

Author

Bart Preneel, Joseph Lano, and Alex Biryukov

Subjects

Authentication, Security analysis, General Computer Science, Computer science, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Function (mathematics), MDC-2, Computer security, computer.software_genre, law.invention, law, Key (cryptography), Cryptanalysis, Law, computer, Practical implications, Block cipher

Abstract

SecurID tokens are developed by SDTI/RSA Security to authenticate users to a corporate computer infrastructure. In this paper we show the results of our analysis of the function contained in these tokens. The block cipher at the heart of the function can be broken in milliseconds. We present two attack scenarios on the full function: if one can observe the output of the device during some time period, one can predict with high probability future output values and one can recover the secret key significantly faster than by exhaustive search.

Published

2005

10. Spectral characterization of cryptographic Boolean functions satisfying the (extended) propagation criterion of degree l and order k

Author

Michaël Quisquater, Bart Preneel, and Joos Vandewalle

Subjects

Discrete mathematics, Differential cryptanalysis, Degree (graph theory), business.industry, Cryptography, Characterization (mathematics), Computer Science Applications, Theoretical Computer Science, Combinatorics, Signal Processing, Order (group theory), Security of cryptographic hash functions, Boolean function, business, Computer Science::Cryptography and Security, Information Systems, Mathematics

Abstract

The (extended) propagation criterion was defined in cryptography in order to analyze the security of cryptographic components with respect to differential cryptanalysis. In this paper, we obtain the spectral characterization of functions satisfying the (extended) propagation criterion of degree l and order k. This important problem was left open since the introduction of these functions more than ten years ago.

Published

2005

11. E03: A new systolic architecture for multiplication in GF(2n)

Author

Bart Preneel, Nele Mentens, and Lejla Batina

Subjects

Flexibility (engineering), Polynomial, Computer science, Binary number, Parallel computing, Computer Science::Hardware Architecture, Least significant bit, Finite field, Multiplier (economics), Multiplication, Hardware_ARITHMETICANDLOGICSTRUCTURES, Arithmetic, Elliptic curve cryptography, Field-programmable gate array

Abstract

In this paper we present an FPGA implementation of a new systolic architecture for multiplication in binary finite fields. The proposed method performs two parts of multiplication (from LSB and from MSB) in parallel. Our digit-serial architecture features low hardware complexity that allows for various trade-offs between area and speed. The multiplier employs polynomial bases which results in more flexibility in hardware than other representations. This solution can facilitate efficient implementations of Elliptic Curve Cryptography (ECC).

Published

2004

12. E09: An FPGA implementation of Rijndael: Trade-offs for side-channel security

Author

Nele Mentens, Bart Preneel, Ingrid Verbauwhede, and Lejla Batina

Subjects

business.industry, Computer science, Embedded system, Advanced Encryption Standard, Trade offs, Side channel attack, Smart card, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Field-programmable gate array, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, FPGA prototype

Abstract

This work proposes a complete and side-channel proof solution for an FPGA implementation of AES. An unsecured implementation is extended to a secured version byusing a masking algorithm. Our solution is implemented as an FPGA prototype, but in the future it can be easily used in a crypto-coprocessor on a smartcard.

Published

2004

13. Towards a framework for evaluating certificate status information mechanisms

Author

D. De Cock, Bart Preneel, Dimitris Gritzalis, Diomidis Spinellis, John Iliadis, and Stefanos Gritzalis

Subjects

Public key certificate, Knowledge management, Computer Networks and Communications, computer.internet_protocol, Computer science, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Self-signed certificate, X.509, Certificate signing request, Certificate authority, Revocation list, business.industry, Certificate policy, Certificate Management Protocol, Certificate, Intermediate certificate authorities, Authorization certificate, Root certificate, Certification path validation algorithm, Certification Practice Statement, Online Certificate Status Protocol, business, computer, Implicit certificate

Abstract

A wide spectrum of certificate revocation mechanisms is currently in use. A number of them have been proposed by standardisation bodies, while some others have originated from academic or private institutions. What is still missing is a systematic and robust framework for the sound evaluation of these mechanisms. We present a mechanism-neutral framework for the evaluation of certificate status information (CSI) mechanisms. These mechanisms collect, process and distribute CSI. A detailed demonstration of its exploitation is also provided. The demonstration is mainly based on the evaluation of Certificate Revocation Lists, as well as of the Online Certificate Status Protocol. Other well-known CSI mechanisms are also mentioned for completeness.

Published

2003

14. Hardware architectures for public key cryptography

Author

Joos Vandewalle, S.B. Ors, Lejla Batina, and Bart Preneel

Subjects

Neural cryptography, Modular arithmetic, business.industry, Reconfigurable computing, Public-key cryptography, Hardware and Architecture, Embedded system, Systems architecture, Cryptosystem, Hardware_ARITHMETICANDLOGICSTRUCTURES, Electrical and Electronic Engineering, Elliptic curve cryptography, business, Software, Computer hardware, PKCS #1, Mathematics

Abstract

This paper presents an overview of hardware implementations for the two commonly used types of public key cryptography, i.e. RSA and elliptic curve cryptography, both based on modular arithmetic. We first discuss the mathematical background and the algorithms to implement these cryptosystems. Next an overview is given of the different hardware architectures which have been proposed in the literature.

Published

2003

15. On the Security of Today’s Online Electronic Banking Systems

Author

Bart Preneel, Valentin Dem, Joos Vandewalle, Joris Claessens, and D. De Cock

Subjects

Password, Focus (computing), Hardware_MEMORYSTRUCTURES, Mobile banking, General Computer Science, business.industry, Best practice, Computer security, computer.software_genre, Electronic banking, Telephone banking, SMS banking, The Internet, Business, Law, computer

Abstract

Current technology is evolving fast and is constantly bringing new dimensions to our daily life. Electronic banking systems provide us with easy access to banking services. The interaction between user and bank has been substantially improved by deploying ATMs, phone banking, Internet banking, and more recently, mobile banking. This paper discusses the security of today's electronic banking systems. We focus on Internet and mobile banking and present an overview and evaluation of the techniques that are used in the current systems. The best practice is indicated, together with improvements for the future. The issues discussed in this paper are generally applicable in other electronic services such as E-commerce and E-government.

Published

2002

16. Cryptography on smart cards

Author

Bart Preneel, Johan Borst, and Vincent Rijmen

Subjects

Cryptographic primitive, Computer Networks and Communications, Computer science, business.industry, Data_MISCELLANEOUS, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Cryptography, Card reader, Computer security, computer.software_genre, Smart card application protocol data unit, Embedded system, Smart card, Open Smart Card Development Platform, business, Contactless smart card, computer

Abstract

This article presents an overview of the cryptographic primitives that are commonly implemented on smart cards. We also discuss attacks that can be mounted on smart cards as well as countermeasures against such attacks.

Published

2001

17. State-of-the-art ciphers for commercial applications

Author

Bart Preneel

Subjects

Key Wrap, Triple DES, Block cipher mode of operation, S-box, Differential cryptanalysis, Theoretical computer science, General Computer Science, Computer science, T-function, Stream cipher attack, Hash function, Two-square cipher, Sponge function, Encryption, Cryptographic hash function, Security level, Stream cipher, Key schedule, Avalanche effect, Block cipher, Cryptographic primitive, business.industry, Encryption software, Advanced Encryption Standard, MDC-2, Disk encryption theory, Deterministic encryption, Computer engineering, Symmetric-key algorithm, Advanced Encryption Standard process, business, Law, Block size

Abstract

We discuss recent developments in the area of conventional cryptographic primitives: encryption algorithms (block ciphers and stream ciphers), MAC algorithms, and hash functions. The security level and software performance of these primitives is compared. A summary is given of the status of the development of the AES (Advanced Encryption Standard), which will replace DES in the near future.

Published

1999

18. MACs and hash functions: State of the art

Author

Bart Preneel

Subjects

Secure Hash Algorithm, Theoretical computer science, Computer Networks and Communications, Computer science, Hash function, Secure Hash Standard, Collision resistance, SHA-2, Hash chain, Security of cryptographic hash functions, Safety, Risk, Reliability and Quality, Software, Double hashing, Computer Science::Cryptography and Security

Abstract

This paper gives a survey of MAC algorithms and hash functions. It describes the main properties, summarizes the most important constructions and reports on their security.

Published

1997

19. Preface

Author

Javier Lopez, Svetla Nikova, Andreas Pashalidis, Günther Pernul, and Bart Preneel

Subjects

Computational Mathematics, Computational Theory and Mathematics, Modeling and Simulation, Modelling and Simulation

Published

2013

20. Cryptanalysis of a fast cryptographic checksum algorithm

Author

René Govaerts, Joos Vandewalle, Antoon Bosselaers, and Bart Preneel

Subjects

General Computer Science, Computer science, business.industry, Cryptography, Plaintext, Hash-based message authentication code, law.invention, Symmetric-key algorithm, law, Checksum, Key (cryptography), Message authentication code, business, Cryptanalysis, Law, Algorithm, Distributed Checksum Clearinghouse

Abstract

A critical analysis of the modified cryptographic checksum algorithm published by F. Cohen and H.J. Huang points out two major weaknesses in the scheme. The first weakness is a reduced dependency on the beginning of the plaintext. Secondly, the first bits of the key can be derived with an adaptive chosen text attack. With the aid of these bits, the plaintext can be manipulated with a negligible chance of detection.

Published

1990