About: Zero Knowledge Systems is a based out in . It is known for research contribution in the topics: The Internet & Traffic analysis. The organization has 7 authors who have published 11 publications receiving 2471 citations.
••16 Jul 2001
TL;DR: Several serious security flaws in the Wired Equivalent Privacy protocol are discovered, stemming from mis-application of cryptographic primitives, which lead to a number of practical attacks that demonstrate that WEP fails to achieve its security goals.
Abstract: The 802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, used to protect link-layer communications from eavesdropping and other attacks. We have discovered several serious security flaws in the protocol, stemming from mis-application of cryptographic primitives. The flaws lead to a number of practical attacks that demonstrate that WEP fails to achieve its security goals. In this paper, we discuss in detail each of the flaws, the underlying security principle violations, and the ensuing attacks.
••01 Jan 2001
TL;DR: In this article, the authors present the traffic analysis problem and expose the most important protocols, attacks, and design issues, and propose directions for further research, but no complex definitions and proofs are presented.
Abstract: We present the traffic analysis problem and expose the most important protocols, attacks and design issues. Afterwards, we propose directions for further research. As we are mostly interested in efficient and practical Internet based protocols, most of the emphasis is placed on mix based constructions. The presentation is informal in that no complex definitions and proofs are presented, the aim being more to give a thorough introduction than to present deep new insights.
••28 Oct 2004
TL;DR: This paper presents a protocol for secure online communication, called "off-the-record messaging", which has properties better-suited for casual conversation than do systems like PGP or S/MIME.
Abstract: Quite often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity.In this paper, we argue that most social communications online should have just the opposite of the above two properties; namely, they should have perfect forward secrecy and repudiability. We present a protocol for secure online communication, called "off-the-record messaging", which has properties better-suited for casual conversation than do systems like PGP or S/MIME. We also present an implementation of off-the-record messaging as a plugin to the Linux GAIM instant messaging client. Finally, we discuss how to achieve similar privacy for high-latency communications such as email.
••25 Apr 2001
TL;DR: In light of these observations, the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity are discussed.
Abstract: We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network  and PipeNet . Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.
•08 Nov 2002
TL;DR: A model is presented that will help provide a formal foundation for when the practitioner should apply security updates, providing both mathematical models of the factors affecting when to patch and collecting empirical data to give the model practical value.
Abstract: Security vulnerabilities are discovered, become publicly known, get exploited by attackers, and patches come out. When should one apply security patches? Patch too soon, and you may suffer from instability induced by bugs in the patches. Patch too late, and you get hacked by attackers exploiting the vulnerability. We explore the factors affecting when it is best to apply security patches, providing both mathematical models of the factors affecting when to patch, and collecting empirical data to give the model practical value. We conclude with a model that we hope will help provide a formal foundation for when the practitioner should apply security updates.
Related Institutions (5)
89 papers, 9K citations
5.5K papers, 483.1K citations
Beijing University of Posts and Telecommunications
41.5K papers, 403.7K citations
3.7K papers, 113K citations
Institute for Infocomm Research Singapore
7.9K papers, 212.2K citations