The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and...

In recent years, an increasing number of cryptographic protocols based on bilinear pairings have been developed. With the enhancement of implementation efficiency, the algorithms of pairings are usually embedded in identity aware devices such as smartcards. Although many fault attacks and countermeasures for public key and elliptic curve cryptographic systems are known, the security of pairing ...

Phishing is an attempt by a third party to solicit confidential information from an individual, group or organization. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials and other sensitive information, which they may then use to commit fraudulent acts. There has been an increase in attack diversity and technical sophistication...

In the ongoing arms race between spammers and the multimillion dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then...

SCA(Side-channel analysis) is a well-known method to recover the sensitive data stored in security products. Meanwhile numerous countermeasures for hardware implementation of cryptographic algorithms are proposed to protect the internal data against this attack fortunately. However, some designs are not aware that the protection of the plaintext and ciphertext is also crucial. In this work, we ...

Bellare, Boldyreva, Desai, and Pointcheval [2] proposed a new security requirement of encryption schemes called “key-privacy” or “anonymity.” It asks that an encryption scheme provides privacy of the key under which the encryption was performed. That is, if an encryption scheme provides the key-privacy, then the receiver is anonymous from the point of view of the adversary. They formalized the ...

detection and modification of the risk factors of stroke may be the most effective strategy for preventing its often irreversible consequences. a longitudinal prospective study was implemented to evaluate the effect of several risk factors on the course of cerebrovascular disease. the study groups were composed of 3s8 normal volunteers, and 308 patients with transient ischemic attacks. the two ...

our aim was to report techniques and our experience in one-stage angioplasty and stenting of ostium of left common carotid and left internal carotid arteries in an octogenarian man with transient ischemic attack, who was completely recovered from neurologic insults short time after the procedure. an 81-year-old man presented with a transient ischemic attack. neurologic examination showed left s...

Side-channel attacks are a serious threat to securitycritical software. To mitigate remote timing and cachetiming attacks, many ubiquitous cryptography software libraries feature constant-time implementations of cryptographic primitives. In this work, we disclose a vulnerability in OpenSSL 1.0.1u that recovers ECDSA private keys for the standardized elliptic curve P-256 despite the library feat...

BACKGROUND Lower-extremity peripheral arterial disease (PAD) is associated with decreased functional status, diminished quality of life, amputation, myocardial infarction, stroke, and death. Nevertheless, public knowledge of PAD as a morbid and mortal disease has not been previously assessed. METHODS AND RESULTS We performed a cross-sectional, population-based telephone survey of a nationally...