Posts filed under: Security Engineering

IPSec, S/MIME and XMLDSig

Nowadays, most of the communications are done over the Internet, which are all based upon IP (internet protocol), though it is worth looking at methods to secure at TCP IP protocol’s level. IPSec operates at the network layer and does...
Continue Reading →

CyberSecurity for dummies !!

    A PTs (advanced persistent threats) have changed the world of enterprise security and how networks and organizations are attacked While no single solution will solve the problem of advanced threats on its own, next-generation security provides the unique...
Continue Reading →

Theory and practice behind full disclosure of security vulnerabilities

The efficiency of software cannot only be determined by the performance and business efficiency, but also the security and bug free characteristics Even after all the software planning and tests, vulnerabilities could be detected later ...
Continue Reading →

Open/Closed source software

What is open source software? Open source software is a solution where not only the complied version of the product is provided, but also the source code So advanced users can have a look on the source of the software...
Continue Reading →

Micropayments

Internet has opened new market ways and gave a new vision and new methods of selling products PayPal micropayment is an example of many other platforms of micropayment, and the same challenges apply to all these systems: Micropayments revisited ...
Continue Reading →

Steganography and watermarking

Protecting images is not obvious, considering the wide spread of images especially after the appearance of Internet Images are used in different areas (products, banners, logos …etc.) and sometimes it’s crucial to protect images from illegal usage same as audio...
Continue Reading →

DRM Protection

Previously suggested digital content copyright protection systems (e.g., Pay-TV, DVD) are generally all broken Do you think it is possible to protect the copyright of digital contents The goals of DRM technics have evolved since the first versions, initially it...
Continue Reading →

Network Security

Since the appearance of ARPANET and the interconnection of networks, security was in most debates for new network design, existing networks audit or systems design Some of the tools are very robust and provided a very acceptable and hard to...
Continue Reading →

Phishing, Pharming, Vishing

Different kind of attacks exist nowadays, such the viruses, spams, phishing, DOS or DDOS …etc. If we think about phishing in another context rather than computing, the first image I get in mind is the fish phishing using a hook...
Continue Reading →

Basic security recommendations

OS hardening To protect against misconfiguration-based attacks, install the very good hardening utility Bastille (http://sourceforge.net) Bastille essentially closes all the doors left open in a default installation. Network services access control Secure Remote Access ...
Continue Reading →

Physical tamper-resistant devices

0-    Introduction to physical tamper-resistant devices Anti-tamper device contains tamper detection, tamper resistance, tamper response and tamper detection (Rannenberg et.al, 2010). Different types of physical tamper-resistant devices exist Physical Tamper Resistance Tamper resistant devices ...
Continue Reading →

Identity Based Cryptosystems

Another method or implementation of cryptography is the Identity based which derives from the public-key cryptography If we deploy Identity Based Cryptosystem, do we still need password? Will identity based cryptosystem replace PKI? ...
Continue Reading →

Tamper proof software

One of the interesting aspects of security is the tamper resistance, which are couple of technics and approaches aiming to avoid data, software or devices getting changed or altered by unauthorized persons or processes Tamper resistance can be used to...
Continue Reading →

Role based access control

One of the security concerns is the access control, which consists in managing who (person or system) could access which object and how (operation) In the context of multi users and multi applications, the Role based access control is a...
Continue Reading →

Nuclear Command and Control

Authentication code In a military system, authentication should be secure unconditionally In order for Alice to send an authenticated message m to Bob (we assume that m is also an element from the same finite field), Alice could send the...
Continue Reading →

The Clark-Wilson Model

The Clark-Wilson Model The Clark-Wilson (CW) model consists of subject/program/object triples and rules about data, application programs and triples Data modified by transformational procedures are called constrained data items (CDI) ...
Continue Reading →

Hard Disk Encryption

Different applications have been used to secure data, most of them have been cracked after some time. Hard drives and USB drives can holds very sensitive and confidential data, loosing them or a laptop can put us at risk, this...
Continue Reading →

Password protocols in Microsoft products

Microsoft plays a major role in the computing domain and is considered one of the leaders in term of solutions and software development Microsoft has developed couple of protocols and techniques for password using (Authentication) and changing The Microsoft ...
Continue Reading →

Protecting personal credentials used for authentication, access control, and user session support.

Security as a major concern can be addressed from different angles, even the security specialists might have different definitions and visions In the past, data was stored locally, no inter-connexion,  no door from/to the external word, getting access to that...
Continue Reading →
Show Buttons
Hide Buttons