Assurance Partnership (NIAP) to boost federal agencies' and consumers' confidence in information security products manufactured by vendors. To facilitate this goal, NIAP developed a national program that requires accredited laboratories to independently evaluate and validate the security of these products for use in national security systems. These systems are those under control of the U.S. go...

The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the par...

We propose a comparative performance evaluation of security protocols. The novelty of our approach lies in the use of a polynomial mathematical model that captures the performance of classes of cryptographic algorithms instead of capturing the performance of each algorithm separately, approach that is used in other papers. A major advantage of using such a model is that it does not require impl...

In this paper we provide an evaluation and certification approach for Voting Service Providers (VSPs) which combines the evaluation of the electronic voting system and the operational environment for the first time. The VSP is a qualified institution which combines a secure voting system and a secure operational environment to provide secure remote electronic elections as a service [La08]. This...

The evaluation of network risk is a vital task. It is an essential step in securing any network. This evaluation can help security professionals in making optimal decisions about how to design security countermeasures in order to improve security. This paper proposes a risk estimation model that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerabi...

Most of the proposed security protocols for routing optimization in Mobile IPv6, including the one in the standard, depend on the special relationship between the home network and the mobile node. In this paper, we present a new protocol that does not depend on the security relationship between the home network and the mobile. The security of the protocol is analyzed and its performance evaluat...

Balanced asynchronous circuits have been touted as a superior replacement for conventional synchronous circuits. To assess these claims, we have designed, manufactured and tested an experimental asynchronous smart-card style device. In this paper we describe the tests performed and show that asynchronous circuits can provide better tamperresistance. However, we have also discovered weaknesses w...

This report studies the security of Whitenoise, a stream cipher invented by BSB Utilities Inc. I present the results of a limited time analysis of this scheme. After a careful security analysis, I was unable to find any security weaknesses in the Whitenoise stream cipher. Whitenoise resists all of the attack methods I was able to think of. This provides evidence for the security of Whitenoise. ...

Executive Summary The Apple iPhone was released to much fanfare on June 29, 2007. Because of the large amount of personal information stored on these mobile devices, we decided to conduct a security analysis of the iPhone. The iPhone's applications for surfing the web and checking emails are potentially at risk to remote attacks. We wanted to determine exactly how well the software on the iPhon...