Auflistung nach Autor:in "Buchmann, Johannes"
1 - 8 von 8
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragClassifying privacy and verifiability requirements for electronic voting(Informatik 2009 – Im Focus das Leben, 2009) Langer, Lucie; Schmidt, Axel; Volkamer, Melanie; Buchmann, Johannes
- KonferenzbeitragEfficiency Improvement for NTRU(SICHERHEIT 2008 – Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 2008) Buchmann, Johannes; Döring, Martin; Lindner, RichardThe NTRU encryption scheme is an interesting alternative to well-established encryption schemes such as RSA, ElGamal, and ECIES. The security of NTRU relies on the hardness of computing short lattice vectors and thus is a promising candidate for being quantum computer resistant. There has been extensive research on efficient implementation of the NTRU encryption scheme. In this paper, we present a new algorithm for enhancing the performance of NTRU. The proposed method is between 11% and 23% faster on average than the best previously known method. We also present a highly efficient implementation of NTRU within the Java Cryptography Architecture.
- KonferenzbeitragElektronische Wahlen: Verifizierung vs. Zertifizierung(Informatik 2009 – Im Focus das Leben, 2009) Volkamer, Melanie; Schryen, Guido; Langer, Lucie; Schmidt, Axel; Buchmann, Johannes
- KonferenzbeitragAn evaluation and certification approach to enable voting service providers(4th International Conference on Electronic Voting 2010, 2010) Schmidt, Axel; Volkamer, Melanie; Buchmann, JohannesIn this paper we provide an evaluation and certification approach for Voting Service Providers (VSPs) which combines the evaluation of the electronic voting system and the operational environment for the first time. The VSP is a qualified institution which combines a secure voting system and a secure operational environment to provide secure remote electronic elections as a service [La08]. This centralized approach facilitates legal regulation and evaluation. So far, a legal regulation framework for VSPs has been developed which demands evaluation and certification of the VSP [Sc09a]. Therefore the VSP is required to provide a security concept in which it demonstrates satisfaction of the security requirements defined in the legal regulation. However neither the content of this security concept nor an adequate evaluation methodology has been specified so far. We therefore developed a security concept template and a comprehensive evaluation methodology for the VSP, which includes both the voting system and operational environment of VSPs. Our proposal incorporates existing evaluation methodologies to facilitate evaluation and certification. With this paper and the legal regulation a realistic approach to enable the VSP concept is accomplished.
- KonferenzbeitragExtended lattice reduction experiments using the BKZ algorithm(Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit, 2010) Schneider, Michael; Buchmann, JohannesWe present experimental results using lattice reduction algorithms. We choose the BKZ algorithm, that is the algorithm considered the strongest one in this area in practice. It is an important task to analyze the practical behaviour of lattice reduction algorithms, as the theoretical predictions are far from being practical. Our work helps choosing the right parameters for lattice reduction in practice. The experiments in this paper go beyond the results of Gama and Nguyen in their Eurocrypt 2008 paper. We give evidence of some facts stated in their work, concerning the runtime and the output quality of lattice reduction algorithms.
- TextdokumentPassword Assistance(Open Identity Summit 2017, 2017) Horsch, Moritz; Braun, Johannes; Buchmann, JohannesFor decades, users are not able to realize secure passwords for their user accounts at Internet services. Users’ passwords need to fulfil general security requirements and the password requirements of services. Furthermore, users need to cope with different password implementations at services. Finally, users need to perform a multitude of tasks to properly manage their large password portfolios. This is practically impossible. In this paper, we introduce the vision of a password assistant. It supports users in all duties and tasks with regard to their passwords, from the creation of secure passwords to the recovery of them in case of loss. Moreover, it provides an extensive automatization of all password tasks that reduces the users’ efforts and activities to deal with passwords to a minimum. A password assistant enables high security for passwords as well as improves their ease of use. First, we provide a detailed description of the problem of users to realize secure passwords for their accounts in practice. Second, we outline the vision of a password assistant, describe its technical foundation, and introduce the related open-source project starting to realize the first password assistant.
- KonferenzbeitragPassword Policy Markup Language(2016) Horsch, Moritz; Schlipf, Mario; Haas, Stefan; Braun, Johannes; Buchmann, JohannesPassword-based authentication is the most widely used authentication scheme for granting access to user accounts on the Internet. Despite this, there exists no standard implementation of passwords by services. They have different password requirements as well as interfaces and procedures for login, password change, and password reset. This situation is very challenging for users and often leads to the choice of weak passwords and prevents security-conscious behavior. Furthermore, it prevents the development of applications that provide a fully-fledged assistance for users in securely generating and managing passwords. In this paper, we present a solution that bridges the gap between the different password implementations on the service-side and applications assisting users with their passwords on the client-side. First, we introduce the Password Policy Markup Language (PPML). It enables a uniformly specified Password Policy Description (PPD) for a services. A PPD describes the password requirements as well as password interfaces and procedures of a service and can be processed by applications. It enables applications to automatically (1) generate passwords in accordance with the password requirements of a service, (2) perform logins, (3) change passwords, and (4) reset passwords. Second, we present a prototypical password manager which uses PPDs and is capable of generating and completely managing passwords on behalf of users.
- KonferenzbeitragTowards the impact of the operational environment on the security of e-voting(Informatik 2009 – Im Focus das Leben, 2009) Schmidt, Axel; Volkamer, Melanie; Langer, Lucie; Buchmann, Johannes