P195 - Sicherheit 2012 - Sicherheit, Schutz und Zuverlässigkeit
Auflistung P195 - Sicherheit 2012 - Sicherheit, Schutz und Zuverlässigkeit nach Erscheinungsdatum
1 - 10 von 26
Treffer pro Seite
Sortieroptionen
- KonferenzbeitraggMix: Eine generische Architektur für Mix-Implementierungen und ihre Umsetzung als Open-Source-Framework(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Fuchs, Karl-Peter; Herrmann, Dominik; Federrath, HannesMit dem Open-Source-Projekt gMix, einem generischen Framework für Mixe, möchten wir die zukünftige Forschung im Bereich der Datenschutzfreundlichen Techniken fördern, indem wir die Entwicklung und Evaluation von Mix-basierten Systemen erleichtern. Das Projekt gMix wird ein umfassendes Code-Repository mit kompatiblen und leicht erweiterbaren Mix-Implementierungen zur Verfügung stellen. Dies ermöglicht den Vergleich verschiedener Mix-Varianten unter einheitlichen Bedingungen und unterstützt durch leicht zugängliche und verständliche Lösungen auch den Einsatz in der Lehre. Wir stellen eine generische Softwarearchitektur für Mix- Implementierungen vor, demonstrieren ihre Anwendbarkeit anhand einer konkreten Implementierung und legen dar, wie wir die Architektur in ein Software-Framework mit einem Plug-in-Mechanismus zur einfachen Komposition und parallelen Entwicklung von Implementierungen überführen wollen.
- Editiertes Buch
- KonferenzbeitragTowards a secure and trusted business web(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Lotz, VolkmarWe currently see a major shift in development, deployment and operation of Enterprise IT systems and business applications. Driven by cost and effectiveness considerations, and facilitated by virtual infrastructures (aka the cloud) and service orientation, application development is distributed over a variety of entities (ISPs - independent service providers), applications are composed of services from different ISPs, and IT operations is run by independent data and computation centers. Using the Internet as fast and ubiquitous communication infrastructure, we see a fabric of resources, platforms, services and applications emerging forming a number of ecosystems that will drive society and business. For this set of ecosystems and facilitating technology and infrastructure, we have coined the term ”Business Web”. Since the Business Web is going to be the critical infrastructure underlying business and private life, concerns related to security and privacy will inevitably be raised. These concerns are grounded in the open and dynamic nature of the Business Web and its coverage of all aspects of business including the most sensitive areas like finance, healthcare, personal information etc. The strength of the Business Web lies in information sharing and spontaneous interaction with entities, even if they are previously unknown, and there is an inherent risk of information being abused and data owners losing control over their data in terms of usage, consistency or availability. To mitigate these risk while being able to exploit the benefits of collaboration, one needs to determine with whom the collaboration takes place, to express which mutual protection needs are to be met, and which controls can be imposed to actually enforce them. In this talk, we focus on the establishment of trust in services and the complementary support of data-centric services. In addition to traditional means based on observation, recommendation, and reputation which come to their limits upon discovery of new services, rich service descriptions including security and privacy related attributes, attested by trusted parties, provide the needed information and form a service identity where the mere name of the service would not be meaningful. At the same time, such descriptions can serve as a container for policy information expressing the service's protection needs, its abilities to match consumers' policies and its governance. Given that the user can express her policies in a similar, machine-processable way, we are able to match policies and decide if the service can be safely used. When considering the complexity of Business Web structures, however, we have to ensure that the above approach scales to multiple layers of dynamic collaboration. Data are travelling across domains, services and resources, while still being subject to their owners' policies. This motivates a data-centric security concept, where policies are bound to data and travel with them - ßticky policies”. Each processor of the data, even if it cannot be predicted where they will eventually end up, has access to the policy information and can handle the data accordingly. Sticky policies allow for the expression of obligations (like a deletion or retention period) to be met by processing entities. While this concept is theoretically pleasing, it faces practical challenges of performance and enforcement asking for further research. We show how a solution meeting some of these challenges can be provided on top of a distributed Java platform.
- Konferenzbeitrag”On-card“ user authentication for contactless smart cards based on gesture recognition(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Ullmann, Markus; Breithaupt, Ralph; Gehring, FrankSmart cards are widely used for security purposes. To protect smart cards against misuse an authentication process (e.g. entering a pin or password) is necessary. Due to missing input interfaces “on-card”, an external terminal is required to input the password. Unfortunately the required external hardware (e.g. keypads, etc.) opens up new security issues by being vulnerable against attacks like side channel, forgery & tampering, man in the middle, eavesdropping and others. An elegant solution for such problems is an authentication process “on-card” without the need for external devices. This paper presents a new class of contactless, ISO 14443 compliant smart cards which are equipped with a multipurpose user input interface as 2D gesture recognition sensor together with an optical feedback component. This offers new “on-card” authentication, card configuration and even front end interface capabilities. We will describe the basics of the general hardware design and discuss the gesture recognition process.
- KonferenzbeitragOn some conjectures in IT security: the case for viable security solution(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Zibuschka, Jan; Roßnagel, HeikoDue to the increased utilization of computers and the Internet the importance of IT security has also increased. Naturally the field of IT security has grown significantly and has provided many valuable contributions in recent years. Most of the work is concerned with the design of systems offering strong technological security. With regard to behavioural factors, researchers build their work on assumptions about human behaviour that are prevalent in the field of IT security without considering the results and insights of related disciplines. In this contribution we challenge some of these widely held conjectures and offer alternative interpretations based on the results of neighbouring disciplines. Based on this analysis, we suggest new directions for the design of security solutions that support the inclusion of insights from reference disciplines during the design process.
- KonferenzbeitragTLS, PACE, and EAC: a cryptographic view at modern key exchange protocols(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Brzuska, Christina; Dagdelen, Özgür; Fischlin, MarcTo establish a secure channel between two parties common security solutions often use a key exchange protocol as a preliminary subroutine to generate a shared key. These solutions include the protocols for secure communication between a reader and an identity card or passport, called PACE and EAC, and the TLS protocol for secure web communication. In this work we survey the cryptographic status of these protocols and the recent developments in this area.
- KonferenzbeitragTriggering IDM authentication methods based on device capabilities information(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Quintino Kuhnen, Marcus; Lischka, Mario; Gómez Mármol, FélixIdentity management systems are a reality today in the Internet. Single sign-on (SSO) systems allow users to authenticate once in the system and interact with different services providers without the need for creating new accounts. However, most identity management systems only support a simple authentication mechanism, which most of the cases is based on login and password, with its well known associated vulnerabilities like phishing attacks, for instance. In order to mitigate those drawbacks and improve the overall security of the system, we propose an enhancement of SSO systems which allows the identity providers to dynamically choose the best authentication method (e.g. fingerprint, digital certificates, smart cards, etc) being applied to the user based on the users' device capabilities and context information.
- KonferenzbeitragIT Security – Effiziente Organisation über Governance hinaus(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Voelcker, HinrichDie Sicherheit der IT-Systeme ist nicht zuletzt durch das breite Interesse der Medien und Öffentlichkeit zu einem ausgesprochen wichtigen Thema jedes Wirtschaftunternehmens geworden. Vertraulichkeit, Verfügbarkeit und Integrität der Unternehmensund Kundendaten ist überlebenswichtig - gerade in Bezug auf die Reputation. Besonders Banken leben von der Vertrauenswürdigkeit gegenüber ihren Kunden. Während die Regulatoren des Finanzwesens schon immer auf die Einhaltung eines hohen Standards der IT-Sicherheit achteten, richtet sich auch deren Augenmerk noch stärker als bisher auf die Sicherheit der IT-Systeme. Auslöser hierfür sind nicht zuletzt die steigende Anzahl und zunehmende Professionalität von Cyberangriffen gegen Unternehmen zu deren Abwehr die Implementierung von „Game-Changing- Technologies”, wie proaktive Cyber-Intelligence-Lösungen, eine immer wichtigere Rolle spielt. Während einzelne Lösungen zur IT-Sicherheit auch nur einzelne Probleme und mögliche Schwachstellen adressieren, ist es besonders in einem Großunternehmen wichtig, ein umfassendes Gesamtkonzept zur erfolgreichen Verteidigung von Cyberangriffen zu gestalten und effizient aufzubauen. Voraussetzung für die Durchsetzung dieses Ziels ist ein zentral aufgestellter IT Security-Bereich mit einer hohen Visibilität und globalen Verantwortung für die Sicherheit der IT-Systeme. Diese Organisationsform spiegelt auch den gewachsenen Stellenwert der IT-Sicherheit in Unternehmen wieder.
- KonferenzbeitragMerging the cryptographic security analysis and the algebraic-logic security proof of PACE(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Cheikhrouhou, Lassaad; Stephan, Werner; Dagdelen, Özgür; Fischlin, Marc; Ullmann, MarkusIn this paper we report on recent results about the merge of the cryptographic security proof for the Password Authenticated Connection Establishment (PACE), used within the German identity cards, with the algebraic-logic symbolic proof for the same protocol. Both proofs have initially been carried out individually, but have now been combined to get “the best of both worlds”: an automated, errorresistant analysis with strong cryptographic security guarantees.
- KonferenzbeitragForensic analysis of YAFFS2(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Zimmermann, Christian; Spreitzenbarth, Michael; Schmitt, Sven; Freiling, Felix C.In contrast to traditional file systems designed for hard disks, the file systems used within smartphones and embedded devices have not been fully analyzed from a forensic perspective. Many modern smartphones make use of the NAND flash file system YAFFS2. In this paper we provide an overview of the file system YAFFS2 from the viewpoint of digital forensics. We show how garbage collection and wear leveling techniques affect recoverability of deleted and modified files.
- «
- 1 (current)
- 2
- 3
- »