CONTENTS - Emerald

More documents

Recommendations

Info

4 Formal Methods and Protocols 041401 `Valuation of Trust in Open Networks' T Beth, M Borcherding, B Klein, ESORICS 94 pp 3{18 The authors develop the formal techniques of 032433 for analysing trust relationships in chains of authentication servers, where various entities may be relied on to generate keys, keep time, keep secrets, identify users and so on. The inference rules for relying on recommendations are based on Bayesian probability. 041402 `Towards Acceptable Key Escrow Systems' T Beth, HJ Knobloch, M Otten, GJ Simmons, P Wichmann, Fairfax 94 pp 51{58 The authors present an alternative key escrow system. This is a Di e Hellman variant in which the network provides a nonce for use in the generation of each session key. Once an intercept warrant is granted, the investigator takes over this process and with the help of secrets provided by the escrow agent is able to force the two parties to generate weak keys. One e ect is that backdated warrants cannot be enforced. 041403 `Secure Wireless LANs' V Bhargavan, Fairfax 94 pp 10{17 The author discusses a number of cryptographic protocols for supporting wireless LAN tra c. The added security requirement in this application is location privacy | an opponent should not be able to nd a given machine | and the management of hando as a mobile moves from one cell to another. He provides a veri cation of this protocol in the BAN logic. 041404 À Smartcard Fault-tolerant Authentication Server' L Blain, Y Deswarte, Cardis 94 pp 149{165 The authors report a project to develop a distributed authentication server implemented in smartcards held at di erent sites by di erent administrators. The protocols are based on broadcast; authentication requests are broadcast, and the results are combined in various ways. They will resist failures at a certain number of the sites, and have been implemented as part of an ESPRIT project. 041405 `Protocol Failure in the Escrowed Encryption Standard' M Blaze, Fairfax 94 pp 59{67 The author reports a number of attacks on the protocols of the Clipper chip. There are many options available when constructing rogue applications which operate only with each other: one can obscure the LEAF, send it out of band, or even generate it at both ends. However, there is also a way for a rogue application to operate with a genuine one | forward search. This involves trying out random LEAFs on a chip o ine until one is found whose 16-bit checksum passes muster for the session key and IV in use. This was tested on an EES PCMCIA card, and usable but bogus LEAFs were found in about 42 minutes on average. Finally, possible xes are discussed. 041406 `Speci cation and Validation of a Security Policy Model' A Boswell, IEEE Transactions on Software Engineering v 21 no 2 (Feb 95) pp 63{68 The author describes the development of a security policy model in Z for NATO's Air Command and Control System (ACCS). This has mandatory and discretionary aspects, drawn from both the Bell-LaPadula and Clark-Wilson models, and comprised over 65 schemes. It was validated manually, and was felt to be as large a system as could be dealt with in this way. 26
041407 `Design and Analysis of Key Exchange Protocols via Secure Channel Identi cation' CBoyd, WB Mao, Asiacrypt 94 pp 149{159 The authors suggest a new approachtoverifying cryptographic protocols; each public key encryption operation creates a channel with either con dentiality orintegrity. By writing these as arrows and diagram chasing, it can be seen for example that the TMN protocol is awed. 041408 `Designing Secure Key Exchange Protocols' CBoyd, WB Mao, ESORICS 94 pp 93{105 The authors present a new protocol formalism which is designed to assist the designer in determining the functional requirements and then translating these into a veri ed design. 041409 `Formal Methods reality Check: Industrial Usage' D Craigen, S Gerhart, T Ralston, IEEE Transactions on Software Engineering v 21 no 2(Feb 95) pp 90{98 The authors survey twelve cases of the industrial use of formal methods. These include a rewall and a smartcard system, as well as a number of transport projects and software products. 041410 `Probabilistic Authentication Analysis' J Domingo-Ferrer, Cardis 94 pp 49{59 The author describes a version of the BAN logic in which initial beliefs have probabilities not equal to 0 or 1. Rules for combining probabilities are given, and it is claimed that this approach can help measure the e ciency of cryptographic protocols. 041411 À Ket Distribution Method for Object-Based Protection' WFord, MJ Wiener, Fairfax 94 pp 193{197 The authors discuss various ways in which cryptographic keys can be bound into access control blocks for use in distributed systems, especially of the object oriented variety. 041412 `New Protocols for Third-Party-Based Authentication and Secure Broadcast' L Gong, Fairfax 94 pp 176{183 The author presents a number of authentication protocols which use hash functions and Shamir's secret sharing scheme instead of conventional block encryption. The basic idea is that a server who shares di erent secrets with Alice and Bob can construct some numbers using nonces supplied by them which enable each of them to extract a secret key using polynomial interpolation. 041413 ÌRC and Security |Can the Two Co-exist?' S Gordon, Network Security (Oct 94) pp 10{17 This article explains the Internet Relay Chat protocol and describes some of the ways it can be exploited or attacked, including netsplits, robot sessions, collisions, oods and the commoner Trojans. 041414 `Nothing is the Key to the Future' W Hancock, Network Security (Oct 94) pp 8{9 A large number of communications protocols are now having to be reengineered to provide more namespace, since no-one thought that networks would grow as fast as they did. This creates a lot of opportunities for chaos and disruption. 041415 `Beacon Based Authentication' A Jiwa, J Seberry, YL Zheng, ESORICS 94 pp 125{141 The authors develop an idea of Rabin's for a beacon, a service which continually broadcasts certi ed nonces, and shows that it can be used to simplify authentication 27
Page 1 and 2: . Volume 4 Number 1 (March 1995) IS
Page 3 and 4: 1 Applications and Engineering 0411
Page 5 and 6: combining debit and credit card fun
Page 7 and 8: 041135 À computer package for meas
Page 9 and 10: 041151 `Doing it the Pick 'nPayway'
Page 11 and 12: 041168 `The Colossus of Bletchley P
Page 13 and 14: 2 Operating System and Database Sec
Page 15 and 16: 041215 `Towards testability in smar
Page 17 and 18: language which would cope with a va
Page 19 and 20: 3 Security Management and Policy 04
Page 21 and 22: 041316 `Fraud prevention and comput
Page 23 and 24: 041333 ÙS government board to crea
Page 25: legally binding. This is untrue; th
Page 29 and 30: lock chaining in such a way that pr
Page 31 and 32: 5 Secret Key Algorithms 041501 `Cry
Page 33 and 34: 041516 Ìntrinsic Weakness of Keyst
Page 35 and 36: 041531 `The Cryptographic Mathemati
Page 37 and 38: 041547 `Linear Cryptanalysis of LOK
Page 39 and 40: 041607 Àn E cient Electronic Payme
Page 41 and 42: 041624 `Comment | digital signature
Page 43 and 44: 7 Computational Number Theory 04170
Page 45 and 46: 8 Theoretical Cryptology 041801 `Ho
Page 47 and 48: 041817 `How to Simultaneously Excha
Page 49 and 50: most productive things for an attac
Page 51: How to Subscribe Subscription order

CONTENTS - Emerald

Create successful ePaper yourself

Delete template?

Save as template?