Existing security standards targets qualitative evaluation of the security level of a system against a set of predefined levels. When doing trade-off between treatment strategies, we need to supplement the qualitative evaluation with quantitative estimates of operational security. Quantitative evaluation, such as probabilistic analysis, is frequently used within the dependability domain. To est...

Vanishree et.al proposed a novel unconditionally oblivious polynomial evaluation protocol and they claimed that can fulfill both sender and receiver’s security. Here, this protocol is cryptanalyzed. We find that it has a fatal fault which cannot implement the receiver’s security at all and show the detail analyzing process. Keywords oblivious polynomial evaluation, oblivious transfer, multi-par...

With all the efforts put into IT system security, the issue remains of what the level of such security is and how sure we are that our IT system is secure. The paper starts with the assumption that users are one of the most important components of IT system security, and an aware and trained user takes much more care about security in his daily activities. Such system will have less security in...

Security technology is important to security, but the practices of the people who develop, integrate, evaluate, configure, maintain, and use that technology are more important; indeed, these practices are the foundation of technical (as well as physical and personnel) security. It is crucially important, therefore, that security practices be good ones; when feasible, best security practices (BS...

The study applied Decision Making Trial and Evaluation Laboratory (DEMATEL) to analyze the casual relationship and mutual impact level between the control items of the information security management system. Three core control items of the information security management system are found, Security Policy (SC1), Access Control (SC7) and Human Resources Security (SC4) respectively. They can be pr...

WS-Security is a standard providing message-level security in Web Services. It allows exible application of security mechanisms in SOAP messages. Therewith it ensures their integrity, con dentiality and authenticity. However, using sophisticated security algorithms can lead to high memory consumptions and long evaluation times. In the combination with the standard XML DOM processing approach th...

Biometric authentication systems verify the identity of users by relying on their distinctive traits, like fingerprint, face, iris, signature, voice, etc. Biometrics is commonly perceived as a strong authentication method; in practice several well-known vulnerabilities exist, and security aspects should be carefully considered, especially when it is adopted to secure the access to applications ...

Successful e-government adoption in society depends mostly on trust among citizens who use it. It is vital to ensuring security of e-government applications and infrastructures as a guarantee of security and privacy of stakeholders in storing, processing and exchanging information over the online systems offered by the government. As threats on e-government information security are dynamic and ...

The approach to network security analysis is suggested. It is based on simulation of malefactor’s behavior, generating attack graph and calculating different security metrics. The graph represents all possible attack scenarios taking into account network configuration, security policy, malefactor’s location, knowledge level and strategy. The security metrics describe computer network security a...

This certificate applies only to the specific version and release of the product in its evaluated configuration and in conjunction with the complete Certification Report. The evaluation has been conducted in accordance with the provisions of the certification scheme of the German Federal Office for Information Security (BSI) and the conclusions of the evaluation facility in the evaluation techn...