Your search keyword '"COMPUTER network protocols"' showing total 279 results

151. Provably secure three-party password-based authenticated key exchange protocol

Author

Zhao, Jianjie and Gu, Dawu

Subjects

*COMPUTER network protocols, *COMPUTER security, *AUTHENTICATION (Law), *MATHEMATICAL models, *DATA protection, *HEURISTIC, *DATA security, *COMPUTER passwords

Abstract

Abstract: A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve “heuristic” security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof. [Copyright &y& Elsevier]

Published

2012

152. An ideal multi-secret sharing scheme based on MSP

Author

Hsu, Ching-Fang, Cheng, Qi, Tang, Xueming, and Zeng, Bing

Subjects

*COMPUTER file sharing, *SECRECY, *MONOTONE operators, *PRIVACY, *LINEAR systems, *COMPUTER software, *COMPUTER network protocols, *COMPUTER security

Abstract

Abstract: A multi-secret sharing scheme is a protocol to share m arbitrarily related secrets s 1,…, s m among a set of n participants. In this paper, we propose an ideal linear multi-secret sharing scheme, based on monotone span programs, where each subset of the set of participants may have the associated secret. Our scheme can be used to meet the security requirement in practical applications, such as secure group communication and privacy preserving data mining etc. We also prove that our proposed scheme satisfies the definition of a perfect multi-secret sharing scheme. [ABSTRACT FROM AUTHOR]

Published

2011

153. Encryption and Secure Computer Networks.

Author

Popek, Gerald J. and Kline, Charles S.

Subjects

*COMPUTER networks, *DISTRIBUTED computing, *DATA encryption, *COMPUTER network protocols, *DIGITAL signatures, *COMPUTER network security

Abstract

There is increasing growth in the number of computer networks in use and in the kinds of distributed computing applications available on these networks. This increase, together with concern about privacy, security, and integrity of information exchange, has created considerable interest in the use of encryption to protect information in the networks. This survey is directed at the reader who is knowledgeable about various network designs and who now wishes to consider incorporating encryption methods into these designs. It is also directed at developers of encryption algorithms who wish to understand the characteristics of such algorithms useful in network applications. Key management, network encryption protocols, digital signatures, and the utility of conventional-or public-key encryption methods are each discussed. A case study of how encryption was integrated into an actual network, the Arpanet, illustrates many issues present in the design of a network encryption facility. [ABSTRACT FROM AUTHOR]

Published

1979

154. Using CSP to Detect Errors in the TMN Protocol.

Author

Lowe, Gavin and Roscoe, Bill

Subjects

*COMPUTER network protocols, *CRYPTOGRAPHY, *MOBILE communication systems, *EAVESDROPPING, *DATA encryption, *COMPUTER viruses, *COMPUTER security

Abstract

In this paper we use FDR, a model checker for CSP, to detect errors in the TMN protocol [18]. We model the protocol and a very general intruder as CSP processes, and use the model checker to test whether the intruder can successfully attack the protocol. We consider three variants on the protocol, and discover a total of 10 different attacks leading to breaches of security. [ABSTRACT FROM AUTHOR]

Published

1997

155. The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties.

Author

Focardi, Riccardo and Gorrieri, Roberto

Subjects

*SOFTWARE verification, *ACCESS control, *COMPUTER network protocols, *SECURITY systems, *COMPUTER security, *COMPUTER industry

Abstract

The Compositional Security Checker (CoSeC for short) is a semantic-based tool for the automatic verification of some compositional information flow properties. The specifications given as inputs to CoSeC are terms of the Security Process Algebra, a language suited for the specification of concurrent systems where actions belong to two different levels of confidentiality. The information flow security properties which can be verified by CoSeC are some of those classified in [8]. They derive from some classic notions, e.g., Noninterference [11]. The tool is based on the same architecture as the Concurrency Workbench [5], from which some modules have been imported unchanged. The usefulness of the tool is tested with the significant case-study of an access-monitor, presented in several versions in order to illustrate the relative merits of the various information flow properties that CoSeC can check. Finally, we present an application in the area of network security: we show that the theory (and the tool) can be reasonably applied also for singling out security flaws in a simple, yet paradigmatic, communication protocol. [ABSTRACT FROM AUTHOR]

Published

1997

156. A Model for Secure Protocols and Their Compositions.

Author

Heintze, Nevin and Tygar, J. D.

Subjects

*COMPUTER network protocols, *COMPUTER security, *SECURITY systems, *DATA protection, *COMPUTER networks, *STANDARDS

Abstract

This article develops a foundation for reasoning about protocol security. A model-based approach for defining protocol security properties is adopted. This allows describing security properties in greater detail and precision than previous frameworks for reasoning about protocol security. One can split the notion of security into two parts: the secret-security and the time-security of protocols. By secret-security, it means that messages believed to be secret are never revealed. By time-security, it means that stale messages cannot be replayed to subvert the protocol.

Published

1996

157. A secure collaboration service for dynamic virtual organizations

Author

Li, Jianxin, Huai, Jinpeng, Hu, Chunming, and Zhu, Yanmin

Subjects

*VIRTUAL communities, *COMPUTER security, *DISTRIBUTED computing, *COMPUTER architecture, *COMPUTER network protocols, *GRID computing, *INFORMATION resources, *COMPUTER algorithms

Abstract

Abstract: Nowadays, various promising paradigms of distributed computing over the Internet, such as Grids, P2P and Clouds, have emerged for resource sharing and collaboration. To enable resources sharing and collaboration across different domains in an open computing environment, virtual organizations (VOs) often need to be established dynamically. However, the dynamic and autonomous characteristics of participating domains pose great challenges to the security of virtual organizations. In this paper, we propose a secure collaboration service, called PEACE-VO, for dynamic virtual organizations management. The federation approach based on role mapping has extensively been used to build virtual organizations over multiple domains. However, there is a serious issue of potential policy conflicts with this approach, which brings a security threat to the participating domains. To address this issue, we first depict concepts of implicit conflicts and explicit conflicts that may exist in virtual organization collaboration policies. Then, we propose a fully distributed algorithm to detect potential policy conflicts. With this algorithm participating domains do not have to disclose their full local privacy policies, and is able to withhold malicious internal attacks. Finally, we present the system architecture of PEACE-VO and design two protocols for VO management and authorization. PEACE-VO services and protocols have successfully been implemented in the CROWN test bed. Comprehensive experimental study demonstrates that our approach is scalable and efficient. [Copyright &y& Elsevier]

Published

2010

158. Simulatable certificateless two-party authenticated key agreement protocol

Author

Zhang, Lei, Zhang, Futai, Wu, Qianhong, and Domingo-Ferrer, Josep

Subjects

*AUTHENTICATION (Law), *COMPUTER network protocols, *PUBLIC key cryptography, *SIMULATION methods & models, *INFORMATION resources management, *COMPUTER security, *DATA security, *MATHEMATICAL models

Abstract

Abstract: Key agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated key agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a public-key infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the so-called key escrow problem. Recently, certificateless cryptography was introduced to mitigate these limitations. In this paper, we first propose a security model for AKA protocols using certificateless cryptography. Following this model, we then propose a simulatable certificateless two-party AKA protocol. Security is proven under the standard computational Diffie–Hellman (CDH) and bilinear Diffie–Hellman (BDH) assumptions. Our protocol is efficient and practical, because it requires only one pairing operation and five multiplications by each party. [Copyright &y& Elsevier]

Published

2010

159. Selling multiple secrets to a single buyer

Author

del Rey, A. Martín and Sánchez, G. Rodríguez

Subjects

*PURCHASING agents, *SELLING, *ALGORITHMS, *CONGRUENCES & residues, *NUMBER theory, *JACOBI forms, *COMPUTER security, *COMPUTER network protocols, *CRYPTOGRAPHY

Abstract

Abstract: This paper deals with the original work due to Brassard et al., in which an algorithm to sell only one secret to one buyer was introduced. It is based on the theory of quadratic residues modulo an integer number and Jacobi symbols. Unfortunately, this algorithm exhibits an important security drawback: the seller can disclose more than one secret to the buyer instead of only one. This problem was overcome by other sophisticated protocols. Although such problem has been satisfactorily tackled, the main goal of this work is to modify the original work (preserving its flavour) in order to securely disclose multiple secrets without the participation of more buyers but with a third trusted party. [Copyright &y& Elsevier]

Published

2009

160. An improved identity-based key agreement protocol and its security proof

Author

Wang, Shengbao, Cao, Zhenfu, Choo, Kim-Kwang Raymond, and Wang, Lihua

Subjects

*PUBLIC key infrastructure (Computer security), *COMPUTER security, *COMPUTER network security, *COMPUTER network protocols, *CYBERTERRORISM, *DATA security, *DATA protection

Abstract

Abstract: We revisit the identity-based (ID-based) key agreement protocol due to Ryu et al. The protocol is highly efficient and suitable for real-world applications despite offering no resilience against key-compromise impersonation (K-CI). We show that the protocol is also insecure against reflection attacks. We propose a slight modification to the protocol and prove its security in a widely accepted model. [Copyright &y& Elsevier]

Published

2009

161. Simulatability and security of certificateless threshold signatures

Author

Wang, Licheng, Cao, Zhenfu, Li, Xiangxue, and Qian, Haifeng

Subjects

*DIGITAL signatures, *COMPUTER network protocols, *CRYPTOGRAPHY, *COMPUTER security

Abstract

Abstract: We analyze the relationship between the notion of certificateless public key cryptography (CL-PKC) and identity-based schemes without a trusted private key generator (PKG), formally define the security of certificateless threshold signatures, and propose a concrete implementation based on bilinear pairings. To exhibit the security of our proposal, we develop the theory of simulatability and relationship between the certificateless threshold signatures and the underlying (non-threshold) ID-based signatures. We show that the proposed scheme is robust and existentially unforgeable against adaptively chosen message attacks under CDH assumption in the random oracle model. [Copyright &y& Elsevier]

Published

2007

162. Security weakness in a three-party pairing-based protocol for password authenticated key exchange

Author

Nam, Junghyun, Lee, Youngsook, Kim, Seungjoo, and Won, Dongho

Subjects

*COMPUTER network protocols, *COMPUTER passwords, *COMMUNICATION, *COMPUTER security

Abstract

Abstract: Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings—Communications 152 (2) (2005) 138–143) proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.’s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future. [Copyright &y& Elsevier]

Published

2007

163. A novel deniable authentication protocol using generalized ElGamal signature scheme

Author

Lee, Wei-Bin, Wu, Chia-Chun, and Tsaur, Woei-Jiunn

Subjects

*COMPUTER security, *DIGITAL signatures, *COMPUTER network protocols, *INTERNET

Abstract

Abstract: A deniable authentication protocol enables a receiver to identify the true source of a given message, but not to prove the identity of the sender to a third party. This property is very useful for providing secure negotiation over the Internet. Consequently, many interactive and non-interactive deniable authentication protocols have been proposed. However, the interactive manner makes deniable protocols inefficient. In addition, a security hole is generated in deniable protocols that use the non-interactive manner if a session secret is compromised. Thus, there is no secure and efficient deniable authentication protocol as of now. In this paper, a new protocol based on the non-interactive manner is proposed to efficiently and securely achieve deniable authentication. This protocol can furthermore replace the underlying signature scheme in order to retain a secure status even if the previously used signature method is broken. [Copyright &y& Elsevier]

Published

2007

164. The New Standard-Bearer.

Author

Philip Qu

Subjects

*RADIO frequency identification systems, *AUTOMATIC tracking, *IDENTIFICATION equipment, *COMPUTER security, *DVD-Video discs, *FREQUENCIES of oscillating systems, *COMPUTER network protocols

Abstract

The article reports that China has proposed a standard for tracking goods using radio frequency identification (RFID) tags especially when bolstered by a developing coordination with Wal-Mart Inc., the world's largest merchandiser from Bentonville, Arkansas. Wal-Mart Inc. has planned to lead the way in commercial use of RFID technology to track its products from factory to store shelf. China's standard initiatives have been applied even in some of the hottest areas of technology including computer networking which has Wi-Fi security known as Wireless Authentication and Privacy Infrastructure, next-generation DVDs wherein the Chinese government has approved Enhanced Video Disk and race for the next generation of software to run on high-definition DVDs that is concerned with the way audio and video data on DVDs are encoded..

Published

2005

165. Wireless Network Configuration and Security Strategies.

Author

Breeding, Marshall

Subjects

*WIRELESS LANs, *LOCAL area networks, *TCP/IP, *COMPUTER security, *COMPUTER network protocols, *WIRELESS communications

Abstract

The article discusses practical aspects of setting up a wireless network (WLAN). One of the basic steps in setting up a WLAN involves installation and configuration of one or more access points. The process involves assigning the unit its Internet telephony (IP) address and other TCP/IP settings and then working through all the configuration details. To be secure, a wireless LAN must fit within the organization's overall network design and security architecture. Efforts must be made to detect and remove rogue access points or, at least, to bring them within the official network and support system. When establishing a wireless LAN for public use, the library provides only the basic connectivity. Users bring their own computers, not only saving the library in computer hardware costs, but also in furniture, Ethernet drops, power outlets, plus the building space.

Published

2005

166. Vulnerabilities in Chen and Deng's RFID mutual authentication and privacy protection protocol

Author

Kapoor, Gaurav and Piramuthu, Selwyn

Subjects

*COMPUTER network protocols, *ARTIFICIAL intelligence, *RADIO frequency identification systems, *COMPUTER security, *CRYPTOGRAPHY, *PUBLICATIONS

Abstract

Abstract: As incorporation of RFID (Radio Frequency IDentification) tags in a wide variety of applications increase, there is a need to ensure the security and privacy of the entity to which these tags are attached. Not surprisingly, this is a very active area as attested by the large number of related published research literature. Recently, the journal engineering applications of artificial intelligence published a paper by where the authors propose a mutual authentication protocol for RFID. This protocol has fundamental flaws that can be readily taken advantage by a resourceful adversary. We identify and discuss these vulnerabilities and point out the characteristics of this protocol that exposes it to these vulnerabilities. [Copyright &y& Elsevier]

Published

2011

167. Cryptanalysis of the application secure alternative to SNMP (APSSNMP)

Author

Phan, Raphael C.-W.

Subjects

*SIMPLE Network Management Protocol (Computer network protocol), *CRYPTOGRAPHY, *COMPUTER network security, *TCP/IP, *DATA protection, *COMPUTER security, *DISTRIBUTED computing, *COMPUTER network protocols

Abstract

Abstract: The APSSNMP network management protocol was proposed as a secure alternative to the Simple Network Management Protocol (SNMP) used in the TCP/IP suite. The designers claimed that it resists meet-in-the-middle (MITM) attacks. In this paper, we present an advanced MITM attack on the APSSNMP and hence show that it fails to achieve its design objective of providing better security against MITM attacks. Since the APSSNMP has been presented in several journals, and IEEE and IASTED conferences, our result is important to highlight to network implementers and users of distributed systems that the APSSNMP is not secure for practical deployment. [Copyright &y& Elsevier]

Published

2009

168. Authentication in Transient Storage Device Attachments.

Author

Rich, Donald

Subjects

*STORAGE area networks (Computer networks), *AUTHENTICATION (Law), *DATA warehousing, *COMPUTER network security, *DYNAMIC storage allocation (Computer science), *COMPUTER security, *COMPUTER network protocols

Abstract

The article discusses digital storage devices, or transient storage devices (TSD). Businesses need authentication of these devices before they allow a host to mount them due to security issues. The Institute of Electrical & Electronics Engineers' (IEEE) Computer Society has developed a protocol for standards in authentication for TSDs. The IEEE directive states that the host can authenticate TSD's identity and the TSD can also authenticate the host's identity. Analysts say authentication will solve many problems associated with the spread of TSDs.

Published

2007

169. Simplifying Public Key Management.

Author

Gutmann, Peter and Arbaugh, William A.

Subjects

*COMPUTER network protocols, *COMPUTER networks, *COMPUTER security, *DATA protection, *SECURITY systems, *ELECTRONIC data processing

Abstract

Focuses on the adoption of secure shell (SSH) protocol in public key management. Advantages of SSH; Features; Effectiveness of SSH in deploying security mechanisms.

Published

2004

170. A Generic Framework for Accountable Optimistic Fair Exchange Protocol †.

Author

Loh, Jia-Ch'ng, Heng, Swee-Huay, and Tan, Syh-Yuan

Subjects

*COMPUTER network protocols, *COMPUTER security, *INFORMATION science, *COMPUTATIONAL complexity, *MATHEMATICAL models

Abstract

Optimistic Fair Exchange protocol was designed for two parties to exchange in a fair way where an arbitrator always remains offline and will be referred only if any dispute happens. There are various optimistic fair exchange protocols with different security properties in the literature. Most of the optimistic fair exchange protocols satisfy resolution ambiguity where a signature signed by the signer is computational indistinguishable from the one resolved by the arbitrator. Huang et al. proposed the first generic framework for accountable optimistic fair exchange protocol in the random oracle model where it possesses resolution ambiguity and is able to reveal the actual signer when needed. Ganjavi et al. later proposed the first generic framework in the standard model. In this paper, we propose a new generic framework for accountable optimistic fair exchange protocol in the standard model using ordinary signature, convertible undeniable signature, and ring signature scheme as the underlying building blocks. We also provide an instantiation using our proposed generic framework to obtain an efficient pairing-based accountable optimistic fair exchange protocol with short signature. [ABSTRACT FROM AUTHOR]

Published

2019

171. UNPLUGGED AND INSECURE.

Author

Nobel, Carmen and Berinato, Scott

Subjects

*WIRELESS communications, *COMPUTER security, *COMPUTER network protocols

Abstract

Part III. Reports that the wireless telecommunication industry are rushing to get applications in the hands of users, and in the process are minimizing the importance of security. Factors hampering security efforts that are under way; Number of wireless devices accessing the Internet; Protocols being implemented in the wireless world. INSET: Users--the weakest link..

Published

2000

172. The Perils of Port 80.

Author

Somogyi, Stephen and Schneier, Bruce

Subjects

*COMPUTER viruses, *COMPUTER software, *COMPUTER network protocols, *DIGITAL communications, *COMPUTER security, *DATA protection

Abstract

The author focuses on the Code Red worm, a computer virus which has traveled the Internet and has caused considerable consternation among users of Internet Information Server of Microsoft Corp. These worms work their way through self generated lists of Internet protocol addresses and contact each address's port 80, the standard Hyper Text Transfer Protocol (HTTP) port. The problem is created by the companies embedding network servers into products without making them sufficiently robust. The rise of HTTP as a communications common denominator comes from ease of use, fix programmer and customer alike. HTTP traffic is usually allowed through firewalls and other network traffic barriers. Numerous non-HTTP protocols are tunneled via HTTP in order to ease their passage. Given the ease of implementation and small code size of a lightweight web server, it is disturbing that such software is not engineered with greater care. HTTP is easy to implement, easy to use and easy to co-opt. With some diligence and forethought, it is also easy to secure.

Published

2001

173. NEW IP ADDRESS SYSTEM VS. PRIVACY.

Author

Fox, Robert

Subjects

*COMPUTER network protocols, *COMPUTER security, *PRIVACY, *COMPUTER networks, *INTERNET, *INTERNET users

Abstract

The article focuses on an addressing system called IP address and relates it with the privacy of personal computers. A proposal to improve the way information flows across the Internet has caused worries for privacy advocates that the design could be used to trace a person's identity. The proposal, an addressing system called IPv6, was created by the Internet Engineering Task Force, an international standards body, and would include a unique serial number for each computer's network connection as part of its expanded new IP address. Critics warn that, if adopted, the move could strip the anonymity and security of Internet users over traditional phone lines, allowing commercial sites to correlate these embedded serial numbers against a consumer's name, address, and other personal details, from clothing size to political affiliation. Today, most home computers are assigned a different IP address each time they connect. According to a lawyer of Washington-based Electronic Privacy Information Center, Marc Rotenberg, although IPv6 would not be widely used for years, there is no doubt there are serious privacy concerns.

Published

1999

174. INTERNET SABOTAGE.

Subjects

*CYBERTERRORISM, *INTERNET service providers, *COMPUTER hackers, *INTERNET users, *COMPUTER security, *DATA protection, *COMPUTER network protocols, *NETWORK routers

Abstract

The article presents information about the Internet sabotage. A new type of Internet sabotage is spreading and has now occurred at more than a dozen Web sites around the U.S. Attacks which tie up network computers so that other users cannot gain access have created nuisance. Hackers bombard an Internet server with more than 100 requests per second for service, each coming from a randomly generated false address while shutting out legitimate users. The Computer Emergency Response Team formed by the Defense Advanced Research Projects Agency conducts research for improving computing security and drafted an advisory detailing the nature of the attack and its impact on the Internet community. Security officials are concerned because this type of hacking exploits the basic scheme of the Internet, software protocols, routing instructions, on which the Internet has based and they were not designed to prevent message flooding.

Published

1996

175. Parameterized Communication.

Author

Myrvang, Per Harald

Subjects

*PROGRAMMING languages, *COMPUTER network protocols, *COMPUTER security, *REAL-time computing, *COMPUTER programming, *COMPUTER software development

Abstract

This article discusses the Obol protocol programming language that allows for testing and experimentation when constructing and using security protocols in real systems. An Obol program is called a script and describes a participant's role in the protocol. It provides features useful to the protocol programmer, such as control structures, interactivity and the use as a crypto coprocessor. Obol is also used by the GridKit project at the University of Lancaster in England to experiment with flexible security policies.

Published

2006

176. SSH Kerberos Authentication Using GSSAPI and SSPI.

Author

Matthews, Glen

Subjects

*COMPUTER network protocols, *COMPUTER network security, *COMPUTER security, *AUTHENTICATION (Law), *DIGITAL signatures, *COMPUTER interfaces, *COMPUTER input-output equipment, *COMPUTER software, *COMPUTER programming

Abstract

The article describes the mechanism of the Secure Shell (SSH) protocol Kerberos authentication using Generic Security Services Application Programming Interface and Microsoft's Security Support provider Interface. There are three steps in running SSH protocol: negotiate encryption, authenticate the user and open and use channels. The protocol uses a packetized binary protocol on the wire consisting of a shorter header, a message type, the payload and Message Authentication Code. On the other hand, SSH authentication using Kerberos, it can run over the SSH User Authentication protocol or over the SSH Transport protocol.

Published

2006

177. BROADCOM UNVEILS PROCESSORS THAT COMBINE PROTOCOL PROCESSING.

Subjects

*COMPUTER security, *COMPUTER network protocols, *PRODUCT lines, *MICROPROCESSORS

Abstract

This article presents information on the new CryptoNetX line of security protocol processors unveiled by Broadcom as of December 2005. This next-generation line of security processors that combine Internet protocol Security and Secure Sockets Layer protocol processing, cryptographic acceleration, and hardware-based identity management and authentication into a single-chip solution. Recently announced are three new security protocol processors that include either PCI-X(R) or PCI Express(R) host bus architectures. Each of these new chips provides high-performance cryptographic acceleration and the ability to offload a significant amount of security processing functions from the host processor, resulting in higher performance and optimal central processing unit utilization.

Published

2005

178. 10 Steps SOA.

Author

Knoor, Eric, Rist, Oliver, and Krill, Paul

Subjects

*WEB services, *APPLICATION software, *COMPUTER network protocols, *STOCHASTIC convergence, *COMPUTER security

Abstract

This section offers steps on how to start with a service-oriented architecture (SOA). It was learned that SOA builds on the stack of protocols that define Web services. It is a broad, standards-based framework in which services are built, deployed, managed, and orchestrated in pursuit of new infrastructures that respond to shifting business demands. SOA starts with a business promise of enabling enterprises to re-engineer themselves. The more dynamic the business, the more it will benefit from a well-implemented SOA. Before implementation, it is recommended to survey surroundings. An SOA involves a sprawling set of technologies. Another step is the connection of first services. Coming next is the selection and deployment of a registry or repository. The issue of convergence should come next. Security plans must be laid and a messaging infrastructure must be built. The last two steps is the deployment of service management and orchestration.

Published

2005

179. West Point UNWIRED.

Subjects

*WIRELESS communications, *COMPUTER security, *COMPUTER network protocols, *MILITARY education

Abstract

Focuses on wireless networking capability for classroom connectivity at the West Point Military Academy. Software solution for security concerns of wireless networking; Advantages of using the bandwidth 802.11a; Configuration control of computers using the wireless technology.

Published

2003

180. PacketCable Security.

Author

deCarmo, Linden

Subjects

*COMPUTER network protocols, *TELEPHONE systems, *COMPUTER security

Abstract

Discusses the PacketCable Security Specification for Internet Protocol telephony networks. Information on the various security threats to IP networks; Details on the authentication process supervised by a Key Distributor Center; Key strength of the PacketCable security architecture.

Published

2001

181. ESTIMATORS IN CRYPTOGRAPHIC MODELS.

Author

CONSTANTINESCU, Nicolae, BOLDEA, Costin, COSULSCHI, Mirel, and GABROVEANU, Mihai

Subjects

*CRYPTOGRAPHY, *MACHINE ciphers, *DATA encryption, *COMPUTER security, *COMPUTER network protocols, *COMPUTER networks

Abstract

One of the main problems in cryptography is to give criteria to provide good comparators of cipher systems. The security of a cipher system must include the security of the algorithm, the security of the key generator, management module and the security of the cryptographic key agreement protocol. This paper shows and proves the necessary mathematical background to estimate the most important cryptographic measures of the key generators and of the unconditionally key agreement protocols. [ABSTRACT FROM AUTHOR]

Published

2009

182. Modelling IEEE 802.15.6 slotted Aloha in heterogeneous condition.

Author

Chowdhury, M. S., Ashrafuzzaman, K., and K. S. Kwak

Subjects

*BODY area networks, *COMPUTER network protocols, *COMPUTER security, *MAGNETIZATION transfer, *ACCESS control

Abstract

The IEEE 802.15.6 standard for wireless body area network (WBAN) includes a slotted Aloha based protocol as an option for contention based medium access control. This protocol is different from the long studied classical version in that it has inherent considerations for certain priorities of users. An analytical model is presented for saturation throughput with this protocol in a network that is heterogeneous in user priorities. The model is validated against simulation. [ABSTRACT FROM AUTHOR]

Published

2014

183. IP Security Protocols.

Author

Bozoki, Eva

Subjects

*COMPUTER network protocols, *COMPUTER security, *INTERNET

Abstract

Focuses on the security of computer network protocols, focusing on Internet protocol (IP). Information on Internet communication based on transmission control protocol; Advantages of having IP protocol security; Application of general-purpose protocols; Features of dial-up protocols.

Published

1999

184. Researchers Reveal Critical KRACK Flaws in WPA WiFi Security.

Author

Kerner, Sean Michael

Subjects

*CYBERTERRORISM, *WIRELESS Internet, *COMPUTER network protocols, *COMPUTER security, *DATA encryption

Abstract

The article reports on the Key Reinstallation Attacks (KRACK) that was disclosed on October 16, 2017 by researchers Frank Piessens and Mathy Vanhoef. Topics mentioned include the risk on Wi-Fi Protected Access 2 (WPA2) protocol that is used for WiFi security, the attack that reads information that was assumed to be encrypted, and the plan to discuss the details of the attack at the Black Hat Europe conference.

Published

2017

185. Computing: Secure the Internet.

Author

Laurie, Ben and Doctorow, Cory

Subjects

*COMPUTER technicians, *COMPUTER hackers, *COMPUTER network protocols, *COMPUTER security

Abstract

The authors focus on the efforts of many Internet technicians to fix the problem on the fake certificates used by hackers and governments to harvest online communications. The authors say that the registration information will be added by the international Internet Engineering Task Force to the domain name system (DNS). They add that a cryptographic protocol called Sovereign Keys (SK) was proposed by the Electronic Frontier Foundation.

Published

2012

186. Scientists Develop New Digital-Content Protection Technology.

Subjects

*ELECTRONIC security systems, *DATA protection, *COMPUTER security, *ACCESS control, *COPYRIGHT of electronic information resources, *DIGITAL communications, *MULTIMEDIA communications, *COMPUTER network protocols, *SECURITY systems, *UNIVERSITIES & colleges

Abstract

The article focuses on the development of a novel digital content protection technology by the engineering team from the University of Maryland. The technology aims to solve the unauthorized copying, distribution, and usage of multimedia and text. The researchers are hoping to hinder collusion attacks, in which various users complot to steal copyrighted material protected by fingerprints. The new technology uses shorter Internet protocol protection code that turns to a small spreading signal and sets securely the multiple bits of fingerprint code.

Published

2006

187. Making the Mobile Internet Secure.

Author

Deng, Robert H.

Subjects

*COMPUTER network protocols, *INTERNET security, *COMPUTER security, *MOBILE communication systems, *INTERNET users

Abstract

Focuses on the Internet Protocol (IP) developed by researchers at the Infocomm Research Institute to protect mobile Internet users against specific types of attacks. Operation of Mobile IP; Description of redirect attacks; Benefits of IP in managing certificates.

Published

2004

188. Preface.

Author

Bates, Marilyn L. and Ritsko, John J.

Subjects

*COMPUTER security, *COMPUTER network protocols, *COMPUTER network security

Abstract

Discusses several security measures in computer systems and networks. Information on several authentication schemes for the identification of valid users; Importance of public key cryptography for data confidentiality; Introduction to the Internet Key Exchange Protocol.

Published

2001

189. CAVIUM NETWORKS UNVEILS OCTEON XL ACCELERATOR CARDS.

Subjects

*COMPUTER network protocols, *COMPUTER storage devices, *COMPUTER networks, *COMPUTER security, *MICROPROCESSORS

Abstract

Reports on the availability of OCTEON XL Accelerator cards, targeted at secure network services and compression acceleration in Appliances and Storage Systems, from Cavium Networks. The cards deliver the industry's highest performance, enabling the fastest time to market for existing system configurations. The products are being adopted by Tier-1 vendors for security and networking appliances and storage products as the way to deliver advanced security and application acceleration. The cards are offered in three distinct families with a range of processor performance.

Published

2006

190. SSL or IPSec? Or both?

Author

May, Susan

Subjects

*COMPUTER network security, *IPSEC (Computer network protocol), *COMPUTER security, *COMPUTER network protocols, *INTERNET security

Abstract

Examines which of the two primary technology, Internet protocol security (IPSec) and secure sockets layer (SSL), should be used for mobile work force. Key benefits of IPSec; Development of SSL; Factors to consider before choosing the appropriate solution.

Published

2003

191. VPNs AND THE iPAD.

Author

Welch, John C.

Subjects

*VIRTUAL private networks, *IPADS, *TABLET computers, *DATA protection, *COMPUTER security, *COMPUTER network protocols

Abstract

The article focuses on the benefits of virtual private networks (VPN) for data protection by business users of the iPad tablet computer. The iPad supports three kinds of VPNs Point-to-Point tunneling Protocol (PPtP), Layer 2 tunneling Protocol (L2tP), and Cisco Internet Protocol Security (IPSec). It explains the method for configuring a VPN setup and procedure for using it.

Published

2011

192. Explicit Communication Revisited: Two New Attacks on Authentication Protocols.

Author

Abadi, Martín

Subjects

*KEYSTROKE timing authentication, *COMPUTER network protocols, *CRYPTOGRAPHY, *COMPUTER security, *COMPUTER networks, *IMPERSONATION

Abstract

SSH and AKA are recent, practical protocols for secure connections over an otherwise unprotected network. This paper shows that, despite the use of public-key cryptography, SSH and AKA do not provide authentication as intended. The flaws of SSH and AKA can be viewed as the result of their disregarding a basic principle for the design of sound authentication protocols: the principle that messages should be explicit. [ABSTRACT FROM AUTHOR]

Published

1997

193. OAuth is the 'hottest thing' in identity management.

Author

Connolly, P. J.

Subjects

*COMPUTER network protocols, *COMPUTER security software, *COMPUTER security, *IDENTITY theft prevention, *COMPUTER crime prevention

Abstract

The article discusses the development of Open Authorization (OAuth), an open standard allowing users to share their private resources stored on a website with another website. OAuth emerges from the intention of implementers of OpenID, another open standard for user authentication, to delegate authentication through an application programming interface (API). It compares OpenID protocol with single sign-on (SSO) and claims that OAuth does not need OpenID.

Published

2010

194. Let's Encrypt Free Certificates' Success Challenges SSL/TLS Industry.

Author

Kerner, Sean Michael

Subjects

*SECURE Sockets Layer (Computer network protocol), *COMPUTER network security, *COMPUTER network protocols, *COMPUTER security, *CERTIFICATION

Abstract

The article reports that Let's Encrypt has already issued its one millionth free secure sockets layer (SSL) certificate in 2016. Topics covered include the release of the certification program in December 2015 and the capacity of the program to support issuance rates on the high end. Also mentioned are security and authenticity issues raised against the initiative.

Published

2016

195. Where In The World Is lPv6?

Author

Ely, Adam

Subjects

*TCP/IP, *INTERNET protocols, *COMPUTER network protocols, *INFORMATION technology, *COMPUTER security

Abstract

The article provides information on IPv6, the latest Internet layer of the TCP/IP suit. The IPv6 promises to offer more address space, better security, and easier management for network administrators. The IPv6 also sports IPSec, auto-configuration, and new features for mobile devices. Moreover, the IPv6 is on all software road maps and will likely arrive with mobile devices.

Published

2008

196. Pay heed to 802.11n security.

Author

Garcia, Andrew

Subjects

*COMPUTER security, *SECURITY systems, *WIRELESS Application Protocol (Computer network protocol), *WIRELESS communications, *COMPUTER network protocols, *DATA transmission systems, *MULTIPOINT distribution service, *DATABASE security, *INFORMATION technology security

Abstract

The article presents an analysis regarding the increasing trend for the used of 802.11n as well as its security risk. As most users agrees that their are no known vulnerabilities on the technology, an expert had specified the potential threat. According to Amit Sinha, chief technology officer of wireless intrusion prevention vendor AirDefense, 802.11n significantly complicate the media access control (MAC) layer with the inclusion of mechanisms such as block acknowledgements and spoofed duration fields that could be exploit candidates. It states that the product has still need to finalize the standards before it could be freed totally from the potential risks.

Published

2008

197. UWB over power line IC offers speedy option.

Author

Mannion, Patrick

Subjects

*ULTRA-wideband antennas, *COMPUTER network protocols, *COMPUTER security, *MODULATION (Music theory)

Abstract

The article reports that Artimi Ltd. has announced a UWB chip that it believes solves the dilemma of high costing and ultrawideband (UWD) offerings of Wi-Fi. The company has combined an 800-Mbit/second physical layer based on pulse-position modulation (PPM) with IEEE 802.15 media-access control, promising full-home coverage using both wireless and power line media. The use of PPM separates the Santa Clara, California, company not just from Pulse-Link, which also uses UWB-over-power line technology, but also from the two main UWB approaches.

Published

2005

198. Paranoia: The Best Defense Against E-Mail Attacks.

Author

Spanbauer, Scott, Freed, Rebecca, McEvoy, Aoife, and O'Reilly, Dennis

Subjects

*INTERNET, *COMPUTER security, *EMAIL systems, *INTERNET users, *COMPUTER network protocols

Abstract

This article presents tips on using the Internet and avoiding e-mail attacks. According to the author, it is advisable to assume any message as malicious. Next, use a new found paranoia to examine messages critically. Even messages that appear to come from firms where a user has an account, may not be real. Before clicking a link or taking any action requested in a message, determine for certain that the message is genuine. Return addresses, embedded links, and images can deceive. Look for dire warnings and other classic con techniques, undoubtedly accompanied by a link to a bogus Web site where the user will be asked to enter personal information. As a clue, the phishing message may be delivered to an e-mail address that the user don't use with that company or institution. The author emphasized that if a user get a message at an address he or she never registered with, the e-mail is fake. Intuition and a suspicious nature are a good start, but to separate real messages from bogus ones, the user also need to decipher their Web addresses. Another clue is the string of numbers following the URL prefix http://. It should be remembered that every Web site resides at a specific Internet Protocol address. INSET: Nvu Brings Free Web Authoring to the Firefox Browser.

Published

2005

199. Web application security lockdown.

Author

Dyck, Timothy

Subjects

*FIREWALLS (Computer security), *COMPUTER network protocols, *COMPUTER security, *COMPUTER networks

Abstract

Although firewalls do a good job of protecting internal network resources from hostile network traffic in general, applications exposed over Hyper Text Transfer Protocol (HTTP) are wide open to all kinds of hostile attacks. To this end, a new set of HTTP-specific firewalls is emerging to address the security mismatch between traditional port-level firewalls and the security demands of Web applications and Web services. Web application firewalls and trusted operating system add-ons, are emerging as important new defensive techniques, but they only mitigate the need for secure programming practices.

Published

2003

200. Web services edged forward.

Author

Dyck, Timothy

Subjects

*INTERNET servers, *COMPUTER security, *COMPUTER network protocols

Abstract

Reports the emergence of Security Assertion Markup Language (SAML) and Web Services-(WS) Security to display Web security in protocols. Comparison between SAML and WS-Security; Practice for securing Web services; Problems in using a Web servers document access security mechanisms. INSET: IBM and Systinet write next-gen tools.

Published

2002