Related papers: Server-side verification of client behavior in cry…
In today's world, computer networks have become vulnerable to numerous attacks. In both wireless and wired networks, one of the most common attacks is man-in-the-middle attacks, within which session hijacking, context confusion attacks have…
The level of trust accorded to certification authorities has been decreasing over the last few years as several cases of misbehavior and compromise have been observed. Log-based approaches, such as Certificate Transparency, ensure that…
We propose a security verification framework for cryptographic protocols using machine learning. In recent years, as cryptographic protocols have become more complex, research on automatic verification techniques has been focused on. The…
Testing of network services represents one of the biggest challenges in cyber security. Because new vulnerabilities are detected on a regular basis, more research is needed. These faults have their roots in the software development cycle or…
Online services commonly attempt to verify the legitimacy of users with CAPTCHAs. However, CAPTCHAs are annoying for users, often difficult for users to solve, and can be defeated using cheap labor or, increasingly, with improved…
Browser fingerprinting is the identification of a browser through the network traffic captured during communication between the browser and server. This can be done using the HTTP protocol, browser extensions, and other methods. This paper…
TLS uses X.509 certificates for server authentication. A X.509 certificate is a complex document and various innocent errors may occur while creating/ using it. Also, many certificates belong to malicious websites and should be rejected by…
When computation is outsourced, the data owner would like to be assured that the desired computation has been performed correctly by the service provider. In theory, proof systems can give the necessary assurance, but prior work is not…
We present a new technique for verifying correspondences in security protocols. In particular, correspondences can be used to formalize authentication. Our technique is fully automatic, it can handle an unbounded number of sessions of the…
This thesis presents an automated method for verifying security properties of protocol implementations written in the C language. We assume that each successful run of a protocol follows the same path through the C code, justified by the…
This paper presents a hybrid cryptographic protocol, using quantum and classical resources, to generate a key for authentication and optionally for encryption in a network. One or more trusted servers distribute streams of entangled photons…
Signcryption is a cryptographic primitive which performs encryption and signature in a single logical step. In conventional signcryption only receiver of the signcrypted text can verify the authenticity of the origin i.e. signature of the…
The proposed system highlights a novel approach of exclusive verification process using gain protocol for ensuring security among both the parties (client-service provider) in m-commerce application with cloud enabled service. The proposed…
A cryptographic protocol (CP) is a distributed algorithm designed to provide a secure communication in an insecure environment. CPs are used, for example, in electronic payments, electronic voting procedures, database access systems, etc.…
Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops…
Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective…
We propose a methodology for verifying security properties of network protocols at design level. It can be separated in two main parts: context and requirements analysis and informal verification; and formal representation and procedural…
The design of authentication protocols, for online banking services in particular and any service that is of sensitive nature in general, is quite challenging. Indeed, enforcing security guarantees has overhead thus imposing additional…
Website fingerprinting enables an attacker to infer which web page a client is browsing through encrypted or anonymized network connections. We present a new website fingerprinting technique based on random decision forests and evaluate…
Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have…