Ammar Alkassar

E-Voting and Identity

Overview on Remote Electronic Voting.- The Development of Remote E-Voting Around the World: A Review of Roads and Directions.- Remote Voting Schemes: A Comparative Analysis.- Internet-Voting: Opportunity or Threat for Democracy?.- Evaluation of Electronic Voting Systems.- Assessing Procedural Risks and Threats in e-Voting: Challenges and an Approach.- Compliance of RIES to the Proposed e-Voting Protection Profile.- Compliance of POLYAS with the BSI Protection Profile - Basic Requirements for Remote Electronic Voting Systems.- Electronic Voting in Different Countries.- Electronic Voting in Belgium: Past and Future.- The Digital Voting Pen at the Hamburg Elections 2008: Electronic Voting Closest to Conventional Voting.- The Security Analysis of e-Voting in Japan.- E-Voting and Trust.- Bingo Voting: Secure and Coercion-Free Voting Using a Trusted Random Number Generator.- Enhancing the Trust and Perceived Security in e-Cognocracy.- Improvements/Extensions of Existing Approaches.- Simulation-Based Analysis of E2E Voting Systems.- A Simple Technique for Safely Using Punchscan and Pret a Voter in Mail-In Elections.- Threat Analysis of a Practical Voting Scheme with Receipts.- Code Voting.- Secure Internet Voting with Code Sheets.- CodeVoting Protection Against Automatic Vote Manipulation in an Uncontrolled Environment.

Secure object identification: or: solving the Chess Grandmaster Problem

Many applications of cryptographic identification protocols are vulnerable against physical adversaries who perform real time attacks. For instance, when identifying a physical object like an automated teller machine, common identification schemes can be bypassed by faithfully relaying all messages between the communicating participants. This attack is known as mafia fraud.The Probabilistic Channel Hopping (PCH) system we introduce in this paper, solves this problem by hiding the conversation channel between the participants. The security of our approach is based on the assumption that an adversary cannot efficiently relay all possible communication channels of the PCH system in parallel.

Security Architecture for Device Encryption and VPN

Encryption systems are widely used to protect stored and communicated data from unauthorized access. Unfortunately, most software-based encryption products suffer from various vulnerabilities such as insecure storage and usage capabilities for security-critical cryptographic keys and operations. In this paper we present a security architecture that allows secure, reliable and user-friendly encryption of devices and of TCPIIP communication. The architecture is capable of using Trusted Computing functionalities and offers a security level which is comparable to a hardware based solution, but is far more cost-effective. We have already implemented a device encryption system and a VPN client. Moreover, the security architecture is an appropriate basis for many applications such as Enterprise Rights Management (ERM) and secure Online Banking.

Towards secure IFF: preventing mafia fraud attacks

Common identification schemes are vulnerable against real-time attacks, known as mafia frauds: unnoticed, an active adversary relays all messages between the participants - causing a misidentification with fatal consequences. No convincing practical solution is known so far, and even common security proofs explicitly omit such scenarios. We present an identification scheme that solves the problem by hiding the conversation channel between the participants using channel hopping (CH) techniques. Furthermore, we show that the security of our approach is only based on the assumption that an adversary cannot relay all channels of an CH system in parallel. Finally, we point out that the proposed scheme is also essential for a variety of civil applications.

Optimized Self-Synchronizing Mode of Operation

Modes of operation adapt block ciphers to many applications. Among the encryption modes, only CFB (Cipher Feedback) has both of the following properties: Firstly it allows transmission units shorter than the block-cipher length to be encrypted and sent without delay and message expansion. Secondly, it can resynchronize after the loss of such transmission units. However, CFB is inefficient in such applications, since for every transmission unit, regardless how short, a call to the block cipher is needed. We propose a new mode of operation based on CFB which remedies this problem. Our proposal, OCFB, is almost optimally efficient (i.e., almost as many message bits are encrypted as block-cipher output bits produced) and it can self-synchronize after the loss or insertion of transmission units. We prove the security of CFB and OCFB in the sense of modern cryptography.

Obtaining true-random binary numbers from a weak radioactive source

In this paper, we present a physical random number generator (RNG) for cryptographic applications. The generator is based on alpha decay of Americium 241 that is often found in common household smoke detectors. A simple and low-cost implementation is shown to detect the decay events of a radioactive source. Furthermore, a speed-optimized random bit extraction method was chosen to gain a reasonable high data rate from a moderate radiation source (0.1 μCi). A first evaluation by applying common suits for analysis of statistical properties indicates a high quality of the data delivered by the device.

Security framework for integrated networks

In the last few years extensive efforts have been done to consolidate the manifold network environments. The needed services are integrated in a clearly arranged network and thus, decreasing costs and personnel overhead. Research in network and distributed systems security has provided significant contributions for well-known security problems. However, this is mostly done on the cost of expense, scalability and performance. In this paper, we discuss the limitation of current security mechanisms in heterogeneous networks and present a general-purpose security framework for integrated networks which overcomes with the shortcomings of the present situation.

Securing Smartphone Compartments: Approaches and Solutions

This article describes and compares different approaches for smartphone security providing comprehensive information flow control. The basic application is to realize strong isolation between applications and data belonging to different security domains. E.g., separation of business and private apps and data. The article analyses the approaches and their basic technologies also with respect to their practicability.

Die Sicherheitsplattform Turaya

Die Sicherheitsplattform Turaya lost mit Hilfe von Trusted Computing Technologien essentielle Sicherheitsprobleme konventioneller IT-Systeme wie sie durch Viren, Trojaner und andere Schadsoftware verursacht werden. Daruber hinaus ermoglicht die Sicherheitsplattform die Durchsetzung von Sicherheitsregeln bei der Ausfuhrung eigener Inhalte und Dokumente auf fremden Systemen und schafft damit die Grandlage fur zahlreiche neue Geschaftsmodelle. In diesem Beitrag werden die Notwendigkeit fur eine solche Sicherheitsplattform motiviert, die technische Architektur skizziert und die grundlegenden Eigenschaften der Turaya-Architektur dargelegt.

Sicherheitskern(e) für Smartphones: Ansätze und Lösungen

ZusammenfassungDieser Artikel beschreibt die verschiedenen, heute verfolgten theoretischen und praktischen Lösungsansätze zur Trennung von Informationen aus unterschiedlichen Sicherheitsstufen. Ein typisches Anwendungsziel ist beispielswiese die Verwendung eines einzelnen Smartphones für die berufliche und private Nutzung.