The use of programmatically generated input data in place of human-generated input data poses problems for many computer applications in use today. Mouse clicks and keyboard strokes can automatically be generated to cheat in online games, or to perpetrate click fraud. The ability to discern whether input data was computationally generated instead of created by a human input device is therefore of paramount importance to these types of applications. This paper describes a method for detecting input data that was computationally modified or fabricated. This includes detecting data that was not directly generated by a physical human input device such as a keyboard or mouse. A prototype of this system was built on existing hardware and was shown to be effective at detecting attacks on a real application. This detection method is capable of addressing the majority of input-based attacks currently in use. When used in conjunction with a trusted peripheral, it offers a robust mechanism for ensuring a computer is not at the controls.

This paper introduces a chosen-plaintext vulnerability in the Secure Sockets Layer (SSL) and Trasport Layer Security (TLS) protocols which enables recovery of low entropy strings such as can be guessed from a likely set of 2--1000 options. SSL and TLS are widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL and TLS standards mandate the use of the cipher block chaining (CBC) mode of encryption which requires an initialization vector (IV) in order to encrypt. Although the first IV used by SSL is a (pseudo)random string which is generated and shared during the initial handshake phase, subsequent IVs used by SSL are chosen in a deterministic, predictable pattern; in particular, the IV of a message is taken to be the final ciphertext block of the immediately-preceding message, and is therefore known to the adversary. The one-

This paper investigates compression of encrypted data. It has been previously shown that data encrypted with Vernam’s scheme [1], also known as the one-time pad, can be compressed without knowledge of the secret key, therefore this result can be applied to stream ciphers used in practice. However, it was not known how to compress data encrypted with non-stream ciphers. In this paper, we address the problem of compressing data encrypted with block ciphers, such as the Advanced Encryption Standard (AES) used in conjunction with one of the commonly employed chaining modes. We show that such data can be feasibly compressed without knowledge of the key. We present performance results for practical code constructions used to compress binary sources. 1

Abstract—Database security has become a vital issue in modern Web applications. Critical business data in databases is an evident target for attack. Therefore, ensuring the confidentiality, privacy and integrity of data is a major issue for the security of database systems. Recent high profile data thefts have shown that perimeter defenses are insufficient to secure sensitive data. Encryption is a well established technology for protecting sensitive data, but developing a database encryption strategy must take many factors into consideration. In the case of semitrusted databases where the database contents are shared between many parties, using server-based encryption (server encrypts all data) or client-based encryption (client encrypts all data) is not sufficient to protect semi-trusted databases. This paper presents a practical implementation of field level encryption in the semi-trusted database system by encrypting database content in a mixed form. Our solution is called Mixed Cryptography Database (MCDB), which is based on a columnbased data classification. In this paper, we evaluate the validity and effectiveness of the mixed encryption architecture over the semi trusted database. Also, we make a comparison for query processing performance between our proposed framework, clientbased, server-based encryption approaches and plaintext database. The proposed framework is very useful in strengthening the protection of sensitive data even if the database server is attacked at multiple points from the inside or outside with additional performance cost in the query processing. Index Terms — Database cryptography, server-based encryption, client-based encryption, semi-trusted database, mixed

We revisit the problem of cross-domain secure communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a four-party password-based authenticated key exchange (4PAKE) protocol that takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that “certify ” some key materials that the users can subsequently exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange protocol and two-party asymmetric-key based key exchange protocol as black boxes, we combine them to obtain a generic and provably secure 4PAKE protocol. Keywords: Password-based protocol, key exchange, cross-domain, client-to-client. 1