scispace - formally typeset
Search or ask a question
Author

DeMillo

Bio: DeMillo is an academic researcher from Georgia Institute of Technology. The author has contributed to research in topics: Security information and event management & Data security. The author has an hindex of 1, co-authored 1 publications receiving 62 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: The methods the authors will describe in this article require the participants to execute communications algorithms, called protocols, which must maintain the properties that Alice and Bob's protocol must maintain in order to guard against cheating by either side.
Abstract: Aice lives in Atlanta and Bob lives in Detroit. They have never met, but they vvish to play poker. After some negotiation, they decide to play cards over the telephone. The first problem that arises is how to deal the cards fairly. If, for instance, Bob deals to Alice, how will Alice know that Bob has not cheated? On the other hand, if Bob manages to somehow deal a fair hand to Alice, without looking at her cards, what wvill stop Alice from changing her hand to a more favorable one? The problem confronting Alice and Bob is very similar to problems confronting users of modern communications systems such as electronic funds transfer systems, military communication networks, and distributed database systems. Such systems operate by series of message exchanges, and the possibility always exists that one or more of the participants in the exchanges will cheat to gain some advantage, or that some external agent will interfere w\\ith normal communications. Security in this context refers to the ability of such a system to withstand attacks by determined cheaters or enemies. Although other methods have been proposed for withstanding such attacksk. the methods we will describe in this article require the participants to execute communications algorithms, called protocols. W'hat are the properties that Alice and Bob's protocol must maintain in order to guard against cheating by either side? The card game they play should have rules just like the ordinary game of poker, except that no cards are actually exchanged. Alice and Bob must know the cards in their own hand, but neither can have any information about the other's hand. The deal must distribute all possible hands w'ith equal probability and should not allow the same card to appear in two hands simultaneously. A player should be able to discard from his own Can two mutually suspicious participants play poker over the telephone? Certainly, if they are clever enough to institute a secure protocol.

63 citations


Cited by
More filters
Proceedings ArticleDOI
04 May 1992
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >

1,571 citations

Book
25 Jul 2003
TL;DR: This book explains why "textbook crypto" is only good in an ideal world where data are random and bad guys behave nicely, and reveals the general unfitness of "textbooks crypto" for the real world by demonstrating numerous attacks on such schemes, protocols and systems under various real-world application scenarios.
Abstract: Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicelyIt reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal-world application scenarios This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (ie, fit-for-application) security properties, oftenwith security evidence formally established The book also includes self-containedtheoretical background material that is the foundation for modern cryptography

624 citations

Proceedings ArticleDOI
01 Apr 1997
TL;DR: A generic protocol for fair exchange of electronic goods with non-repudiation that does not involve a third party in the exchange in the fault-less case but only for recovery.
Abstract: We describe a generic protocol for fair exchange of electronic goods with non-repudiation. Goods can be signatures (i.e., non-repudiation tokens of public data), confidential data, or payments. The protocol does not involve a third party in the exchange in the fault-less case but only for recovery.

554 citations

Patent
07 Aug 1996
TL;DR: In this paper, a number of electronic communications methods are described involving a first party and a second party, with assistance from at least a trusted party (T), enabling electronic transactions in which the first party (A) has a message for the second party (B).
Abstract: A number of electronic communications methods are described involving a first party (A) and a second party (B), with assistance from at least a trusted party (T), enabling electronic transactions in which the first party (A) has a message for the second party (B). The first party (A), the second part (B), and the trusted party (T) undertake an exchange of transmissions (1, 2) at least one of which occurs electronically and in an encrypted manner, such that if all transmissions reach their destinations the second party only receives the message if the first party (A) receives at least one receipt. Preferably, the identity of the first party (A) is temporarily withheld from the second party (B) during the transaction. At least one receipt received to the first party (A) enables the first party to prove the content of the message received by the second party (B).

496 citations

Journal ArticleDOI
TL;DR: This paper extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS.
Abstract: The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer security, representing one of the biggest concerns for security professionals. MITM targets the actual data that flows between endpoints, and the confidentiality and integrity of the data itself. In this paper, we extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS. In particular, we classify MITM attacks based on several parameters, like location of an attacker in the network, nature of a communication channel, and impersonation techniques. Based on an impersonation techniques classification, we then provide execution steps for each MITM class. We survey existing countermeasures and discuss the comparison among them. Finally, based on our analysis, we propose a categorisation of MITM prevention mechanisms, and we identify some possible directions for future research.

409 citations