Add to ORKGAbstract. Protecting data is not simply a case of encrypt and forget: even data with full cryptographic confidentiality and integrity protection can still be subject to information leakage. We consider the issue of information leakage through side channels in protocols. Previous work by Bond and Clulow identified multiple vulnerabilities in APIs for financial PIN processing systems, and suggested remedies; however our work here shows that the fixes do not work, and that the problem of information leakage in these APIs has still not been adequately addressed. We argue that information flow and leakage analysis will play an important role in the security of encrypted databases in the future.
Secure communication channels are typically constructed from an authenticated key exchange (AKE) pro...
Across our digital lives, two powerful forces of data utility and data privacy push and pull against...
Security assurance is an important challenge for modern computing. Intentional information release (...
Abstract—Data fragmentation has recently emerged as a com-plementary approach to encryption for prot...
Data fragmentation has recently emerged as a complementary approach to encryption for protecting con...
Side-channel attacks are severe type of attack against implementation of cryptographic primitives. L...
Side-channel attacks are severe type of attack against implementation of cryptographic primitives. L...
Side-channel analysis is an important concern for the security of cryptographic implementations, and...
We examine some known attacks on the PIN verification framework, based on weaknesses of the underlyi...
AbstractWe consider the problem of implementing a security protocol in such a manner that secrecy of...
For most cases, people use an ecrypted mode when sending personal information to a server, via an el...
Tools for analysing secure information flow are almost exclusively based on ideas going back to Denn...
Abstract—Data leaks involve the release of sensitive infor-mation to an untrusted third party, inten...
Despite best efforts from security API designers, flaws are often found in widely deployed security ...
Web traffic is exposed to potential eavesdroppers, and despite the use of encryption mechanisms, it ...
Secure communication channels are typically constructed from an authenticated key exchange (AKE) pro...
Across our digital lives, two powerful forces of data utility and data privacy push and pull against...
Security assurance is an important challenge for modern computing. Intentional information release (...
Abstract—Data fragmentation has recently emerged as a com-plementary approach to encryption for prot...
Data fragmentation has recently emerged as a complementary approach to encryption for protecting con...
Side-channel attacks are severe type of attack against implementation of cryptographic primitives. L...
Side-channel attacks are severe type of attack against implementation of cryptographic primitives. L...
Side-channel analysis is an important concern for the security of cryptographic implementations, and...
We examine some known attacks on the PIN verification framework, based on weaknesses of the underlyi...
AbstractWe consider the problem of implementing a security protocol in such a manner that secrecy of...
For most cases, people use an ecrypted mode when sending personal information to a server, via an el...
Tools for analysing secure information flow are almost exclusively based on ideas going back to Denn...
Abstract—Data leaks involve the release of sensitive infor-mation to an untrusted third party, inten...
Despite best efforts from security API designers, flaws are often found in widely deployed security ...
Web traffic is exposed to potential eavesdroppers, and despite the use of encryption mechanisms, it ...
Secure communication channels are typically constructed from an authenticated key exchange (AKE) pro...
Across our digital lives, two powerful forces of data utility and data privacy push and pull against...
Security assurance is an important challenge for modern computing. Intentional information release (...