1,721,216 research outputs found
Open and trusted information systems/health informatics access control (OTHIS/HIAC)
No full textInformation and Communications Technologies globally are moving towards Service Oriented Architectures and Web Services. The healthcare environment is rapidly moving to the use of Service Oriented Architecture/Web Services systems interconnected via this global open Internet. Such moves present major challenges where these structures are not based on highly trusted operating systems. This paper argues the need of a radical re-think of access control in the contemporary healthcare environment in light of modern information system structures, legislative and regulatory requirements, and security operation demands in Health Information Systems. This paper proposes the Open and Trusted Health Information Systems (OTHIS), a viable solution including override capability to the provision of appropriate levels of secure access control for the protection of sensitive health data
Algebraic Analysis of LEX
No full textLEX is a stream cipher that progressed to Phase 3 of\ud
the eSTREAM stream cipher project. In this paper,\ud
we show that the security of LEX against algebraic\ud
attacks relies on a small equation system not being\ud
solvable faster than exhaustive search. We use the\ud
byte leakage in LEX to construct a system of 21 equa-\ud
tions in 17 variables. This is very close to the require-\ud
ment for an efficient attack, i.e. a system containing\ud
16 variables. The system requires only 36 bytes of\ud
keystream, which is very low
Information sharing in the 21st century : progress and challenges
No full textWith the increasing threat of cyber and other attacks on critical infrastructure, governments throughout the world have been organizing industry to share information on possible threats. In Australia the Office of the Attorney General has formed Trusted Information Sharing Networks (TISN) for the various critical industries such as banking and electricity. Currently the majority of information for a TISN is shared at physical meetings. To meet cyber threats there are clearly limitations to physical meetings. Many of these limitations can be overcome by the creation of a virtual information sharing network (VISN). However there are many challenges to overcome in the design of a VISN both from a policy and technical viewpoint. We shall discuss some of these challenges in this talk
Multi-factor password-authenticated key exchange
Full text linkWe consider a new form of authenticated key exchange which we call multi-factor password-authenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other's identity without directly disclosing private information to the other party.\ud
\ud
Multi-factor authentication can provide an enhanced level of assurance in higher-security scenarios such as online banking, virtual private network access, and physical access because a multi-factor protocol is designed to remain secure even if all but one of the factors has been compromised.\ud
\ud
We introduce a security model for multi-factor password-authenticated key exchange protocols, propose an efficient and secure protocol called MFPAK, and provide a security argument to show that our protocol is secure in this model. Our security model is an extension of the Bellare-Pointcheval-Rogaway security model for password-authenticated key exchange and accommodates an arbitrary number of symmetric and asymmetric authentication factors
An analysis of the RC4 family of stream ciphers against\ud algebraic attacks
No full textTo date, most applications of algebraic analysis and\ud
attacks on stream ciphers are on those based on lin-\ud
ear feedback shift registers (LFSRs). In this paper, we\ud
extend algebraic analysis to non-LFSR based stream\ud
ciphers. Specifically, we perform an algebraic analysis\ud
on the RC4 family of stream ciphers, an example of\ud
stream ciphers based on dynamic tables, and inves-\ud
tigate its implications to potential algebraic attacks\ud
on the cipher. This is, to our knowledge, the first pa-\ud
per that evaluates the security of RC4 against alge-\ud
braic attacks through providing a full set of equations\ud
that describe the complex word manipulations in the\ud
system. For an arbitrary word size, we derive alge-\ud
braic representations for the three main operations\ud
used in RC4, namely state extraction, word addition\ud
and state permutation. Equations relating the inter-\ud
nal states and keystream of RC4 are then obtained\ud
from each component of the cipher based on these al-\ud
gebraic representations, and analysed in terms of their\ud
contributions to the security of RC4 against algebraic\ud
attacks. Interestingly, it is shown that each of the\ud
three main operations contained in the components\ud
has its own unique algebraic properties, and when\ud
their respective equations are combined, the resulting\ud
system becomes infeasible to solve. This results in a\ud
high level of security being achieved by RC4 against\ud
algebraic attacks. On the other hand, the removal of\ud
an operation from the cipher could compromise this\ud
security. Experiments on reduced versions of RC4\ud
have been performed, which confirms the validity of\ud
our algebraic analysis and the conclusion that the full\ud
RC4 stream cipher seems to be immune to algebraic\ud
attacks at present
Certificateless key agreement in the standard model
No full textWe show how to construct a certificateless key agreement\ud
protocol from the certificateless key encapsulation mechanism introduced by\ud
\cite{lippold-ICISC_2009} in ICISC 2009 using the \ud
\cite{DBLP:conf/acisp/BoydCNP08} protocol from ACISP 2008. We introduce the\ud
Canetti-Krawczyk (CK) model for certificateless cryptography, give security\ud
notions for Type I and Type II adversaries in the CK model, and highlight the\ud
differences to the existing eCK model discussed by \ud
\cite{DBLP:conf/pairing/LippoldBN09}. The resulting CK model is more relaxed\ud
thus giving more power to the adversary than the original CK model
Analysis of indirect message injection for MAC generation using stream ciphers
No full textThis paper presents a model for generating a MAC tag with a stream cipher using the input message indirectly. Several recent proposals represent instances of this model with slightly different options. We investigate the security of this model for different options, and identify cases which permit forgery attacks. Based on this, we present a new forgery attack on version 1.4 of 128-EIA3. Design recommendations to enhance the security of proposals following this general model are given
- …
