Catálogo de publicaciones - libros

defensive systems communicate and cooperate in their to worm attacks, but determine the presence of a worm attack solely on local information. worm detection and immunization systems track suspicious behavior at multiple cooperating nodes to determine a worm attack is in progress. Earlier work has shown that cooperative systems can respond quickly to day-zero worms, while distributed defensive systems allow detectors to be more conservative (i.e. paranoid) about potential attacks because they manage false alarms efficiently.

In this paper we begin a preliminary investigation into the complex tradeoffs in such systems between communication costs, computation overhead, accuracy of the local tests, estimation of viral virulence, and the fraction of the network infected before the attack crests. We evaluate the effectiveness of different system configurations in various simulations. Our experiments show that distributed algorithms are better able to balance effectiveness against viruses with reduced cost in computation and communication when faced with false alarms. Furthermore, cooperative, distributed systems seem more robust against malicious participants in the immunization system than earlier cooperative but non-distributed approaches.

In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. The LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Diffie-Hellman problem.

In this paper we make progress towards solving an open problem posed by Katz and Yung at CRYPTO 2003. We propose the first protocol for key exchange among ≥2+1 parties which simultaneously achieves all of the following properties:

1. Key Privacy (including forward security) against active attacks by group ,

2. Non-malleability — meaning in particular that no subset of up to corrupted group can ‘fix’ the agreed key to a desired value, and

3. Robustness against denial of service attacks by up to corrupted group .

Our insider security properties above are achieved assuming the availability of a reliable broadcast channel.

Receipt-freeness is the property of voting protocols that a voter cannot create a receipt which proves how she voted. Since Benaloh and Tuinstra introduced this property, there has been a large amount of work devoted to the construction of receipt-free voting protocols. This paper provides a generic and uniform formalism that captures the notion of a receipt. The formalism is then applied to analyse the receipt-freeness of a number of voting protocols.

Security is a major concern for all involved in E-Commerce and particularly in the case of online transactions using debit/credit card. Following the failure of Secure Electronic Transaction (SET), 3-D Secure is an emerging industry standard for online transaction security. Although 3-D Secure is a well designed protocol, it is still prone to some security problems and excessive numbers of messages which could reduce the speed of transaction. This paper uses a new cryptographic technique based on password only authentication and key exchange to present a new vision for 3-D Secure. The new vision covers the security problems and reduces the number of messages for 3-D Secure. Moreover, the new vision has the development ability to simulate SSL/TLS in its simplicity and at the same time abolishes SSL/TLS security glitches. This simplicity and security are the necessary factors for online transaction protocol to be the future standard.

Geographic privacy services provide location information on roaming targets to location recipients via location servers, in a way that protects the privacy of the individuals involved. In this paper we propose and discuss new protocols representing the core of Geopriv, with particular focus on the security requirements stated in the IETF’s RFC 3693. Using the AVISPA tool, we check that these requirements, namely anonymity against the location server, as well as confidentiality, integrity, and authenticity of the location information, are actually met. In the design phase of such protocols, numerous variants are to be considered and evaluated. Here the use of model checkers turns out to be very helpful in exploring the security implications quickly and precisely.

The development of infrastructures to facilitate the sharing of data for healthcare delivery and research purposes is becoming increasingly widespread. In addition to the technical requirements pertaining to efficient and transparent sharing of data across organisational boundaries, there are requirements pertaining to ethical and legal issues. Functional and non-functional concerns need to be balanced: for resource sharing to be as transparent as possible, an entity should be allowed to delegate a subset of its rights to another so that the latter can perform actions on the former’s behalf, yet such delegation needs to be performed in a fashion that complies with relevant legal and ethical restrictions. The contribution of this paper is twofold: to characterise the requirements for secure and flexible delegation within the emerging distributed healthcare context; and to evaluate existing approaches with respect to these requirements. We also suggest how some of these limitations might be overcome.

For how long can a business remain without its information systems? Current business goals and objectives highly depend on their availability. This highly dynamic and complex system must be properly secured and managed in order to ensure business survivability. However, the lack of a universally accepted information security critical factors’ taxonomy and indicators make security management of information systems (SMIS) a tough challenge. Effective information security management requires special focus on identifying the critical success factors (CSFs) when implementing and ensuring SMIS. The purpose of this paper is to share a group of 12 CSFs identified in the current information security literature as well as a set of 76 indicators which are easy to calculate and attempt to provide valuable information to organizations seeking information security level measurements.