Logo des Repositoriums

Auflistung nach Schlagwort "Cryptography"

1 - 5 von 5
  • Zeitschriftenartikel
    Einführung in die Steganographie und Ableitung eines neuen Stegoparadigmas
    (Informatik-Spektrum: Vol. 21, No. 4, 1998) Franz, Elke; Pfitzmann, Andreas
    Steganographie hat das Ziel, geheimzuhaltende Daten so in unverfänglichen umfangreicheren Hülldaten einzubetten, daß dies von Außenstehenden nicht einmal bemerkt werden kann. Auf der Suche nach Bewertungskriterien für digitale Bilder bzgl. Steganographie werden verschiedene Möglichkeiten aufgezeigt, zu entscheiden, ob in einem Bild Daten steganographisch eingebettet sind. Kriterien ergeben sich daraus, wie stark das gleiche Motiv darstellende Bilder voneinander abweichen können. Die Differenzen zwischen ihnen erzeugen „normalerweise“ verschiedene informationsverändernde Prozesse. Als Beispiel für einen solchen Prozeß wurde das Scannen ausgewählt. Die durch mehrmaliges Scannen desselben Bildes erzeugten Differenzen werden mit durch steganographische Operationen erzeugten Differenzen verglichen. Die Vergleiche zeigen, daß durch das Scannen betragsmäßig größere Differenzen zwischen Bildern entstehen als durch Stegoprogramme. Unterschiede sind insbesondere in der Art der Differenzen zu erkennen. Aus diesen empirisch gewonnenen Ergebnissen wird ein neues Stegoparadigma abgeleitet.Summary Steganography aims at embedding data which should be kept confidential in innocuous cover data such that others cannot even detect this. To find criteria to assess digital images w.r.t. steganography, various possibilities are shown to decide whether a digital image includes steganographically embedded data. Criteria result from possible differences between images which show the same scene. The differences between them are normally caused by processes which change the information representation. Scanning has been chosen as an example for such a process. The differences between image files resulting from repeated scanning are compared with differences between image files caused by stegoprograms. The comparisons show that scanning causes greater differences than stegoprograms. However, the characteristic of the differences is not the same. A new stegoparadigm is derived from these empirically gained results.
  • Konferenzbeitrag
    “Jumping Through Hoops”: Why do Java Developers Struggle With Cryptography APIs?
    (Software Engineering 2017, 2017) Nadi, Sarah; Krüger, Stefan; Mezini, Mira; Bodden, Eric
    To protect sensitive data processed by current applications, developers, whether security experts or not, have to rely on cryptography. While cryptography algorithms have become increasingly advanced, many data breaches occur because developers do not correctly use the corresponding APIs. To guide future research into practical solutions to this problem, we perform an empirical investigation into the obstacles developers face while using the Java cryptography APIs, the tasks they use the APIs for, and the kind of (tool) support they desire. We triangulate data from four separate studies that include the analysis of 100 StackOverflow posts, 100 GitHub repositories, and survey input from 48 developers. We find that while developers find it difficult to use certain crypto- graphic algorithms correctly, they feel surprisingly confident in selecting the relevant cryptography concepts (e.g., encryption vs. signatures). We also find that the APIs are generally perceived to be too low-level and that developers prefer more task-based solutions.
  • Konferenzbeitrag
    On Criteria and Tooling for Cryptographic Inventories
    (Sicherheit 2024, 2024) Schmitt, Nicolai; Henrich, Johanna; Heinz, Dominik; Alnahawi, Nouri; Wiesmaier, Alexander
    When cryptography becomes insecure, a migration to new schemes is required. Often the migration process is very complicated, but the time available is very limited. Only if the used cryptographic algorithms, protocols and configurations are known can a system be efficiently and fully adapted to changed security situations. This creates the need for a crypto-inventory that gathers this knowledge. Consequently, the question arises what criteria a crypto-inventory must fulfill to support this adaptation. It also highlights the need for tools to assist compilation. We therefore conducted a literature survey and extracted key requirements. Missing content was supplemented by expanding existing requirements or adding new ones. Furthermore, appropriate metrics were assigned to assess the fulfillment of the requirements for a certain crypto-inventory implementation. Regarding the tooling, we identified five major areas of interest — installed software, connected hardware, communication, stored data and source code scanning — and provide prototypes for semi-automatic creation of crypto-inventories for three of them. This provides organizations with a starting point to understand their cryptographic landscape as a prerequisite for crypto-agility and crypto-migration. However, theoretical design and prototypes have not yet been evaluated. This will be done as a follow-up to this work. All types of organizations are invited to participate.
  • Zeitschriftenartikel
    RFID: Verbraucherängste und verbraucherschutz
    (Wirtschaftsinformatik: Vol. 47, No. 6, 2005) Berthold, Oliver; Günther, Oliver; Spiekermann, Sarah
    RFID introduction is a hotly debated public policy issue. The technology enables physical environments to become more interactive and supportive by tagging each item with a chip that wirelessly communicates with a service-enriched backend infrastructure. Based on a number of user studies at Humboldt-Universität and at the Auto-ID Center, this article presents the major fears associated with RFID introduction. We show to what extent these fears are justified and derive a number of system requirements for giving users more control over an RFID-enabled IT infrastructure. After presenting several recent technical proposals for privacy protection, we focus on the question of controlled access to RFID tags. We conclude with a proposal for an easy-to-use private password model.
  • Zeitschriftenartikel
    Sicheres und nachhaltiges Benchmarking in der Cloud
    (Wirtschaftsinformatik: Vol. 53, No. 3, 2011) Kerschbaum, Florian
    Durch Cloud-Computing entsteht eine neue Sicherheitsbedrohung: Dem Cloud-Dienstanbieter werden die Daten aller seiner Kunden anvertraut. Dies kann die Nachhaltigkeit bei streng vertraulichen Daten verhindern. Verschlüsselung, oder allgemeiner Kryptographie, kann diesen Konflikt durch kundenseitige Verschlüsselung der zu verarbeitenden Daten lösen. Obwohl diese Lösung theoretisch überzeugend ist, ergibt sich eine Reihe neuer Forschungsfragestellungen bei der Gestaltung betrieblicher Informationssysteme.Am Beispiel gemeinschaftlichen Benchmarkings werden das Design und die Implementierung einer Cloud-Anwendung beschrieben und evaluiert, die nur mit verschlüsselten Daten arbeitet und dadurch die Vertraulichkeit der Kundendaten gegenüber dem Dienstanbieter gewährleistet. Die Cloud-Anwendung berechnet unternehmensübergreifende Statistiken im Rahmen des Benchmarkings, ohne dabei die einzelnen Kennzahlen offenzulegen.Benchmarking ist wichtig für Unternehmen, um die Wettbewerbsfähigkeit zu erhalten. So können sie anhand von Statistiken ihre Leistung mit der Konkurrenz vergleichen und gegebenenfalls gezielte Verbesserungsmaßnahmen einleiten.AbstractCloud computing entails a novel security threat: The cloud service provider is entrusted with the data of all its customers. This may not be sustainable for highly confidential data. Encryption, or more generally cryptography, may provide a solution by computing on data encrypted by the customers. While this solution is theoretically appealing, it raises a number of research questions in information system design.Using the example of collaborative benchmarking the author presents and evaluates an exemplary design and implementation of a cloud application that operates only on encrypted data, thus protecting the confidentiality of the customer’s data against the cloud service provider. The cloud application computes common statistics for benchmarking without disclosing the individual key performance indicators.Benchmarking is an important process for companies to stay competitive in today’s markets. It allows them to evaluate their performance against the statistics of their peers and implement targeted improvement measures.