Charles Cresson Wood

Bio: Charles Cresson Wood is an academic researcher from SRI International. The author has contributed to research in topics: Information security & Security information and event management. The author has an hindex of 10, co-authored 30 publications receiving 574 citations.

Computer Security: A Comprehensive Controls Checklist

Abstract: How to Use This Book Security Survivability Legal Aspects of Computer Security Computer Security Related Bibliography Glossary Appendix A--Matrices of Threats, Assets and Applicable Controls Appendix B--Work Sheets Index.

Handbook of Applied Cryptography

Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

System and method for generating signal waveforms in a CDMA cellular telephone system

Abstract: A system and method for communicating information signals using spread spectrum communication techniques. PN sequences are constructed that provide orthogonality between the users so that mutual interference will be reduced, allowing higher capacity and better link performance. With orthogonal PN codes, the cross-correlation is zero over a predetermined time interval, resulting in no interference between the orthogonal codes, provided only that the code time frames are time aligned with each other. In an exemplary embodiment, signals are communicated between a cell-site and mobile units using direct sequence spread spectrum communication signals. In the cell-to-mobile link, pilot, sync, paging and voice channels are defined. Information communicated on the cell-to-mobile link channels are, in general, encoded, interleaved, bi-phase shift key (BPSK) modulated with orthogonal covering of each BPSK symbol along with quadrature phase shift key (QPSK) spreading of the covered symbols. In the mobile-to-cell link, access and voice channels are defined. Information communicated on the mobile-to-cell link channels are, in general, encoded, interleaved, orthogonal signaling along with QPSK spreading.

Encrypted key exchange: password-based protocols secure against dictionary attacks

Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >

Users are not the enemy

Abstract: Many system security departments treat users as a security risk to be controlled. The general consensus is that most users are careless and unmotivated when it comes to system security. In a recent study, we found that users may indeed compromise computer security mechanisms, such as password authentication, both knowing and unknowingly. A closer analysis, however, revealed that such behavior is often caused by the way in which security mechanisms are implemented, and users’ lack of knowledge. We argue that to change this state of affairs, security departments need to communicate more with users, and adopt a usercentered design approach.