Showing papers by "Chris J. Mitchell published in 2007"
10 Apr 2007
TL;DR: An analysis of security vulnerabilities in the domain name system (DNS) and the DNS security extensions (DNSSEC) is presented, and the associated security vulnerabilities are considered.
Abstract: We present an analysis of security vulnerabilities in the domain name system (DNS) and the DNS security extensions (DNSSEC). DNS data that is provided by name servers lacks support for data origin authentication and data integrity. This makes DNS vulnerable to man in the middle (MITM) attacks, as well as a range of other attacks. To make DNS more robust, DNSSEC was proposed by the Internet Engineering Task Force (IETF). DNSSEC provides data origin authentication and integrity by using digital signatures. Although DNSSEC provides security for DNS data, it suffers from serious security and operational flaws. We discuss the DNS and DNSSEC architectures, and consider the associated security vulnerabilities
127 citations
TL;DR: It is highlighted that enhancement of insulin availability, through separate effects on liver and β cells, provides a rationale for inhibiting PKCɛ to treat type 2 diabetes and is implicate in the etiology of β cell dysfunction.
84 citations
01 Jan 2007
TL;DR: This article focuses in particular on three mobile applications, namely OMA DRM, SIMLock, and software download, and considers the possible applications of this technology in mobile devices, and how these applications can be supported using trusted computing technology.
Abstract: This article addresses two main topics. Firstly, we review the operation of trusted computing technology, which now appears likely to be implemented in future mobile devices (including mobile phones, PDAs, etc.). Secondly, we consider the possible applications of this technology in mobile devices, and how these applications can be supported using trusted computing technology. We focus in particular on three mobile applications, namely OMA DRM, SIMLock, and software download.
52 citations
16 Sep 2007
TL;DR: This paper proposes Ninja: a non-identity-based authentication scheme for a mobile ubiquitous environment, in which the trustworthiness of a user's device is authenticated anonymously to a remote Service Provider (verifier) during the service discovery process, using Trusted Computing functionality.
Abstract: Most of today's authentication schemes involve verifying the identity of a principal in some way. This process is commonly known as entity authentication. In emerging ubiquitous computing paradigms which are highly dynamic and mobile in nature, entity authentication may not be sufficient or even appropriate, especially if a principal's privacy is to be protected. In order to preserve privacy, other attributes (e.g. location or trustworthiness) of the principal may need to be authenticated to a verifier. In this paper we propose Ninja: a non-identity-based authentication scheme for a mobile ubiquitous environment, in which the trustworthiness of a user's device is authenticated anonymously to a remote Service Provider (verifier), during the service discovery process. We show how this can be achieved using Trusted Computing functionality.
42 citations
29 Aug 2007
TL;DR: A solution is proposed that is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system with minor changes to the current CardSpace framework.
Abstract: CardSpace (formerly known as InfoCard) is a Digital Identity Management system that has recently been adopted by Microsoft. In this paper we identify two security flaws in CardSpace that may lead to a serious privacy violation. The first flaw is the reliance on Internet user judgements of the trustworthiness of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. Our solution is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system with minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposed solution.
36 citations
19 Aug 2007
TL;DR: The way in which domain membership is controlled, and the use of the domain-specific mobile phone that enables a domain owner to add devices wherever he/she is physically present, ensures that devices joining the domain are in physical proximity to the mobile phone, preventing illicit content proliferation.
Abstract: This paper focuses on the problem of preventing illegal copying of digital assets without jeopardising the right of legitimate licence holders to transfer content between their own devices, which make up a domain. Our novel idea involves the use of a domain-specific mobile phone and the mobile phone network operator to authenticate the domain owner before devices can join a domain. This binds devices in a domain to a single owner, that, in turn, enables the binding of domain licences to the domain owner. In addition, the way in which we control domain membership, and the use of the domain-specific mobile phone that enables a domain owner to add devices wherever he/she is physically present, ensures that devices joining the domain are in physical proximity to the mobile phone, preventing illicit content proliferation.
28 citations
TL;DR: It is argued that the inhibition revealed in the causal judgement task reflects inferential reasoning, which relies, in part, on the ability of the cue in question to excite a representation of the outcome, as revealed in a categorization test.
Abstract: The associative view of human causal learning argues that causation is attributed to the extent that the putative cause activates, via an association, a mental representation of the effect. That is, causal learning is a human analogue of animal conditioning. We tested this associative theory using a task in which a fictitious character suffered from two allergic reactions, rash (O1) and headache (O2). In a conditioned inhibition design with each of these two outcomes (A–O1/AX– and B–O2/BY–), participants were trained that one herbal remedy (X) prevented O1 and that the other (Y) prevented O2. These inhibitory properties were revealed in a causal judgement summation test. In a subsequent categorization task, X was most easily categorized with O1, and Y with O2. Thus, the categorization data indicated an excitatory X–O1 and Y–O2 association, the reverse of the inhibitory relationship observed on the causal judgement measure. A second experiment showed that this pattern of excitation and inhibition is depend...
17 citations
18 Dec 2007
TL;DR: This paper shows that a mode known as EPBC (Efficient error-Propagating Block Chaining), proposed in 1997 by Zuquete and Guedes, is insecure, and demonstrates a message forgery attack.
Abstract: A large variety of methods for using block ciphers, so called 'modes of operation', have been proposed, including some designed to provide both confidentiality and integrity protection. Such modes, usually known as 'authenticated encryption' modes, are increasingly important given the variety of issues now known with the use of unauthenticated encryption. In this paper we show that a mode known as EPBC (Efficient error-Propagating Block Chaining), proposed in 1997 by Zuquete and Guedes, is insecure. Specifically we show that given a modest amount of known plaintext for a single enciphered message, new enciphered messages can be constructed which will pass tests for authenticity. That is, we demonstrate a message forgery attack.
4 citations
TL;DR: This article showed that the mere acceptance effect can influence responses on names-based racial IATs, leading to an exaggeration of anti-Black/pro-White bias, even when no such preference actually exists.
4 citations
TL;DR: A general technique is used which is applied to multi-signature versions of the one-time signature scheme of Lamport and to a public key encryption scheme based on a symmetric block cipher which is presented.
Abstract: A general method for deriving an identity-based public key cryptosystem from a one-way function is described. We construct both ID-based signature schemes and ID-based encryption schemes. We use a general technique which is applied to multi-signature versions of the one-time signature scheme of Lamport and to a public key encryption scheme based on a symmetric block cipher which we present. We make use of one-way functions and block designs with properties related to cover-free families to optimise the efficiency of our schemes.