Author
Chris J. Mitchell
Other affiliations: Johns Hopkins University, University of Portland, University College London ...read more
Bio: Chris J. Mitchell is an academic researcher from Royal Holloway, University of London. The author has contributed to research in topics: Authentication & Cryptography. The author has an hindex of 48, co-authored 397 publications receiving 10982 citations. Previous affiliations of Chris J. Mitchell include Johns Hopkins University & University of Portland.
Papers published on a yearly basis
Papers
More filters
01 Jan 2004
TL;DR: This paper proposes a formal model of the Bellare-Rogaway type that enables one to prove the security of an anonymous credential system in a complexity theoretic framework and defines what these goals are.
Abstract: This paper proposes a formal model of the Bellare-Rogaway type [Bellare and Rogaway, 1994] that enables one to prove the security of an anonymous credential system in a complexity theoretic framework. The model abstracts away from how a specific instance of anonymous credential system achieves its goals; instead it defines what these goals are. The notions of credential unforgeability, non-transferability, pseudonym unlinkability and pseudonym owner protection are formally defined and the relationships between them are explored. The model is a step towards a formal treatment of the level of privacy protection that anonymous credential systems can and should achieve, both in terms of pseudonym unlinkability and user anonymity.
8 citations
TL;DR: In this article, a new class of attacks against authentication and authenticated key establishment protocols is described, which are called parsing ambiguity attacks, which apply to a very wide range of such protocols, including those specified in a number of international standards.
Abstract: A new class of attacks against authentication and authenticated key establishment protocols is described, which we call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specified in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modifications to the relevant standards.
8 citations
Posted Content•
TL;DR: OpenID Connect as discussed by the authors is a single-sign-on protocol that adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user.
Abstract: Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems.
8 citations
8 citations
TL;DR: The security provided by the XCBC, TMAC and OMAC schemes is analysed and compared with other MAC schemes and ‘partial' key recovery attacks against all three schemes are described, yielding upper bounds on the effective security level.
Abstract: The security provided by the XCBC, TMAC and OMAC schemes is analysed and compared with other MAC schemes. In particular, ‘partial' key recovery attacks against all three of these schemes are described, yielding upper bounds on the effective security level. The results imply that there is relatively little to be gained practically through the introduction of these schemes by comparison with other well-established MAC functions.
8 citations
Cited by
More filters
[...]
TL;DR: There is, I think, something ethereal about i —the square root of minus one, which seems an odd beast at that time—an intruder hovering on the edge of reality.
Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality.
Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …
33,785 citations
28 Jul 2005
TL;DR: PfPMP1)与感染红细胞、树突状组胞以及胎盘的单个或多个受体作用,在黏附及免疫逃避中起关键的作�ly.
Abstract: 抗原变异可使得多种致病微生物易于逃避宿主免疫应答。表达在感染红细胞表面的恶性疟原虫红细胞表面蛋白1(PfPMP1)与感染红细胞、内皮细胞、树突状细胞以及胎盘的单个或多个受体作用,在黏附及免疫逃避中起关键的作用。每个单倍体基因组var基因家族编码约60种成员,通过启动转录不同的var基因变异体为抗原变异提供了分子基础。
18,940 citations
Book•
01 Jan 1996TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.
13,597 citations
TL;DR: In this paper, a map of the human tissue proteome based on an integrated omics approach that involves quantitative transcriptomics at the tissue and organ level, combined with tissue microarray-based immunohistochemistry, to achieve spatial localization of proteins down to the single-cell level.
Abstract: Resolving the molecular details of proteome variation in the different tissues and organs of the human body will greatly increase our knowledge of human biology and disease. Here, we present a map of the human tissue proteome based on an integrated omics approach that involves quantitative transcriptomics at the tissue and organ level, combined with tissue microarray-based immunohistochemistry, to achieve spatial localization of proteins down to the single-cell level. Our tissue-based analysis detected more than 90% of the putative protein-coding genes. We used this approach to explore the human secretome, the membrane proteome, the druggable proteome, the cancer proteome, and the metabolic functions in 32 different tissues and organs. All the data are integrated in an interactive Web-based database that allows exploration of individual proteins, as well as navigation of global expression patterns, in all major tissues and organs in the human body.
9,745 citations
15 Aug 1999
TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Abstract: Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
6,757 citations