Multi-layered crypto cloud integration of oPass

Abstract: NOTATION PREFACE CHAPTER 0 READER'S GUIDE CHAPTER 1 OVERVIEW PART ONE SYMMETRIC CIPHERS CHAPTER 2 CLASSICAL ENCRYPTION TECHNIQUES CHAPTER 3 BLOCK CIPHERS AND THE DATA ENCRYPTION STANDARD CHAPTER 4 INTRODUCTION TO FINITE FIELDS CHAPTER 5 ADVANCED ENCRYPTION STANDARD CHAPTER 6 MORE ON SYMMETRIC CIPHERS CHAPTER 7 CONFIDENTIALITY USING SYMMETRIC ENCRYPTION PART TWO PUBLIC-KEY ENCRYPTION AND HASH FUNCTIONS CHAPTER 8 INTRODUCTION TO NUMBER THEORY CHAPTER 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA CHAPTER 10 KEY MANAGEMENT OTHER PUBLIC-KEY CRYPTOSYSTEMS CHAPTER 11 MESSAGE AUTHENTICATION AND HASH FUNCTIONS 1 CHAPTER 12 HASH AND MAC ALGORITHMS CHAPTER 13 DIGITAL SIGNATURES AND AUTHENTICATION PROTOCOLS PART THREE NETWORK SECURITY PRACTICE CHAPTER 14 AUTHENTICATION APPLICATIONS CHAPTER 15 ELECTRONIC MAIL SECURITY CHAPTER 16 IP SECURITY CHAPTER 17 WEB SECURITY PART FOUR SYSTEM SECURITY CHAPTER 18 INTRUDERS CHAPTER 19 MALICIOUS SOFTWARE CHAPTER 20 FIREWALLS APPENDICES APPENDIX A STANDARDS AND STANDARD-SETTING ORGANIZATIONS APPENDIX B PROJECTS FOR TEACHING CRYPTOGRAPHY AND NETWORK SECURITY ONLINE APPENDICES APPENDIX C SIMPLIFIED DES APPENDIX D THE MEANING OF mod APPENDIX E MORE ON SIMPLIFIED AES APPENDIX F KNAPSACK PUBLIC-KEY ALGORITHM APPENDIX G PROOF OF THE DIGITAL SIGNATURE ALGORITHM GLOSSARY REFERENCES INDEX LIST OF ACRONYMS

Abstract: Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users' passwords are prone to be stolen and compromised under different threats and vulnerabilities. Firstly, users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites. Second, typing passwords into untrusted computers suffers password thief threat. An adversary can launch several password stealing attacks to snatch passwords, such as phishing, keyloggers and malware. In this paper, we design a user authentication protocol named oPass which leverages a user's cellphone and short message service to thwart password stealing and password reuse attacks. oPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases. Through oPass, users only need to remember a long-term password for login on all websites. After evaluating the oPass prototype, we believe oPass is efficient and affordable compared with the conventional web authentication mechanisms.

Abstract: The Current trend of computer technology is towards secure computation and communication between parties which requires strong cryptography algorithms, especially with agent based issues. Since random number generators are the main constituents of such algorithms and autonomous actions, they are required to be fast and adequately secure. Although there are some good quality and fast approaches, most of them either use large primes (which are hard to handle) or the cost of getting data from the source is very high. With respect to these drawbacks and considering current expectations, a fast and easy way to implement Pseudo Random Number Generator (PRNG) and its application in mobile agent environment is proposed. The proposed approach uses Java Garbage Collector data to generate the key of the Polymorphic Encryption and Decryption (PED) encryption algorithm. Since Garbage Collector is run by Java Virtual Machine as default, no additional computation is required. According to the test conducted, it has high entropy and hashes of the Garbage Collector outputs are unique.