Catálogo de publicaciones - libros
Communications and Multimedia Security: 10th IFIP TC-6 TC 11 International Conference, CMS 2006, Heraklion Crete, Greece, October 19-21, 2006, Proceedings
Herbert Leitold ; Evangelos P. Markatos (eds.)
En conferencia: 10º IFIP International Conference on Communications and Multimedia Security (CMS) . Heraklion, Crete, Greece . October 19, 2006 - October 21, 2006
Resumen/Descripción – provisto por la editorial
No disponible.
Palabras clave – provistas por la editorial
No disponibles.
Disponibilidad
Institución detectada | Año de publicación | Navegá | Descargá | Solicitá |
---|---|---|---|---|
No detectada | 2006 | SpringerLink |
Información
Tipo de recurso:
libros
ISBN impreso
978-3-540-47820-1
ISBN electrónico
978-3-540-47823-2
Editor responsable
Springer Nature
País de edición
Reino Unido
Fecha de publicación
2006
Información sobre derechos de publicación
© Springer-Verlag Berlin Heidelberg 2006
Cobertura temática
Tabla de contenidos
doi: 10.1007/11909033_1
Computing of Trust in Ad-Hoc Networks
Huafei Zhu; Feng Bao; Jianwei Liu
Although, the notion of trust has been considered as a primitive for establishing relationships among nodes in ad-hoc networks, syntax and metrics of trust are not well defined. This paper studies computing of trust in ad-hoc networks and makes the following three contributions. Firstly, the notion of trust is formalized in terms of predict functions and strategy functions. Namely, the notion of trust in this paper is defined as a predict function that can be further evaluated by a strategy function for a pre-described action; Secondly, structures of trust are formalized as a map between a path in the underlying network graph and the corresponding edge of its transitive closure graph; Thirdly, a generic model for computing of trust in the small world is proposed.
Pp. 1-11
doi: 10.1007/11909033_2
TAO: Protecting Against Hitlist Worms Using Transparent Address Obfuscation
Spiros Antonatos; Kostas G. Anagnostakis
Sophisticated worms that use precomputed hitlists of vulnerable targets are especially hard to contain, since they are harder to detect, and spread at rates where even automated defenses may not be able to react in a timely fashion. Recent work has examined a proactive defense mechanism called Network Address Space Randomization (NASR) whose objective is to harden networks specifically against hitlist worms. The idea behind NASR is that hitlist information could be rendered stale if nodes are forced to frequently change their IP addresses. However, the originally proposed DHCP-based implementation may induce passive failures on hosts that change their addresses when connections are still in progress. The risk of such collateral damage also makes it harder to perform address changes at the timescales necessary for containing fast hitlist generators.
In this paper we examine an alternative approach to NASR that allows both more aggressive address changes and also eliminates the problem of connection failures, at the expense of increased implementation and deployment cost. Rather than controlling address changes through a DHCP server, we explore the design and performance of (TAO). In TAO, network elements transparently change the address of internal hosts, while ensuring that existing connections on previously used addresses are preserved without any adverse consequences. In this paper we present the TAO approach in more detail and examine its performance.
Pp. 12-21
doi: 10.1007/11909033_3
On the Privacy Risks of Publishing Anonymized IP Network Traces
D. Koukis; S. Antonatos; K. G. Anagnostakis
Networking researchers and engineers rely on network packet traces for understanding network behavior, developing models, and evaluating network performance. Although the bulk of published packet traces implement a form of address anonymization to hide sensitive information, it has been unclear if such anonymization techniques are sufficient to address the privacy concerns of users and organizations.
In this paper we attempt to quantify the risks of publishing anonymized packet traces. In particular, we examine whether statistical identification techniques can be used to uncover the identities of users and their surfing activities from anonymized packet traces. Our results show that such techniques can be used by any Web server that is itself present in the packet trace and has sufficient resources to map out and keep track of the content of popular Web sites to obtain information on the network-wide browsing behavior of its clients. Furthermore, we discuss how scan sequences identified in the trace can easily reveal the mapping from anonymized to real IP addresses.
Pp. 22-32
doi: 10.1007/11909033_4
Secure Mobile Notifications of Civilians in Case of a Disaster
Heiko Rossnagel; Tobias Scherner
Disaster management using mobile telecommunication networks provides a new and attractive possibility to save human lives in emergencies. With this contribution, we present a possible disaster management system based on mobile telecommunication. In order to use such a system in the real world, security requirements such as availability, accountability, integrity and confidentiality have to be ensured by the disaster management system (DMS). We summarize these requirements and propose ways of addressing them with a multilateral secure approach. Using electronic signatures based on SIM-cards, we assure integrity, accountability and confidentiality of the notification messages. We also discuss how availability could be increased.
Pp. 33-42
doi: 10.1007/11909033_5
A Fair Anonymous Submission and Review System
Vincent Naessens; Liesje Demuynck; Bart De Decker
Reputation systems play an important role in many Internet communities. They allow individuals to estimate other individual’s behavior during interactions. However, a more privacy-friendly reputation system is desirable while maintaining its trustworthiness.
This paper presents a fair anonymous submission and review system. The review process is reputation-based and provides better anonymity properties than existing reputation systems. Moreover, the system allows for accountability measures. Anonymous credentials are used as basic blocks.
Pp. 43-53
doi: 10.1007/11909033_6
Attribute Delegation Based on Ontologies and Context Information
Isaac Agudo; Javier Lopez; Jose A. Montenegro
This paper presents a model for delegation based on partial orders, proposing the subclass relation in OWL as a way to represent the partial orders. Delegation and authorization decisions are made based on the context. In order to interact with the context, we define the Type of a credential as a way to introduce extra information regarding context constraints. When reasoning about delegation and authorization relationships, our model benefits from partial orders, defining them over entities, attributes and the credential type. Using these partial orders, the number of credentials required is reduced. It also classifies the possible criteria for making authorization decisions based on the context, in relation to the necessary information.
Pp. 54-66
doi: 10.1007/11909033_7
Adding Support to XACML for Dynamic Delegation of Authority in Multiple Domains
David W Chadwick; Sassa Otenko; Tuan Anh Nguyen
In this paper we describe how we have added support for dynamic delegation of authority that is enacted via the issuing of credentials from one user to another, to the XACML model for authorisation decision making. Initially we present the problems and requirements that such a model demands, considering that multiple domains will typically be involved. We then describe our architected solution based on the XACML conceptual and data flow models. We also present at a conceptual level the policy elements that are necessary to support this model of dynamic delegation of authority. Given that these policy elements are significantly different to those of the existing XACML policy, we propose a new conceptual entity called the Credential Validation Service (CVS), to work alongside the XACML PDP in the authorisation decision making. Finally we present an overview of our first specification of such a policy and its implementation in the corresponding CVS.
Pp. 67-86
doi: 10.1007/11909033_8
One-Round Protocol for Two-Party Verifier-Based Password-Authenticated Key Exchange
Jeong Ok Kwon; Kouichi Sakurai; Dong Hoon Lee
Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password . PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server’s password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure protocol for verifier-based PAKE in the two-party setting.
Pp. 87-96
doi: 10.1007/11909033_9
Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart
Elias Athanasopoulos; Spiros Antonatos
Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) is a –rather– simple test that can be easily answered by a human but extremely difficult to be answered by computers. CAPTCHAs have been widely used for practical security reasons, like preventing automated registration in Web-based services. However, all deployed CAPTCHAs are based on the static identification of an object or text. All CAPTCHAs, from simple ones, like typing the distorted text, to advanced ones, like recognizing an object in an image, are vulnerable to the attack. An attacker may post the test to a malicious site and attract its visitors to solve the puzzle for her. This paper focuses on sealing CAPTCHAs against such attacks by adding a dimension not used so far: animation. Animated CAPTCHAs do not have a static answer, thus even when they are exposed to laundering, unsuspected visitors will provide answers that will be useless on the attacker’s side.
Pp. 97-108
doi: 10.1007/11909033_10
Perturbing and Protecting a Traceable Block Cipher
Julien Bringer; Hervé Chabanne; Emmanuelle Dottax
At the Asiacrypt 2003 conference, Billet and Gilbert introduce a block cipher, which, to quote them, has the following paradoxical property: it is computationally easy to derive many equivalent distinct descriptions of the same instance of the block cipher; but it is computationally difficult, given one or even many of them, to recover the so-called meta-key from which they were derived, or to find any additional equivalent description, or more generally to forge any new untraceable description of the same instance of the block cipher. They exploit this property to introduce the first traceable block cipher.
Their construction relies on the Isomorphism of Polynomials (IP) problem. At Eurocrypt 2006, Faugère and Perret show how to break this scheme by algebraic attack. We here strengthen the original traceable block cipher against this attack by concealing the underlying IP problems. Our modification is such that our description of the block cipher now does not give the expected results all the time and parallel executions are used to obtain the correct value.
Pp. 109-119