| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
IPSec
|
|
SSH
|
|
SSL
|
|
Steganography
|
|
VPN
|
|
The Advanced Encryption System (AES) Development Effort: Overview and Update Selecting a single research topic relevant to the information security arena is not as easy as it may seem at first blush. Even though there are many topics and an immense amount of research material to wade through on each, I experienced the same feeling inside when I selected a topic as I do every time I enter my kids' room, which usually looks like a tornado had just passed through, and not knowing where to begin. After some thought, I decided to research and report on a topic that is fundamental to all of information security, cryptosystems, specifically, the Advanced Encryption System (AES) Development Effort headed up by the United States government. Wherever you find a process that protects data, especially data that may travel through public networks, you are bound to find a cryptosystem.
By William M. Tatun, 04/05/2004
|
|
The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem With quadrillions of possible encryptions for each message, the German Enigma machine was, at its time, quite possibly the most advanced cryptosystem in the world. "If 1000 operators with captured machines tested four keys a minute 24 hours a day, it would take them 900 million years to try them all! The Germans were convinced that their codes were quite unbreakable." This paper highlights the need for security professionals and management to not overlook the weakest link in security systems - that being the human factor. It is easy to become overly confident solely in the use of advanced algorithms and technology. History shows reliance on an advanced technology is doomed if the people operating the system are not fully trained and managed.
By Unknown, 04/04/2004
|
|
E-Mail Security with S/MIME Since I attended my first SANS Institute class the week after the 10th anniversary of the first release of PGP, and since I found no course material relating to S/MIME, this topic seemed to make sense. The intent of this paper is to present an overview of the history, design, usage and the current state of market and community acceptance of S/MIME while contrasting it, where appropriate, to PGP. A basic understanding of public-key concepts is assumed, as is some familiarity with the Internet RFC (Request for Comment) process and the X.500 standards..
By George Kuzmowycz, 04/04/2004
|
|
AES: The Making of a New Encryption Standard Most people agree that reading through a stack of governmental standards - full of proclamations, legal jargon, acronyms, and technical specifications - is quite laborious. Few information security professionals, however, survive without them. Standards form the backbone of communication systems, describing (if not requiring) the detailed requirements for interoperability. One needs only to consider the Internet to perceive the importance. The Internet Protocol (IP), considered the fundamental network standard, allows millions of computers to communicate. Many other Internet protocols (e.g., TCP, X.509, and IPSec) serve critical roles in specifying how IP packets are controlled, authenticated, and encrypted.
By Mitchell C. Richards, 04/04/2004
|
|
Cryptographic Services - A Brief Overview This paper examines the use of cryptography in implementing the services of authentication, integrity, non-repudiation, and confidentiality. The various methods of cryptography are reviewed. Finally some of the pros and cons for the use of cryptography are discussed.
By Larry D Bennett, 04/04/2004
|
|
A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols This paper will present an overview of the Diffie-Hellman Key Exchange algorithm and review several common cryptographic techniques in use on the Internet today that incorporate Diffie-Hellman. The privacy requirements normally encountered in the traditional paper document world are increasingly expected in Internet transactions today. Secure digital communications are necessary for web-based e-commerce, mandated privacy for medical information, etc. In general, secure connections between parties communicating over the Internet is now a requirement.
By David A. Carts, 04/04/2004
|
|
Basic Cryptanalysis Techniques The only application referenced in this document is the CRyptoANalysis ToolKit (CRANK). A basic understanding of cryptanalysis is essential to appreciating the complexities of a good cryptographic algorithm. For example a manager of a software company or someone who is involved with code auditing would find it is essential that good well tested algorithms are used instead of a weak in house cipher. This paper will give you the basic tools necessary to begin a rudimentary examination of a cipher.
By Craig Smith, 04/04/2004
|
|
An Overview of Hardware Security Modules This paper intends to introduce the concept of a cryptographic hardware device. It will describe its functions, uses and implementations. It will explain some of the desirable features offered by hardware vendors, as well as examine some of the pitfalls, weaknesses, and disadvantages associated with these types of devices. It will summarize the FIPS 140 standard and explain how it pertains to these devices.
By Jim Attridge, 04/04/2004
|
|
Roll Your Own Crypto Services (Using Open Source and Free Cryptography) We first give an overview of the software available, and what platforms it runs on. Second, we address how to provide the resources assumed by the securing application, such as a source of unpredictable bits to use as keys, and to use to generate public key parameters such as an RSA modulus. We find that the open source cryptographic software community has produced applications that fill most every need, and, indeed, that there are GIAC student papers detailing how to solve a wide variety of problems creatively with this software. However, we also find that choosing and implementing cryptographic packages requires attention to the details, such as the protocol version to implement, the random number source, and recent cryptographic breakthroughs.
By Edward C. Donahue, 04/04/2004
|
|
The Ease of Steganography and Camouflage The ease of use in steganography has proliferated so that any person with a computer and an Internet connection can perform steganography on virtually any file. The programs that are available range from Unix and Windows based to command line or graphical user interface (GUI). Camouflage Software is easy to use, install, and a very versatile steganography tool that is free of charge and available for download to anyone with an Internet connection. In this paper we will look at the ease of use of one particular program, and the ability to detect steganographic material created by the program. "Camouflage allows you to hide files by scrambling them and then attaching them to the file of your choice." Though this ease of use makes steganography highly available and threatening, it also presents obvious indications that a file has been used for steganographic purposes.
By John Bartlett, 04/04/2004
|
|
Page: 12 3 45678 |
