发布求助
文献互助 智能选刊 最新文献

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)最新文献

筛选
英文 中文
ID-based cryptographic schemes using a non-interactive public-key distribution system 使用非交互式公钥分发系统的基于id的加密方案
Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI: 10.1109/CSAC.1998.738643
Yuh-Min Tseng, J. Jan
{"title":"ID-based cryptographic schemes using a non-interactive public-key distribution system","authors":"Yuh-Min Tseng, J. Jan","doi":"10.1109/CSAC.1998.738643","DOIUrl":"https://doi.org/10.1109/CSAC.1998.738643","url":null,"abstract":"Shamir (1984) proposed the idea of a cryptographic system based on identification information and presented an identity-based signature scheme. He also presented as an open problem to find an ID-based public-key cryptosystem or public-key distribution system. In the past, many ID-based public-key distribution systems have been proposed. However, none of these is an ID-based system in Shamir's sense because each user's public key is not only the identity of the entity but also some additional random numbers. Maurer and Yacobi (1991) developed a non-interactive ID-based public-key distribution system. In their scheme, except for the identity of the entity, there were no public keys, certificates for public keys or other information required to be exchanged. However, they did not construct an ID-based signature scheme, user identification scheme or conference key distribution system. In this paper, we provide a slight improvement of the Maurer and Yacobi's scheme in that the trusted authority only adds one public value over the original scheme. Based on this, we provide not only a non-interactive public-key distribution system, but also a directed signature scheme, a user identification scheme and a conference key distribution system. Thus, a non-interactive public-key system will be more practical and complete for various kinds of applications. The security for the proposed schemes is based on the one-way hash function assumption and the difficulty of computing the discrete logarithm for a composite modulus.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134574548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
An environment for the specification and analysis of cryptoprotocols 用于规范和分析密码协议的环境
Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI: 10.1109/CSAC.1998.738652
M. Debbabi, Y. Legaré, M. Mejri
{"title":"An environment for the specification and analysis of cryptoprotocols","authors":"M. Debbabi, Y. Legaré, M. Mejri","doi":"10.1109/CSAC.1998.738652","DOIUrl":"https://doi.org/10.1109/CSAC.1998.738652","url":null,"abstract":"We present the environment CPV (Cryptographic Protocol Verifier), a tool-set for the specification and analysis of cryptographic protocols. The CPV environment is based on the LSFM method that has been advanced as a formal, automatic and implicit verification method for security protocols. We recall briefly the essence of this method and present the architecture of the CPV environment. We discuss its main software components and detail the key issues in its implementation. Finally, we illustrate the LSFM method and the CPV environment on two case studies.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134087950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Protecting Web servers from security holes in server-side includes 保护Web服务器免受服务器端安全漏洞的影响包括
Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI: 10.1109/CSAC.1998.738590
Jared Karro, Jie Wang
{"title":"Protecting Web servers from security holes in server-side includes","authors":"Jared Karro, Jie Wang","doi":"10.1109/CSAC.1998.738590","DOIUrl":"https://doi.org/10.1109/CSAC.1998.738590","url":null,"abstract":"This paper first investigates and analyzes security holes concerning the use of server-side includes (SSI) in some of the most used Web server software packages. We show that, by exploiting features of SSI, one could seriously compromise Web server security. For example, we demonstrate how users can gain access to information they are not supposed to see, and how attackers can crash a Web server computer by having an HTML file execute a simple program. Such attacks can be made with no trace left behind. We have successfully carried out all the attacks described in this paper on dummy servers we set up for this investigation. We then suggest several practical security measures to prevent a Web server from such attacks.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130112152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Controlling applets' behavior in a browser 在浏览器中控制小程序的行为
Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI: 10.1109/CSAC.1998.738594
V. Hassler, O. Then
{"title":"Controlling applets' behavior in a browser","authors":"V. Hassler, O. Then","doi":"10.1109/CSAC.1998.738594","DOIUrl":"https://doi.org/10.1109/CSAC.1998.738594","url":null,"abstract":"We discuss methods of protecting Java enabled Web browsers against malicious applets. Malicious applets involve denial of service, invasion of privacy and annoyance. Since system modification by applets is generally impossible because of the Java security concept, denial of service is of major concern. Invasion of privacy may be caused by applets staying resident in the browser and collecting information about a user. Annoyance may, for example, be caused by advertisement applets that constantly appear on a Web site frequently visited by the user. A general solution to confront such attacks is to have some mechanism within the browser to monitor applets' activities. This mechanism should enable manual or automatic stopping of malicious applets. To illustrate it we present a special applet, called AppletGuard, that allows the user to observe and control the applets in the browser and, based on an applet's properties, stop or suspend the applet, or just warn the user that something dangerous might be going on.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127314537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Complexity measure of encryption keys used for securing computer networks 用于保护计算机网络的加密密钥的复杂性度量
Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI: 10.1109/CSAC.1998.738645
M. A. Bahie-Eldin, A. A. Omar
{"title":"Complexity measure of encryption keys used for securing computer networks","authors":"M. A. Bahie-Eldin, A. A. Omar","doi":"10.1109/CSAC.1998.738645","DOIUrl":"https://doi.org/10.1109/CSAC.1998.738645","url":null,"abstract":"The best way to secure and to obtain safe electronic payment systems through computer networks is with encryption. The strength of the encryption technique is mainly depending upon the encryption key. One of the basic criteria to evaluate the strength of the key is the complexity measure. In this paper, the Ziv-Lempel (1976) complexity for binary random sequences, as well as for finite sequences employed to generate the encryption keys, is examined. The complexity versus the sequence length is investigated, and a comparison with the lower bound is carried out. The obtained results show many interesting points. First, the random sequence satisfies the lower bound for all different lengths. Second, the Ziv-Lempel complexity for linear feedback shift register (LFSR) sequences depends on both the initial condition and on the characteristic polynomial of the LFSR. Third, the complexity depends on the length of the sequence.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129576980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信