1,721,158 research outputs found
Consulenza scientifica sul PIN delle carte di pagamento elettroniche a marchio BANCOMAT e PagoBANCOMAT
Full text linkRelazione finale della consulenza scientifica sulla sicurezza del PIN delle carte di pagamento elettroniche a marchio BANCOMAT e PagoBANCOMA
On the equivalence of fanout-point faults
No full textTest-equivalent faults are commonly used in test generation and fault simulation to reduce the number of explicitly addressed faults. At the gate level, practical equivalence rules are confined to faults on the input and output terminals of Boolean gates and those related to fanout-free wires.This paper shows that under some conditions equivalence may also be stated between faults on a fanout stem and its branches. A modification of the standard fault folding algorithm is proposed, which leads to reduce the number of target faults and occasionally identify logic redundancies.Application to real designs shows the added computational complexity is negligible, while for some classes of CMOS circuits hard-to-simulate faults are eliminated and hence their fault simulation time is drastically reduced
Harmonised security across devices (interview with Prof. Antonio Lioy)
Full text linkIn the face of disparate security options across mobile devices, an EU-funded project is proposing to move security applications from device to network nodes
Communications and Multimedia Security - Advanced Techniques for Network and Data Protection
No full textTowards Quantum Resistant Trusted Computing: Architectures for Post-Quantum Integrity Verification Techniques
Full text linkTrust is the core building block of secure systems, and it is enforced through methods to ensure that a specific
system is properly configured and works as expected. In this context, a Root of Trust (RoT) establishes a trusted environment, where both data and code are authenticated via a digital signature based on asymmetric cryptography, which is vulnerable to the threat posed by Quantum Computers (QCs). Firmware, being the first layer of trusted software, faces unique risks due to its longevity and difficult update. The transition of firmware
protection to Post-Quantum Cryptography (PQC) is urgent, since it reduces the risk derived from exposing all computing and network devices to quantum-based attacks. This paper offers an analysis of the most common trust techniques and their roadmap towards a Post-Quantum (PQ) world, by investigating the current
status of PQC and the challenges posed by such algorithms in existing Trusted Computing (TC) solutions from an integration perspective. Furthermore, this paper proposes an architecture for TC techniques enhanced with PQC, addressing the imperative for immediate adoption of quantum-resistant algorithms
Securing IoT Devices: an Overview
Full text linkIoT devices are becoming increasingly popular. However, they are vulnerable to several security attacks because of their resource-constrained nature, making it challenging to protect them with traditional security countermeasures. To cope with the resource limitations of these devices, researchers have proposed ad-hoc versions of classical security controls, such as cryptography and hardware root-of-trust. Lightweight cryptography focuses on developing efficient cryptographic algorithms regarding required memory and processing power. CBOR X.509 certificates are a lightweight and secure way to represent X.509 certificates. They are significantly smaller than traditional DER-encoded certificates and can be encoded and decoded more efficiently. This makes them well-suited for use in IoT devices, where resources are often limited. Remote Attestation (RA) is a security mechanism that permits a trusted party to verify that a platform behaves as expected. RA techniques are generally not suitable for constrained devices, as they require additional hardware components or extensions. Recently, several proposals have been proposed to provide similar security capabilities to devices with very low computational resources. This can be used to detect and prevent malicious devices from accessing IoT networks. This paper analyses some of these new proposals, technologies, and possible integrations to create secure and efficient IoT systems
Analysis of application-layer filtering policies with application to HTTP
Full text linkApplication firewalls are increasingly used to inspect upper-layer protocols (as HTTP) that are the target or vehicle of several attacks and are not properly addressed by network firewalls. Like other security controls, application firewalls need to be carefully configured, as errors have a significant impact on service security and availability. However, currently no technique is available to analyze their configuration for correctness and consistency. This paper extends a previous model for analysis of packet filters to the policy anomaly analysis in application firewalls. Both rule-pair and multirule anomalies are detected, hence reducing the likelihood of conflicting and suboptimal configurations. The expressiveness of this model has been successfully tested against the features of Squid, a popular Web caching proxy offering various access control capabilities. The tool implementing this model has been tested on various scenarios and exhibits good performanc
- …
