White Paper∗ Protecting e-Government Against Attacks
نویسنده
چکیده
E-Government services operate, by definition, across the Internet: citizens use their own desktops or mobile devices to access, via the Internet, government services hosted on servers physically located in some government agency, or even on a private or public cloud. Attacks on e-government can such be broadly divided into three categories: server-side attacks (i.e. on the government servers), client-side attacks (i.e. on the citizen’s computing/access device) and network attacks (i.e. on the Internet connection, either by interfering with existing connections/sessions or by an attacker pretending to the server to be a valid client or to the client to be a valid server). This analysis explicitly ignores network attacks, as these are outside our expertise.
منابع مشابه
A White-Box Cryptographic Implementation for Protecting against Power Analysis
Encoded lookup tables used in white-box cryptography are known to be vulnerable to power analysis due to the imbalanced encoding. This means that the countermeasures against white-box attacks can not even defend against gray-box attacks. For this reason, those who want to defend against power analysis through the white-box cryptographic implementation need to find other ways. In this paper, we ...
متن کاملA Masked White-box Cryptographic Implementation for Protecting against Differential Computation Analysis
Recently, gray-box attacks on white-box cryptographic implementations have succeeded. These attacks are more efficient than white-box attacks because they can be performed without detailed knowledge of the target implementation. The success of the gray-box attack is reportedly due to the unbalanced encoding used to generate the whitebox lookup table. In this paper, we propose a method to protec...
متن کاملProtecting a Multiuser Web Application against Online Password-Guessing Attacks
This white paper presents a method for protecting a Web application against online password-guessing attacks. A user logs in with three credentials: the name of the application instance, a user ID, and a password, where the instance name is a secret known only to the instance users, the user ID is a secret kwnon only to the instance administrators, and the password is a secret known only to the...
متن کاملProtecting privacy in e-cash schemes by securing hidden identity approaches against statistical attacks
structured abstract Research paper Purpose To enhance security and privacy of e-cash systems that apply revocable anonymity by presenting a stochastic attack, that reveals the hidden ID, and suitable protection means against this kind of attacks. Methodology/Approach The feasibility of a stochastic attack that reveals the ID of user of e-cash schemes with revocable anonymity is shown. To avoid ...
متن کاملPushback for Overlay Networks: Protecting Against Malicious Insiders
Peer-to-Peer (P2P) overlay networks are a flexible way of creating decentralized services. Although resilient to external Denial of Service attacks, overlay networks can be rendered inoperable by simple flooding attacks generated from insider nodes. In this paper, we study detection and containment mechanisms against insider Denial of Service (DoS) attacks for overlay networks. To counter such ...
متن کامل