Manuel Leone

On the inherent space complexity of fast parallel multipliers for GF(2/sup m/)

A lower bound to the number of AND gates used in parallel multipliers for GF(2/sup m/), under the condition that time complexity be minimum, is determined. In particular, the exact minimum number of AND gates for primitive normal bases and optimal normal bases of Type II multipliers is evaluated. This result indirectly suggests that space complexity is essentially a quadratic function of m when time complexity is kept minimum.

A New Low Complexity Parallel Multiplier for a Class of Finite Fields

In this paper a new low complexity parallel multiplier for characteristic two finite fields GF(2m) is proposed. In particular our multiplier works with field elements represented through both Canonical Basis and Type I Optimal Normal Basis (ONB), provided that the irreducible polynomial generating the field is an All One Polynomial (AOP). The main advantage of the scheme is the resulting space complexity, significantly lower than the one provided by the other fast parallel multipliers currently available in the open literature and belonging to the same class.

A Mechanism for e-Banking Frauds Prevention and User Privacy Protection

In this paper we will discuss how recent trends in malware evolution will probably require a change of the internet banking security paradigms currently in use. Specifically, we will demonstrate how next generation malware may defeat the most recent strong authentication mechanisms put in place by several financial institutions. These new attacks clearly require a change on current schemes and, at the same time, a definitive reduction in the final user responsibility. Too often the user’s behavior adds a weak layer which can be exploited by several techniques, such as Social Engineering attacks. Therefore, a new generation of automatic and hardware-based mechanisms should be deployed, in order to both increase the security level intrinsically offered by the technology, and reducing the exposure to Social Engineering risks. They have to work transparently, minimizing any kind of misuse that could be source of vulnerabilities.

SC@CCO: a Graphic-Based Authentication System

At the present time, phishing attacks are more and more sophisticated and they continue to be an issue, especially for financial institutes. The most common defense mechanisms used today are effective if the phishing attack is passive, while completely useless in the case of active phishing attacks. To face both threats, we propose SC@CCO, an innovative system combining the security of challenge-response and two factor authentication mechanisms. SC@CCO uses an untrustworthy terminal, such as a shared computer, and an insecure channel, such as the Internet, to carry a graphic challenge from which a trusted mobile terminal computes the expected authentication response. The latter is shown to the user and subsequently submitted to the server, along with a personal identification number, in order to complete the authentication. The graphic challenge is obtained by encoding a challenge into a bi-dimensional barcode image. The trusted mobile terminal of the user must be equipped with a common digital camera and an appropriate client application. In the present approach, the personal mobile device plays the role of a security token able to authenticate, on one hand, who is issuing a transaction, and, on the other hand, the transaction data, with the advantage that the user does not have to install devices and/or software on an untrustworthy computer.