@INPROCEEDINGS{Gosl8508:Software,
AUTHOR="Gosler, James R.",
TITLE="Software protection: myth or reality?",
BOOKTITLE="CRYPTO 85",
ORGANIZATION="International Association for Cryptologic Research; IEEE",
ADDRESS="Santa Barbara, California",
YEAR=1985,
MONTH=aug,
PAGES="140--157",
ABSTRACT="Staggering amounts of commercial software are marketed to
fulfill needs from the PC explosion. Unfortunately, such software is
trivial to duplicate! From the vendors' viewpoint a way to protect
profit is needed. Typically, they have resorted to various schemes that
attempt to inhibit the duplication process. Although protection of
future profit is important, so is protection against current loss.
Commercial and business related software must be adequately protected
lest data be stolen or manipulated. However, more important than any of
these classes is protection of government computer resources, especially
classified and operational software and data. Loss of control in this
realm could be detrimental to national security. This paper addresses
current technologies employed in protection schemes: signatures
(magnetic and physical) on floppy disks, software analysis denial (SAD),
hardware security devices (HSD), and technology denial concepts (TDC0
are presented, with an emphasis on SAD. Advantages and disadvantges of
these schemes will be clarified.",
KEYWORDS="security; piracy; encryption; reverse engineering",
ENTRYBY=Sc
}

@ARTICLE{Mira9302:Software,
AUTHOR="Mirabella, Richard",
TITLE="Software Control",
JOURNAL="SunWorld",
MONTH=feb,
YEAR=1993,
VOLUME=6,
NUMBER=2,
PAGES="76--80",
ABSTRACT="How developers control software by license management,
controlling execution instead of copying.",
KEYWORDS="operating systems; security; license management; copyright",
ENTRYBY=Sc
}

@INPROCEEDINGS{Wagn8304:Fingerprinting,
AUTHOR="Wagner, Neal R.",
TITLE="Fingerprinting",
BOOKTITLE="Proceedings of the 1983 Symposium on Security and Privacy",
ORGANIZATION="IEEE",
ADDRESS="Oakland, California",
YEAR=1983,
MONTH=apr,
PAGES="18--22",
ABSTRACT="This paper presents a general discussion of the use of
fingerprints, especially fingerprinted data. Fingerprinting is
classified in four orthogonal ways, and some illustrated examples are
given. The basis for a statistical analysis of altered fingerprints is
presented, along with an example simulation. The possibility of more
subtle fingerprints is discussed.",
KEYWORDS="security; copyright; fingerprint; identification",
ENTRYBY=Sc
}

@INPROCEEDINGS{Ostr8908:Efficient,
AUTHOR="Ostrovsky, Rafail",
TITLE="An efficient software protection scheme",
BOOKTITLE="Advances in Cryptology --- CRYPTO '89",
ORGANIZATION="International Association for Cryptologic Research",
ADDRESS="Santa Barbara, California",
YEAR=1989,
MONTH=aug,
VOLUME=435,
EDITOR="Brassard, G.",
NOTE="Lecture Notes in Computer Science",
PUBLISHER="Springer Verlag",
PAGES="610--611",
ABSTRACT="In 1979 Pippenger and Fischer showed how a two-tape Turing
machine whose head positions (as a function of time) are independent of
the input, can simulate, on-line, a one-tape Turing Machine with a
logarithmic slowdown in the running time. We show a similar result for
random-access machine (RAM) model of computation. In particular, we show
how to do an on-line simulation of arbitrary RAM program by
probabilistic RAM whose memory access pattern is independent of the
program which is being executed with a poly-logarithmic slowdown in the
running time. A main application of our result concerns software
protection, one of the most important issues in computer practice. A
theoretical formulation of the problem for a generic one-processor,
random-access machine (RAM) model of computation was given by Goldreich.
In this paper, we present a simple and an efficient software protection
scheme for this model. In particular, we show how to protect any program
at the cost of a poly-logarithmic slowdown in the running time of the
protected program, previously conjectured to be impossible.",
KEYWORDS="security; cryptography; software protection",
ENTRYBY=Sc
}

@INPROCEEDINGS{Chau8908:Undeniable,
AUTHOR="Chaum, David",
TITLE="Undeniable signatures",
BOOKTITLE="Advances in Cryptology --- CRYPTO '89",
ORGANIZATION="International Association for Cryptologic Research",
ADDRESS="Santa Barbara, California",
YEAR=1989,
MONTH=aug,
VOLUME=435,
EDITOR="Brassard, G.",
NOTE="Lecture Notes in Computer Science",
PUBLISHER="Springer Verlag",
PAGES="212--216",
ABSTRACT="An undeniable signature, like a digital signature, is a number
issued by a signer that depends on the signer's public key and the
message signed. Unlike a digital signature, however, an undeniable
signature cannot be verified without the signer's cooperation.",
KEYWORDS="security; cryptography; digital signature; authentication;
non-repudiation",
ENTRYBY=Sc
}

@INPROCEEDINGS{Feld8908:UNIX,
AUTHOR="Feldmeier, David C. and Karn, Philip R.",
TITLE="{UNIX} password security -- ten years later",
BOOKTITLE="Advances in Cryptology --- CRYPTO '89",
ORGANIZATION="International Association for Cryptologic Research",
ADDRESS="Santa Barbara, California",
YEAR=1989,
MONTH=aug,
VOLUME=435,
EDITOR="Brassard, G.",
NOTE="Lecture Notes in Computer Science",
PUBLISHER="Springer Verlag",
PAGES="44--63",
ABSTRACT="Passwords in the UNIX operating system are encrypted with the
crypt algorithm and kept in the publicly-readable file /etc/passwd. This
paper examines the vulnerability of UNIX to attacks on its password
system. Over the past 10 years, improvements in hardware and software
have increased the crypts/second/dollar ratio by five orders of
magnitude. We reexamine the UNIX password system in light of these
advances and point out possible solutions to the problem of easily-found
passwords. The paper discusses how the authors built some high-speed
tools for password cracking and what elements were necessary for their
success. These elements are examined to determine if any of them can be
removed from the hands of a possible system infiltrator, and thus
increase the security of the system. We conclude that the single most
important step that can be taken to improve password security is to
increase password entropy.",
KEYWORDS="security; cryptography; passwords; encryption; crypt; UNIX",
ENTRYBY=Sc
}

@INPROCEEDINGS{Chau8908:Untraceable,
AUTHOR="Chaum, David and Fiat, Amos and Naor, Moni",
TITLE="Untraceable electronic cash",
BOOKTITLE="Advances in Cryptology --- CRYPTO'88",
ORGANIZATION="International Association for Cryptologic Research",
ADDRESS="Santa Barbara, California",
YEAR=1989,
MONTH=aug,
VOLUME=403,
EDITOR="Goldwasser, S.",
NOTE="Lecture Notes in Computer Science",
PUBLISHER="Springer Verlag",
PAGES="319--327",
KEYWORDS="security; cryptography; electronic cash; privacy; electronic
banking; electronic commerce",
ENTRYBY=Sc
}

@INPROCEEDINGS{Damg8908:Payment,
AUTHOR="Damg\aa",
TITLE="Payment systems and credential mechanisms with provable security
against abuse by individuals",
BOOKTITLE="Advances in Cryptology --- CRYPTO'88",
ORGANIZATION="International Association for Cryptologic Research",
ADDRESS="Santa Barbara, California",
YEAR=1989,
MONTH=aug,
VOLUME=403,
EDITOR="Goldwasser, S.",
NOTE="Lecture Notes in Computer Science",
PUBLISHER="Springer Verlag",
PAGES="328--335",
KEYWORDS="security; cryptography; electronic cash; credential;
electronic banking",
ENTRYBY=Sc
}

@INPROCEEDINGS{Low94:Anonymous,
AUTHOR="Low, Steven and Maxemchuk, Nicholas F. and Paul, Sanjoy",
TITLE="Anonymous Credit Cards",
BOOKTITLE="submitted to 1994 IEEE Symposium on Research in Security and
Privacy",
ORGANIZATION="IEEE",
ADDRESS="Oakland, California",
YEAR=1994,
ABSTRACT="This paper describes a novel technique for generating an
anonymous credit card which combines the privacy of cash transactions
with the security, record-keeping and charging mechanisms of credit
cards. Using this scheme, and individual can make purchases without
revealing his identity while a shop can sell items to an unknown
individual without the fear of being cheated.",
URL="ftp://research.att.com/dist/anoncc/anoncc.ps.Z",
KEYWORDS="electronic cash; anonymous credit cards; mercantile protocols",
ENTRYBY=Kr
}

@ARTICLE{Low94:Collusion,
AUTHOR="Low, Steven and Maxemchuk, Nicholas F. and Paul, Sanjoy",
TITLE="Collusion in a Multi-party Communications Protocol for Anonymous
Credit Cards",
JOURNAL="submitted to IEEE/ACM Transactions on Networking",
ORGANIZATION="IEEE",
YEAR=1994,
ABSTRACT="We proposed in [8] a novel scheme to implement an anonymous
credit card that protects privacy while providing the security, record-
keeping, and charging mechanism of conventional credit cards. The key
idea is to use cryptographic techniques to allow two parties to
commuincate without knowing each other. In this paper we present a
formal method to study collusion in the multi-party communication
protocol in [8]. Application of the method to our protocol leads to a
simplified implementation of anonymous credit cards that is equally
secure.",
KEYWORDS="electronic cash; anonymous credit cards; mercantile protocols",
ENTRYBY=Kr
}

@TECHREPORT{Yasi9312:Evaluating,
AUTHOR="Yasinsac, Alec F. and Wulf, William A.",
TITLE="Evaluating cryptographic protocols",
INSTITUTION="Department of Computer Science, University of Virginia",
ADDRESS="Charlottesville, Virginia",
TYPE="Technical Report",
MONTH=dec,
YEAR=1993,
NUMBER="CS-93-66",
ABSTRACT="Cryptographic protocol (CP) analysis is a topic of intense
research. Meadows describes four approaches to CP verification under
investigation in (Meadows 1992) and several authors have categorized
protocols based on types of errors they are subject to (Bird 1992,
Syverson 1993). This paper addresses the weakness injected into
protocols when information is passed in the clear or encrypted only
under the private key of a public/private key pair. We also propose a
method for logically analyzing protocols based on action list analysis
of valid and compromised protocol runs interleaved with action lists of
intruders conducting known attacks.",
KEYWORDS="cryptography; protocols; protocol verification",
URL="ftp://uvacs.cs.virginia.edu/pub/techreports/CS-93-66.ps.Z",
ENTRYBY=Sc
}

@ARTICLE{Mace9401:Cairo,
AUTHOR="Mace, Scott",
TITLE="Cairo to feature {RSA} database protection",
JOURNAL="Infoworld",
MONTH=jan,
YEAR=1994,
VOLUME=16,
NUMBER=3,
KEYWORDS="Microsoft; Windows; security; operating systems",
ENTRYBY=Sc
}

@INCOLLECTION{Pren9105:Information,
AUTHOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
TITLE="Information authentication: hash functions and digital signatures",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="87-131",
REFERENCES=150,
ABSTRACT="The goal of this paper is to discuss techniques for the
protection of the authenticity of information. The theoretical
background is sketched, but most attention is paid to overview the
large number of practical constructions and digital signatures.",
KEYWORDS="security; cryptography; digital signature; authentication;
MD2; MD4; MD5",
ENTRYBY=Sc
}

@INCOLLECTION{Chau9105:Numbers,
AUTHOR="Chaum, David",
TITLE="Numbers can be a better form of cash than paper",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="174--178",
REFERENCES=10,
KEYWORDS="security; cryptography; digital cash; electronic funds
transfer; authentication",
ENTRYBY=Sc
}

@INCOLLECTION{Vers9105:ISO,
AUTHOR="Verschuren, Jan and Govaerts, Ren\'e and Vandewalle, Joos",
TITLE="{ISO-OSI} security architecture",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="179--192",
REFERENCES=6,
ABSTRACT="The Reference Model for Open Systems Interconnection
(OSI-RM) enables two APs -- residing on different end-systems -- to
exchange information with each other. In case the information
exchanged is transmitted via public telecommunication lines, certain
attacks can be envisaged. Here the OSI-RM is described as well as the
attacks threatening the transmitted information. Subsequently security
services are indicated which can protect the communication between two
APs. Equipping the OSI-RM with security services can make it possible
for APs to exchange information in a secure way. Guidelines are given
with respect to the integration of security services in the OSI-RM.",
KEYWORDS="security; OSI; reference model",
ENTRYBY=Sc
}

@INCOLLECTION{deWa9105:Better,
AUTHOR="de Waleffe, Dominique and Quisquater, Jean-Jacques",
TITLE="Better login protocols for computer networks",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="50--70",
REFERENCES=16,
ABSTRACT="Authenticating computer users is a fairly old problem.
Password based solutions were acceptable until the growth of computer
networks based on insecure communications. Today many systems still
use fixed passwords as a means of authentication. We show in this
paper how an old scheme by Lamport can be used to provide more
security. Relying on that scheme and zero-knowledge techniques, we
show extensions providing much more general access control mechanisms.
Those extensions can be exploited in several ways: to authenticate
users in computer networks, to provide users with access tickets or
provide servers with proofs of usage. We also show how, in a single
transaction, a user can prove this authenticity as well as prove his
possession of a ticket. Finally, we explain how smart cards make those
protocols very practical.",
KEYWORDS="security; authentication; access control; login; smart card",
ENTRYBY=Sc
}

@INCOLLECTION{vanT9105:Secret,
AUTHOR="van Tilburg, Johan",
TITLE="Secret-key exchange with authentication",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="71--86",
REFERENCES=18,
ABSTRACT="This paper provides an outline for the second lecture on
authentication protocols and deals with the secret-key exchange
protocols. The object is to encourage the interested reader to obtain
and study the original papers, and papers related to this subject.",
KEYWORDS="security; authentication; encryption; secret key;
public-key; Diffie-Hellman; ElGamal; zero-knowledge",
ENTRYBY=Sc
}

@INCOLLECTION{Pren9105:Standardization,
AUTHOR="Preneel, Bart",
TITLE="Standardization of Cryptographic Techniques",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="162--173",
REFERENCES=65,
ABSTRACT="An overview of standardization activities in the field of
cryptography is given, including a description of worldwide, European,
and North-American standard organizations. More details are given on
the status of the work on open systems and within the committees
ISO/TC68 and ISO/IEC JTC1/SC27.",
KEYWORDS="security; standardization; OSI; ISO",
ENTRYBY=Sc
}

@INCOLLECTION{Fumy9105:Local,
AUTHOR="Fumy, Walter",
TITLE="(Local Area) Network Security",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="211--226",
REFERENCES=23,
ABSTRACT="The most obvious threats to information security are those
concerning data while being transmitted over a network. A secure
network must provide for data confidentiality, for authentication of
the originator of a message and for protection against unauthorized
changes of the data transmitted. Since local area networks are not
confined to small areas anymore, the need for LAN security also has
become commonly recognized. Only a few vendors of networking equipment
have responded yet to this need, also progress in network security
standards is relatively slow.",
KEYWORDS="security; LAN; local area network",
ENTRYBY=Sc
}

@INCOLLECTION{Vedd9105:Security,
AUTHOR="Vedder, Klaus",
TITLE="Security aspects of mobile communications",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="193--210",
REFERENCES=20,
ABSTRACT="Security requirements and services of a mobile communication
system differ, due to the radio communication between the user and the
base station, extensively from those of a fixed network. There is no
physical link in the form of a (fixed) telephone line between the user
and the local exchange, which could serve to ``identify'' the user for
routing and charging purposes. His identity has to be verified over an
air interface. Authentication by mean of cryptographic procedures is
thus required to stop impostors from taking on the identity of
somebody else and ``transferring'' calls and charges. Eavesdropping on
the radio path and intercepting a conversation or data or tracing the
whereabouts of a user by listening to signalling data are other
serious threats. This paper discusses the countermeasures designed
into one of the most advanced radio networks, the Global System for
Mobile Communications, as well as some security aspects of the network
management related to these features. Some of the differences between
this system and the planned Digital European Cordless Telephone system
are highlighted.",
KEYWORDS="security; GSM; authentication; mobile telephony; DECT",
ENTRYBY=Sc
}

@INCOLLECTION{DeDe9105:Unix,
AUTHOR="De Decker, Bart",
TITLE="Unix Security and {Kerberos}",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="257--274",
REFERENCES=12,
ABSTRACT="This paper discusses some security issues related to the
UNIX operating system, which is today the de facto standard Operating
System. The authentication mechanism has been focused on, both in a
central system and in a networked environment. It is shown that
networking makes UNIX vulnerable if no special measures are taken. One
of these could be the introduction of the Kerberos authentication
system which is also becoming a ``standard'' in open network
environments. The Kerberos protocols are described, and their merits
and limitations in a possibly hostile environment are discussed.",
KEYWORDS="security; Unix; operating systems; Kerberos; authentication;
login",
ENTRYBY=Sc
}

@INCOLLECTION{deSo9105:Public,
AUTHOR="De Soete, Marijke",
TITLE="Public key cryptography",
BOOKTITLE="Computer Security and Industrial Cryptography",
EDITOR="Preneel, Bart and Govaerts, Ren\'e and Vandewalle, Joos",
SERIES="Lecture Notes in Computer Science 741",
PUBLISHER="Springer-Verlag",
ADDRESS="Berlin",
YEAR=1991,
MONTH=may,
PAGES="33--49",
REFERENCES=26,
ABSTRACT="This paper deals with public key cryptosystems and some of
their applications such as password encryption and digital signatures.
The necessary mathematical background is also provided.",
KEYWORDS="security; public key; asymmetric encryption; key
distribution; RSA; tutorial; digital signature; authentication;
one-way functions",
ENTRYBY=Sc
}

@ARTICLE{Land9408:Crypto,
AUTHOR="Landau, Susan and Kent, Stephen and Brooks, Clint and Charney,
Scott and Denning, Dorothy and Diffie, Whitfield and Lauck, Anthony
and Miller, Douglas and Neumann, Peter and Sobel, David",
TITLE="Crypto Policy Perspectives",
JOURNAL=cacm,
MONTH=aug,
YEAR=1994,
VOLUME=37,
NUMBER=8,
PAGES="115--121",
KEYWORDS="cryptography; Clipper; key escrow; policy",
REFERENCES=0,
ENTRYBY=Sc
}