Archive for April, 2008
[paper] On the security of Linux user passwords
This is a paper I wrote for one of my courses at university.
From the abstract:
In this paper we determine the security of user passwords on Linux
based operating systems. We have a look at the two basic security mech-
anisms passwords are created and stored using a reference Linux distri-
bution, locate common attack vectors and propose available countermea-
sures.
Extending the 4 primitives of cryptography
Dealing with all these new technologies like e-passport, the e-healt card, voting machines etc, I strongly encourage extending the 4 primitives of cryptography (and data security, from my point of view):
traditional primitives of cryptography:
- confidentiality
- authenticity
- integrity
- non-repudiation
proposal of an extension to the 4 primitives:
- privacy
- non-traceability
- non-linkability
literature on e-passports
As we are dealing with e-passports in one of our courses, we got to read some very interesting and quite shocking literarure.
I highly recommend everyone to read these ones:
1. The Evolution of RFID Security (take this as an introduction to RFID in general), link
2. Protection Profile for Machine Readable Travel Documents – Basic Access Control (BAC), link
3. Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC), link
4. E-Passport: The global Traceability or How to Feel Like an UPS Package (now it gets interesting), link
5. Security and Privacy Issues in E-Passport (personal favourite), link