Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297585
Shiuh-Jeng Wang, Hung-Jui Ke
The gambling activity is prohibited in Taiwan although it exists in the society for a long time. With the Internet emergence in the recent decade, not only is the e-commerce promoted, but also Internet gambling is posed accordingly. The negative influence of Internet gambling, however, is much more than the traditional gambling impacting on our society. Due to the properties of anonymity, no boundary, and fast propagation on Internet world, it is more difficult for the law enforcement members to seize the suspects who engage in the illegal gambling behavior. We introduce some serious problems resulted in Internet gambling. In response to the Internet gambling problems, we advise a procedure of investigation to curb the spread of Internet bet in Taiwan. According to our proposal, the information of collected evidence is believed that it can be powerfully presented in the judicial court. The suspects who attempt on the bet of Internet are supposed to be deterred in such activity.
{"title":"Countermeasures in curbing gambling activities on the Internet in Taiwan","authors":"Shiuh-Jeng Wang, Hung-Jui Ke","doi":"10.1109/CCST.2003.1297585","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297585","url":null,"abstract":"The gambling activity is prohibited in Taiwan although it exists in the society for a long time. With the Internet emergence in the recent decade, not only is the e-commerce promoted, but also Internet gambling is posed accordingly. The negative influence of Internet gambling, however, is much more than the traditional gambling impacting on our society. Due to the properties of anonymity, no boundary, and fast propagation on Internet world, it is more difficult for the law enforcement members to seize the suspects who engage in the illegal gambling behavior. We introduce some serious problems resulted in Internet gambling. In response to the Internet gambling problems, we advise a procedure of investigation to curb the spread of Internet bet in Taiwan. According to our proposal, the information of collected evidence is believed that it can be powerfully presented in the judicial court. The suspects who attempt on the bet of Internet are supposed to be deterred in such activity.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129996871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297622
Chi-Feng Lu, Yan-Shun Kao, Hsia-Ling Chiang, Chung-Huang Yang
The National Institute of Standards and Technology (NIST) of US announced Rijndael algorithm as the advanced encryption standard (AES) in October 2000, Despite AES surpassing in security the data encryption standard (DES), it is still rare to be implemented in smart cards, due to the reason of deficient AES coprocessors. Here a chip operation system (COS) called NexCard, which derived from Microsoft's Windows COS, is used as the AES implementation platform. After a suitable COS architecture design for AES and methodology of efficient memory usage, the simulation result shows that direct embedding AES encryption attains 0.56 ms at system clock 15 MHz on the INFINEON SLE66CX322P chip without existence of coprocessor. Corresponding to the development needs in smart card cryptographic algorithm implementations, and different level of the security design specifications, a concept to conjoin numbers of algorithms into single smart card called cipher system on demand (CSOD) method is accomplished in this study concurrently. This is a method utilizing the multiapplication capability of NexCard v2.0 to execute the same AES algorithm as an on-card applet. Although the performance of CSOD is not as good as AES embedded method, CSOD can provide the same result in the situation of adaptability and extendibility.
2000年10月,美国国家标准与技术研究院(NIST)宣布Rijndael算法为高级加密标准(AES),尽管AES在安全性上超过了数据加密标准(DES),但由于AES协处理器的不足,在智能卡中很少实施。AES的实现平台是由微软的Windows COS衍生而来的芯片操作系统NexCard (chip operating system)。仿真结果表明,在INFINEON SLE66CX322P芯片上,在不存在协处理器的情况下,直接嵌入AES加密在系统时钟15 MHz时达到0.56 ms。针对智能卡加密算法实现的发展需要,以及不同层次的安全设计规范,本文提出了一种将多个算法合并到一张智能卡中的概念,即按需密码系统(cipher system on demand, CSOD)方法。这是一种利用NexCard v2.0的多应用程序功能来执行与卡上小程序相同的AES算法的方法。虽然CSOD的性能不如AES嵌入式方法,但在适应性和可扩展性的情况下,CSOD可以提供相同的结果。
{"title":"Fast implementation of AES cryptographic algorithms in smart cards","authors":"Chi-Feng Lu, Yan-Shun Kao, Hsia-Ling Chiang, Chung-Huang Yang","doi":"10.1109/CCST.2003.1297622","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297622","url":null,"abstract":"The National Institute of Standards and Technology (NIST) of US announced Rijndael algorithm as the advanced encryption standard (AES) in October 2000, Despite AES surpassing in security the data encryption standard (DES), it is still rare to be implemented in smart cards, due to the reason of deficient AES coprocessors. Here a chip operation system (COS) called NexCard, which derived from Microsoft's Windows COS, is used as the AES implementation platform. After a suitable COS architecture design for AES and methodology of efficient memory usage, the simulation result shows that direct embedding AES encryption attains 0.56 ms at system clock 15 MHz on the INFINEON SLE66CX322P chip without existence of coprocessor. Corresponding to the development needs in smart card cryptographic algorithm implementations, and different level of the security design specifications, a concept to conjoin numbers of algorithms into single smart card called cipher system on demand (CSOD) method is accomplished in this study concurrently. This is a method utilizing the multiapplication capability of NexCard v2.0 to execute the same AES algorithm as an on-card applet. Although the performance of CSOD is not as good as AES embedded method, CSOD can provide the same result in the situation of adaptability and extendibility.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130042098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297531
R. Volner, L. Pousek
The term security network intelligence is widely used in the field of communication security network. A number of new and potentially concepts and products based on the concept of security network intelligence have been introduced, including smart flows, intelligent routing, and intelligent Web switching. Many intelligent systems focus on a specific security service, function, or device, and do not provide true end-to-end service network intelligence. True security network intelligence requires more than a set of disconnected elements, it requires an interconnecting and functionally coupled architecture that enables the various functional levels to interact and communicate with each other. We propose a uniform work for understanding end-to-end communication security network intelligence (CSNI), which is defined as the ability of a network to act appropriately in a changing environment. We consider an appropriate action to be one that increases the optimal and efficient use of network resources in delivering services, and we define success as the achievement of behaviour sub-goals that support the service provider's ultimate goals, which are defined external to the network system. The work presented incorporates the functional elements of intelligence into computational modules and interconnects the modules into networks and hierarchies that have spatial, logical, and temporal properties. Based on the work proposed, we describe an end-to-end multiservice network application spanning the network security management layer, optical layer, switching/routing layer, security services layer, and other layers.
{"title":"Intelligence security home network","authors":"R. Volner, L. Pousek","doi":"10.1109/CCST.2003.1297531","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297531","url":null,"abstract":"The term security network intelligence is widely used in the field of communication security network. A number of new and potentially concepts and products based on the concept of security network intelligence have been introduced, including smart flows, intelligent routing, and intelligent Web switching. Many intelligent systems focus on a specific security service, function, or device, and do not provide true end-to-end service network intelligence. True security network intelligence requires more than a set of disconnected elements, it requires an interconnecting and functionally coupled architecture that enables the various functional levels to interact and communicate with each other. We propose a uniform work for understanding end-to-end communication security network intelligence (CSNI), which is defined as the ability of a network to act appropriately in a changing environment. We consider an appropriate action to be one that increases the optimal and efficient use of network resources in delivering services, and we define success as the achievement of behaviour sub-goals that support the service provider's ultimate goals, which are defined external to the network system. The work presented incorporates the functional elements of intelligence into computational modules and interconnects the modules into networks and hierarchies that have spatial, logical, and temporal properties. Based on the work proposed, we describe an end-to-end multiservice network application spanning the network security management layer, optical layer, switching/routing layer, security services layer, and other layers.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130284561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297581
Y. Sung, Eun-Kyoung Yi, Byung-Gyu No, Jae Sung Kim
The international standards about computer security are widely being used for both government and commercial sector. Many countries seek for their computer security at the common criteria (CC), so organizations learn more how to make protection profiles (PPs) to protect them from outside threats. However in case people make protection profiles using both "Guide for the Production of PPs and STs" and the common criteria, they confront some problems when defining requirements for network-wide systems instead of a single system. Many requirements in the CC are described based on a single system's activities. We found that network-wide product's PPs are required of different approach, where some statements in the CC are modified or newly extended. We show that how the network-wide targets of evaluation (TOEs) are different from a single system TOE in terms of its protection scope. This paper is of prior interest to PP/ST writers who have tasks of composing network product, or typically IDS PP/ST.
{"title":"Defining requirements for network solution in protection profiles","authors":"Y. Sung, Eun-Kyoung Yi, Byung-Gyu No, Jae Sung Kim","doi":"10.1109/CCST.2003.1297581","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297581","url":null,"abstract":"The international standards about computer security are widely being used for both government and commercial sector. Many countries seek for their computer security at the common criteria (CC), so organizations learn more how to make protection profiles (PPs) to protect them from outside threats. However in case people make protection profiles using both \"Guide for the Production of PPs and STs\" and the common criteria, they confront some problems when defining requirements for network-wide systems instead of a single system. Many requirements in the CC are described based on a single system's activities. We found that network-wide product's PPs are required of different approach, where some statements in the CC are modified or newly extended. We show that how the network-wide targets of evaluation (TOEs) are different from a single system TOE in terms of its protection scope. This paper is of prior interest to PP/ST writers who have tasks of composing network product, or typically IDS PP/ST.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114934666","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297534
J.-R.J. Shieh
The distribution of multimedia information has many applications such as video-on-demand, video conferencing, and video broadcast. It is very challenging to maintain the high quality content delivery and in the mean time to preserve the digital rights management. In the past few years, many video encryption algorithms have been proposed, but the security of the algorithms have not been adequately analyzed. In this paper several methods were proposed to evaluate the security of encrypted MPEG video. Our Take, Skip, and Permute (ISP) solutions to achieve reliable MPEG encryption are presented.
{"title":"On the security of multimedia video information","authors":"J.-R.J. Shieh","doi":"10.1109/CCST.2003.1297534","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297534","url":null,"abstract":"The distribution of multimedia information has many applications such as video-on-demand, video conferencing, and video broadcast. It is very challenging to maintain the high quality content delivery and in the mean time to preserve the digital rights management. In the past few years, many video encryption algorithms have been proposed, but the security of the algorithms have not been adequately analyzed. In this paper several methods were proposed to evaluate the security of encrypted MPEG video. Our Take, Skip, and Permute (ISP) solutions to achieve reliable MPEG encryption are presented.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114935760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297606
Hung-Min Sun, Bin-Tsan Hsieh
Shum and Wei proposed an enhancement to the Lee et al.'s strong proxy signature such that the proxy signer's identity is hidden behind an alias. We show that Shum and Wei's enhancement is insecure against the original signer's forgery. In other words, their scheme does not possess the strong unforgeability security requirement.
{"title":"Cryptanalysis of a strong proxy signature scheme with proxy signer privacy protection","authors":"Hung-Min Sun, Bin-Tsan Hsieh","doi":"10.1109/CCST.2003.1297606","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297606","url":null,"abstract":"Shum and Wei proposed an enhancement to the Lee et al.'s strong proxy signature such that the proxy signer's identity is hidden behind an alias. We show that Shum and Wei's enhancement is insecure against the original signer's forgery. In other words, their scheme does not possess the strong unforgeability security requirement.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"634 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115112570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297592
D. Lou, Chia-Hung Sung
Watermarking techniques are mainly used for protecting intellectual property right. The transparency and robustness of watermarks are critical. However, they are often conflicting. We propose a new image watermarking scheme, which incorporates two kinds of transformation technologies to provide the better compromises between the visual quality and the robustness for resisting various signal processing or degradation. This algorithm utilizes the wavelet multiresolutional structure to select the location for the watermark. The quantization errors in the discrete cosine transform domain achieve the smallest visual degradation. Embedding the watermark within the image by introducing reduced distortion into transformed coefficients provides the robustness for the watermark detection without degrading the image quality. Besides, the proposed method does not require the original image to detect the watermark. Some experimental results demonstrate that the proposed scheme is more robust than previous schemes in terms of certain perceptual quality.
{"title":"Robust image watermarking based on hybrid transformation","authors":"D. Lou, Chia-Hung Sung","doi":"10.1109/CCST.2003.1297592","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297592","url":null,"abstract":"Watermarking techniques are mainly used for protecting intellectual property right. The transparency and robustness of watermarks are critical. However, they are often conflicting. We propose a new image watermarking scheme, which incorporates two kinds of transformation technologies to provide the better compromises between the visual quality and the robustness for resisting various signal processing or degradation. This algorithm utilizes the wavelet multiresolutional structure to select the location for the watermark. The quantization errors in the discrete cosine transform domain achieve the smallest visual degradation. Embedding the watermark within the image by introducing reduced distortion into transformed coefficients provides the robustness for the watermark detection without degrading the image quality. Besides, the proposed method does not require the original image to detect the watermark. Some experimental results demonstrate that the proposed scheme is more robust than previous schemes in terms of certain perceptual quality.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129494614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297619
Pin-Chang Su, E. Lu, H. Chang
We present three identity-based cryptographic schemes based on two-known assumptions. The security of the proposed scheme follows from the difficulties in simultaneously solving the factoring (FAC) and discrete logarithms (DL) problems with arithmetic modulo of almost the same size. The proposed schemes support user identification, digital signature, and key distribution.
{"title":"ID-based cryptographic schemes based on factoring and discrete logarithms","authors":"Pin-Chang Su, E. Lu, H. Chang","doi":"10.1109/CCST.2003.1297619","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297619","url":null,"abstract":"We present three identity-based cryptographic schemes based on two-known assumptions. The security of the proposed scheme follows from the difficulties in simultaneously solving the factoring (FAC) and discrete logarithms (DL) problems with arithmetic modulo of almost the same size. The proposed schemes support user identification, digital signature, and key distribution.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127202569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297569
Shui-Sheng Lin, ShunChieh Lin, S. Tseng
The knowledge-based model is proposed to solve the prediction problem in distributed DoS. There are three phases in this knowledge-based model. The detecting rules and filtering rules are constructed in knowledge construction phase from characteristic analyzer and domain experts. Based upon false negative criterion, the detecting phase use the detecting rules to finds out the control traffic of distributed DoS. However, some false alarms appear because of the similar traffic with control traffic from special services. Therefore, the filtering rules are used to reduce the false alarm rate in filtering phase and detecting phase.
{"title":"A knowledge-based model for defending distributed DoS","authors":"Shui-Sheng Lin, ShunChieh Lin, S. Tseng","doi":"10.1109/CCST.2003.1297569","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297569","url":null,"abstract":"The knowledge-based model is proposed to solve the prediction problem in distributed DoS. There are three phases in this knowledge-based model. The detecting rules and filtering rules are constructed in knowledge construction phase from characteristic analyzer and domain experts. Based upon false negative criterion, the detecting phase use the detecting rules to finds out the control traffic of distributed DoS. However, some false alarms appear because of the similar traffic with control traffic from special services. Therefore, the filtering rules are used to reduce the false alarm rate in filtering phase and detecting phase.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121303935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-14DOI: 10.1109/CCST.2003.1297617
G. Hussein, M. David
This paper discusses the use of randomized encryption techniques for designing an algorithm of a provably secure two stage RNG (TSRG) cryptosystem for message exchange. A built-in TSRG RNG is a distinguishable primitive in the proposed cryptosystem design where instantaneous real time. One time pad (OTP)/spl I.bar/like data is generated. Most cryptography relies on unproven complexity assumptions like integer factorization being computationally hard, with the adversary limited by computing power. However, advances in cryptanalysis, computing technology and unpublished researches may make current cryptosystems insecure. Shannon's pessimistic result essentially denotes that if the adversary is all-powerful, then efficient practical solutions for information-theoretic security do not exist. However, the TSRG RNG implements a simple idea of reseeding the RNG at unpredictable instants to an unpredictable state creating a new RNG model before the attackers can acquire enough information to identify the current model. In TSRG design, security is based on a proven insoluble problem. The previous published work proves that TSRG RNG produced output is random and cannot be predicated using available technologies and mathematical theories if the state of the generator is not compromised. This requires a secure way of exchanging of the OTP-like digest to be expanded at the receiver side as well as preventing the attackers from mounting state compromise attacks. The paper discuses how randomized encryption techniques can aid in designing the TSRG cryptosystem to defend possible cracking trials. Suitable usage of two randomized encryption techniques eliminates the threat of message related attacks and smoothes out the statistical distribution of inputs to the algorithm.
{"title":"TSRG randomized cryptosystem","authors":"G. Hussein, M. David","doi":"10.1109/CCST.2003.1297617","DOIUrl":"https://doi.org/10.1109/CCST.2003.1297617","url":null,"abstract":"This paper discusses the use of randomized encryption techniques for designing an algorithm of a provably secure two stage RNG (TSRG) cryptosystem for message exchange. A built-in TSRG RNG is a distinguishable primitive in the proposed cryptosystem design where instantaneous real time. One time pad (OTP)/spl I.bar/like data is generated. Most cryptography relies on unproven complexity assumptions like integer factorization being computationally hard, with the adversary limited by computing power. However, advances in cryptanalysis, computing technology and unpublished researches may make current cryptosystems insecure. Shannon's pessimistic result essentially denotes that if the adversary is all-powerful, then efficient practical solutions for information-theoretic security do not exist. However, the TSRG RNG implements a simple idea of reseeding the RNG at unpredictable instants to an unpredictable state creating a new RNG model before the attackers can acquire enough information to identify the current model. In TSRG design, security is based on a proven insoluble problem. The previous published work proves that TSRG RNG produced output is random and cannot be predicated using available technologies and mathematical theories if the state of the generator is not compromised. This requires a secure way of exchanging of the OTP-like digest to be expanded at the receiver side as well as preventing the attackers from mounting state compromise attacks. The paper discuses how randomized encryption techniques can aid in designing the TSRG cryptosystem to defend possible cracking trials. Suitable usage of two randomized encryption techniques eliminates the threat of message related attacks and smoothes out the statistical distribution of inputs to the algorithm.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122267804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: