Chris J. Mitchell

Bio: Chris J. Mitchell is an academic researcher from Royal Holloway, University of London. The author has contributed to research in topics: Authentication & Cryptography. The author has an hindex of 48, co-authored 397 publications receiving 10982 citations. Previous affiliations of Chris J. Mitchell include Johns Hopkins University & University of Portland.

Key distribution without individual trusted authentification servers

Abstract: Some recent research on key distribution systems has focussed on analysing trust in authentication servers, and constructing key distribution protocols which operate using a number of authentication servers, which have the property that a minority of them may be untrustworthy. This paper proposes two key distribution protocols with multiple authentication servers using a cross checksum scheme. Both protocol are based on the use of symmetric encryption for verifying the origin and integrity of messages. In these protocols it is not necessary for clients to trust an individual authentication server. A minority of malicious and colluding servers cannot compromise security and can be detected. The first 'parallel' protocol can prevent a minority of servers disrupting the service. The second 'cascade' protocol has to work with other security mechanisms in order to prevent a server breaking the procedure by refusing to cooperate. As compared with other proposed protocols with similar properties these two protocols require less exchanged messages.

Multi-destination secure electronic mail

Abstract: this solution has a flaw which in certain circumstances allows the malicious construction of apparently authentic messages. Finally note that it is not the intention of the author to criticise what is after all only an RFC,l but rather to ensure that possible solutions to multi-destination secure message authentication problems are analysed with care. There are many lessons to be learnt from the study of flawed systems which are apparently perfectly secure.

Intention insertion: Activating an action's perceptual consequences is sufficient to induce non-willed motor behavior.

Abstract: It feels intuitive that our actions are intentional, but there is considerable debate about whether (and how) humans control their motor behavior. Recent ideomotor theories of action argue that action intentions are fundamentally perceptual, that actions are not only controlled by anticipating-imagining-their intended perceptual consequences, but are also initiated when this action effect activation is strong. Here, the authors report a study (plus a replication) that provides direct evidence for this proposal, showing that even nonintended actions are executed when their effects are activated strongly enough. Participants mentally rehearsed a movement sequence and were unexpectedly presented with salient visual cues that were either compatible or incompatible with their currently imagined action. As predicted by ideomotor theories, the combined activation through imagery and perception was sufficient to trigger involuntary actions, even when participants were forewarned and asked to withhold them. Ideomotor cues, therefore, do not only influence preplanned responses but can effectively insert intentions to act, creating behavior de novo, as predicted from ideomotor theories of action control. (PsycINFO Database Record

OAuthGuard: Protecting User Security and Privacy with OAuth 2.0 and OpenID Connect

Abstract: Millions of users routinely use Google to log in to websites supporting OAuth 2.0 or OpenID Connect; the security of OAuth 2.0 and OpenID Connect is therefore of critical importance. As revealed in previous studies, in practice RPs often implement OAuth 2.0 incorrectly, and so many real-world OAuth 2.0 and OpenID Connect systems are vulnerable to attack. However, users of such flawed systems are typically unaware of these issues, and so are at risk of attacks which could result in unauthorised access to the victim user's account at an RP. In order to address this threat, we have developed OAuthGuard, an OAuth 2.0 and OpenID Connect vulnerability scanner and protector, that works with RPs using Google OAuth 2.0 and OpenID Connect services. It protects user security and privacy even when RPs do not implement OAuth 2.0 or OpenID Connect correctly. We used OAuthGuard to survey the 1000 top-ranked websites supporting Google sign-in for the possible presence of five OAuth 2.0 or OpenID Connect security and privacy vulnerabilities, of which one has not previously been described in the literature. Of the 137 sites in our study that employ Google Sign-in, 69 were found to suffer from at least one serious vulnerability. OAuthGuard was able to protect user security and privacy for 56 of these 69 RPs, and for the other 13 was able to warn users that they were using an insecure implementation.

Enhancing E-commerce Security Using GSM Authentication

Abstract: Today, e-commerce transactions are typically protected using SSL/TLS\@. However, there are risks in such use of SSL/TLS, notably threats arising from the fact that information is stored in clear at the end point of the communication link and the lack of user authentication. Although SSL/TLS does offer the latter, it is optional and usually omitted since users typically do not have the necessary asymmetric key pair. In this paper, we propose a payment protocol in which user authentication is provided using GSM ‘subscriber identity authentication’. In the protocol, a consumer is required to possess a GSM mobile station registered under a subscriber name corresponding to that on his/her debit/credit card. The cardholder identity is combined with the GSM subscriber identity in such a way that without a mobile station, in particular the SIM, and the corresponding debit/credit card, an unscrupulous user will find it difficult to make a fraudulent payment at the expense of the legitimate cardholder. This is achieved in such a way that no management overhead is imposed on the user.

I and i

Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality. Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

疟原虫var基因转换速率变化导致抗原变异[英]／Paul H, Robert P, Christodoulou Z, et al//Proc Natl Acad Sci U S A

Abstract: 抗原变异可使得多种致病微生物易于逃避宿主免疫应答。表达在感染红细胞表面的恶性疟原虫红细胞表面蛋白1（PfPMP1）与感染红细胞、内皮细胞、树突状细胞以及胎盘的单个或多个受体作用，在黏附及免疫逃避中起关键的作用。每个单倍体基因组var基因家族编码约60种成员，通过启动转录不同的var基因变异体为抗原变异提供了分子基础。

Handbook of Applied Cryptography

Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Tissue-based map of the human proteome

Abstract: Resolving the molecular details of proteome variation in the different tissues and organs of the human body will greatly increase our knowledge of human biology and disease. Here, we present a map of the human tissue proteome based on an integrated omics approach that involves quantitative transcriptomics at the tissue and organ level, combined with tissue microarray-based immunohistochemistry, to achieve spatial localization of proteins down to the single-cell level. Our tissue-based analysis detected more than 90% of the putative protein-coding genes. We used this approach to explore the human secretome, the membrane proteome, the druggable proteome, the cancer proteome, and the metabolic functions in 32 different tissues and organs. All the data are integrated in an interactive Web-based database that allows exploration of individual proteins, as well as navigation of global expression patterns, in all major tissues and organs in the human body.

Differential Power Analysis

Abstract: Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.