Showing papers in "Computers & Security in 2000"
••
211 citations
••
TL;DR: This paper presents a secure method for protecting passwords while being transmitted over untrusted networks and introduces a new scheme that only employs a collision-resistant hash function such as SHA-1.
126 citations
••
TL;DR: It is concluded that whilst there is still an element of reluctance amongst users to depart from the familiar password based mechanisms, many are convinced of the need for improved authentication controls.
120 citations
••
TL;DR: Over the last 10 years or so the focus of ‘selling’ information security has been towards identifying the ‘need’ for information security, obtaining board approval and senior management support.
90 citations
••
TL;DR: In the second part of this article my attempt is to highlight the significant importance that business processes and internal controls have in IS risk management.
87 citations
••
TL;DR: A hierarchical framework will be developed in terms of which to elucidate ill-defined terms and concepts of IS management and issues such as certification, benchmarking, guidelines and codes of practice will come under consideration.
87 citations
••
TL;DR: This article will be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both electronic and procedural perspectives.
75 citations
••
TL;DR: This paper will provide a formalized approach towards identifying a set of controls meeting the business needs and also suggest a model whereby this can be evaluated and certified and the trust that is required for electronic commerce can be provided.
51 citations
••
TL;DR: For the purposes of this article I will concentrate on a practical risk analysis approach as part of the development of a structured BCM programme.
51 citations
••
TL;DR: It is tentatively concluded that the formulation techniques employed have only a small effect on ease of recall, and future research on the utility of word associations as computer passwords needs to be based in a real computer security setting.
48 citations
••
TL;DR: This paper argues that integrity of authentication data is the primary security requirement and that confidentiality is secondary, even though the majority of authentication schemes today encrypt PINs and passwords.
••
TL;DR: This is highly theoretical and not all that new, said Russ Cooper, who pointed out that to infect a computer, the virus would have to infect the main stream of the program, which would make it visible to current anti-virus programs.
••
TL;DR: Claims that the information theoretic notion of altering the information content gained by intelligence efforts and the workload associated with attacking and defending systems and the mathematical foundation for this aspect of deception as a tool for network defence are examined.
••
TL;DR: It is argued that a policy repository may serve as the basic component of a software tool for the management of multiple security policies and the application of the Metapolicy Development System, which is implemented in Telos, an object-oriented knowledge representation language.
••
TL;DR: The unified, abstract KEYSTONE Public Key Infrastructure is presented, which consists of a reference model, a functional architecture specification, and a set of technologies that can be used for implementing the functional units, along with all relevant standards.
••
TL;DR: This paper describes a method for assuring that the RSA primes generated by two different parties will always be different, which will make the entire class of attacks obsolete.
••
[...]
TL;DR: Reading is a need and a hobby at once and this condition is the on that will make you feel that you must read.
••
TL;DR: GSM voice data encryption is an exception to the general rule that none of the currently used protocols are inherently equipped with security functionality, or that these functions are best assessed as insufficient.
••
TL;DR: A common Key Recovery Block (KRB) format is being proposed to facilitate interoperability between heterogeneous key recovery systems, and serves as a container for mechanism-specific key recovery information, and supports techniques to identify and optionally validate the contained key recovery Information.
••
TL;DR: Several generic technologies, together with desirable characteristics of cryptographic information/key recovery techniques, are described and a continuum of functionality is defined.
••
TL;DR: In this paper, the authors examine security in systems based on Intel x86 architecture and cover aspects from timing attacks to the prevention of service bugs, and introduce some new techniques focused on multiprocessor systems.
••
TL;DR: This document describes a mechanism for transmitting a key recovery header (KRH) within an IPSEC datagram that is normally inserted following the AH header and before the ESP header.
••
TL;DR: Richard Barber, group technical advisor of Articon-Integralis looks, at the evolution of tele- and data-communications systems and assesses the potential advantages for mobile security offered by technologies like Bluetooth.
••
TL;DR: This document describes the proposed approach for negotiating and exchanging key recovery information within the Internet Security Association Key Management Protocol (ISAKMP).
••
TL;DR: This paper presents a generic electronic payment model which is intended for a multi-merchant transaction, in which more than one merchant (the retailer, multiple resellers and content providers) are involved in the distribution of electronic contents.
••
TL;DR: This is highly theoretical and not all that new, but it is pointed out that to infect a computer, the virus would have to infect the main stream of the program, which would make it visible to current anti-virus programs.
••
••
••
TL;DR: This work states that there is a new, ever-increasing threat to the security of information systems and the information that they store, process and transmit that is global in nature and it is network-enabled espionage.