Computer A nalysts frequently describe troubled projects with the tar pit metaphor used so effectively in Fred Brooks’s The Mythical Man-Month (2nd ed., AddisonWesley, Reading, Mass., 1995). We have found a similarly effective metaphor: Think of a troubled software project as an insect caught in a spiderweb of sticky constraints, trying desperately to break free before the spider arrives to feed.

The protocol is, however, susceptible to a man-in-the-middle attack [3], in which the adversary (Eve) intercepts a message from Alice and creates a new message to send to Bob (Fig.1). Eve performs the exchange with Alice using the original message, while Bob performs the exchange using the newly created message. At the final stage, Eve has the original message in decrypted form, while Bob has t...

In this paper, we investigate the current state of practice about mixed-content websites, websites that are accessed using the HTTPS protocol, yet include some additional resources using HTTP. Through a large-scale experiment, we show that about half of the Internet’s most popular websites are currently using this practice and are thus vulnerable to a wide range of attacks, including the steali...

Peter Barnes (U Sydney), Kate Brooks (ATNF), Michael Burton (UNSW), Maria Cunningham (UNSW), John Dickey (U Tasmania), Phil Edwards (ISAS), Ron Ekers (ATNF), Yasuo Fukui (U Nagoya), Annie Hughes (Swinburne U), Ilana Klamer (U Sydney / ATNF), Vincent Minier (CEA Saclay), Erik Mueller (ATNF), Juergen Ott (ATNF), Bob Sault (ATNF), Mark Thompson (U Hertfordshire), Andrew Walsh (UNSW), Tony Wong (UN...

The integration of Near Field Communication (NFC) into consumer electronics devices has opened up opportunities for the internet of things applications such as electronic payment, electronic ticketing and sharing contacts, etc.. Meanwhile, various security risks should not be ignored. Therefore, all kinds of different protocols have been released with the purposing of securing NFC communication...

The Man-In-The-Middle (MITM) attack is one of the most common attacks employed in the network hacking. MITM attackers can successfully invoke attacks such as denial of service (DoS) and port stealing, and lead to surprisingly harmful consequences for users in terms of both financial loss and security issues. The conventional defense approaches mainly consider how to detect and eliminate those a...

Unconditionally secure authentication codes with arbitration (A 2-codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. In this paper, we present combinatorial lower bounds on the cheating probabilities and the sizes of keys of A 2-codes. Especially, our bounds for A 2-codes without secrecy are all tight for small size of source states. Our m...

We present new physical bounds on quantum information, and use them to prove the security of quantum cryptography against a large class of collective attacks. Such attacks are directed against the final key, and security against them suggests that quantum cryptography is ultimately secure.

Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate the feasibility of our attack. The friend injection attack enables a stealth infiltrat...

In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/ incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invoking the PRF assumption alone: one leads to dist...