| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
IPSec
|
|
SSH
|
|
SSL
|
|
Steganography
|
|
VPN
|
|
Applied Encryption: Ensuring Integrity of Tactical Data Currently, there is a security risk involved with the transference of data through the CST software. While the SECRET Internet Protocol Router Network (SIPRNet) provides a circuit encryption to all data traveling along its path, there is no encryption applied directly through CST. If the data leaving CST were to be intercepted by unauthorized personnel on the local network, this would expose the confidentiality of the data and could potentially destroy its integrity. This paper will provide the reader with a low-level understanding of the Global Command and Control System-Maritime (GCCS-M), CST, Track Database Manager (Tdbm) and SIPRNet. It will detail how data transmission is accomplished from server to server via CST highlighting the need for additional encryption of the CST data stream.
By Jennifer Skalski-Pay, 04/04/2004
|
|
Quantum Encryption - A Means to Perfect Security? There is controversy about how secure quantum messages are. It is possible to prove that the probability of message interception by an adversary is arbitrarily small, under ideal conditions. People and machines, however, can never be perfect, so there are many approaches to defeating quantum encryption. Some computer security experts have wondered why making the strongest link in a system even stronger will improve security overall. Since public key cryptography is so hard to decipher now, why spend so much time and money on an even more secure quantum encryption scheme? If deciphering is nearly impossible, why not use other techniques, such as social engineering, to eavesdrop? This paper will attempt to answer those questions.
By Bruce R. Auburn, 04/04/2004
|
|
Randomness and Entropy - An Introduction This paper will attempt to bring together information pertaining to concepts and definitions of randomness and entropy. Through definition and example both the implications and applications within the Information Security industry will be shown, bringing a complex topic to light in a concise and understandable form. This paper focuses on one of the vital components used in various security related technologies. This component is by nature complex and easily misunderstood. One may say that randomness plays a "key" part in most cryptosystems today, however, generally speaking it is very difficult to appreciate how many systems and technologies rely on the randomness of data.
By Chris Thorn, 04/04/2004
|
|
Prime Numbers in Public Key Cryptography The use of public-key cryptography is pervasive in the information protection and privacy arenas. Public key crypto algorithms utilize prime numbers extensively; indeed, prime numbers are an essential part of the major public key systems. This paper provides an introduction to prime numbers and how they are chosen, identified and used in public key systems. The content of this paper is specifically targeted at an audience that has only basic mathematical knowledge. A reader who has taken a high school or college algebra class should be able to follow the math herein. The objective of this paper is to inform the mainstream information security professional - who does not necessarily possess an extensive knowledge of mathematics - about the nature of prime numbers and how they are used in contemporary public key systems, thereby increasing his/her overall understanding of contemporary asymmetric encryption algorithms.
By Jerry Crow, 04/04/2004
|
|
A Review of Chaffing and Winnowing This paper presents an overview of Chaffing and Winnowing as described by Ronald Rivest. This leads onto a review of a secure Chaffing and Winnowing scheme called Chaffinch. Chaffing and Winnowing introduces a novel new concept that does not use encryption keys, and as such would not be subject to import and export restrictions. Chaffing and Winnowing achieves privacy and confidentiality by using authentication keys, however, these are not to be confused with encryption keys. Authentication keys/digital signatures are not controlled by governments and most have chosen that the disclosure of these signatures is not allowed. They have taken this stance over authentication keys because of the danger of unscrupulous people being able to use someone else's personal authenticator to take over that person's identity!
By David Spence, 04/04/2004
|
|
Cryptanalysis of RSA: A Survey In this paper we give a survey of the main methods used in attacks against the RSA cryptosystem. We describe the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of the algorithm. While many attacks exist, the system has proven to be very secure, and most problems arise as a result of misuse of the system, bad choice of parameters or flaws in implementations. To conclude, we list a couple of countermeasures that can be used to prevent many of the attacks described.
By Carlos Frederico Cid, 04/04/2004
|
|
Using GPL Software For Email and File Encryption Because privacy is important, the security of information is sometimes legally required, and internet communication often does not provide this necessary security inherently. Email encryption and file encryption can provide a higher level of security for internet communication, but too often providers of proprietary encryption technology and related services like the PGP Corporation's PGP encryption software are too expensive to fit the budgets of people or organizations involved.
By Unknown, 04/04/2004
|
|
SECURITY ALERT : Fraudulent Digital Certificates In March 2001, VeriSign Inc. discovered through its routine fraud-screening audit that it had inadvertently issued two VeriSign Class 3 code-signing digital certificates on 29th and 30th January 2001 to an impostor who fraudulently claimed to be an employee of Microsoft Corporation. Microsoft Corporation immediately issued a Security Bulletin MS01-017 describing the security threat created by these software certificates falsely identified as Microsoft certificates. The bulletin stated that the vulnerability could affect all customers using Microsoft products. Microsoft also made it clear that this was not a security problem with any Microsoft product nor did it indicate that any of Microsofts official certificates had been compromised. Digital certificates are critical for businesses and customers who download patches, updates and various other forms of software from the Internet, because they allow software developers to digitally sign their software for secure delivery.
By Ferdinand Gomes, 04/03/2004
|
|
Steganography: Why it Matters in a "Post 911" World Cryptography attempts to conceal messages by various translation methods that create new, unrecognizable messages. Even though this new, encoded message may be unintelligible to an observer it still remains in plain view. By contrast, the main purpose of steganography or "stego" as it is often called is to hide even the occurrence of messages. While the underlying concepts of steganography have been around for thousands of years, it wasn't until the mid 90s that the concepts evolved into software capable of being run on standard PCs. Trying to keep up with developments in steganography is steganalysis, the science of discovering hidden messages. Today, messages can be hidden in a variety of audio and video files using increasingly sophisticated tools that incorporate both steganography and cryptography. The aptly named "OutGuess", a modern stego tool available from the Internet already makes the claim to be able to defeat steganalytical tools that use statistical analysis.
By Unknown, 04/03/2004
|
|
A Detailed look at Steganographic Techniques and their use in an Open-Systems Environment This paper's focus is on a relatively new field of study in Information Technology known as Steganography. This paper will take an in-depth look at this technology by introducing the reader to various concepts of Steganography, a brief history of Steganography and a look at some of the Steganographic techniques available today. The paper will close by looking at how we can use Steganography in an open-systems environment such as the Internet, as well as some of the tools and resources available to help us accomplish this.
By Bret Dunbar, 04/03/2004
|
|
Page: 1234 5 678 |
