发布求助
文献互助 智能选刊 最新文献

Information Security Technical Report最新文献

筛选
英文 中文
A survey on fraud and service misuse in voice over IP (VoIP) networks IP语音(VoIP)网络中的欺诈和服务滥用调查
Information Security Technical Report Pub Date : 2011-02-01 DOI: 10.1016/j.istr.2010.10.012
Yacine Rebahi , Mohamed Nassar , Thomas Magedanz , Olivier Festor
{"title":"A survey on fraud and service misuse in voice over IP (VoIP) networks","authors":"Yacine Rebahi ,&nbsp;Mohamed Nassar ,&nbsp;Thomas Magedanz ,&nbsp;Olivier Festor","doi":"10.1016/j.istr.2010.10.012","DOIUrl":"10.1016/j.istr.2010.10.012","url":null,"abstract":"<div><p>The migration from circuit-switched networks to packet-switched networks necessitates the investigation of related issues such as service delivery, QoS, security, and service fraud and misuse. The latter can be seen as a combination of accounting and security aspects. In traditional telecommunication networks, fraud accounts for annual losses at an average of 3%–5% of the operators’ revenue and still increasing at a rate of more than 10% yearly. It is also expected that in VoIP networks, the situation will be worse due to the lack of strong built-in security mechanisms, and the use of open standards. This paper discusses the fraud problem in VoIP networks and evaluates the related available solutions.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 1","pages":"Pages 12-19"},"PeriodicalIF":0.0,"publicationDate":"2011-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.10.012","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127190774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Side effects of identity management in SIP VoIP environment SIP VoIP环境下身份管理的副作用
Information Security Technical Report Pub Date : 2011-02-01 DOI: 10.1016/j.istr.2011.07.002
Ge Zhang , Yacine Rebahi
{"title":"Side effects of identity management in SIP VoIP environment","authors":"Ge Zhang ,&nbsp;Yacine Rebahi","doi":"10.1016/j.istr.2011.07.002","DOIUrl":"10.1016/j.istr.2011.07.002","url":null,"abstract":"<div><p>In this article, we summarize the security threats targeting SIP proxy servers or other infrastructures in NGN by misusing a specific signaling authentication mechanism, which has been proposed in RFC 4474 (<span>Peterson and Jennings, 2006</span>). This mechanism is designed to authenticate inter-domain SIP requests based on domain certificates to prevent identity theft. Nevertheless, despite its contribution, this protection raises some “side effects”, that actually lead to new vulnerabilities in both the availability and confidentiality of SIP services. We provide an overview of different attack possibilities and explain them in more detail, including attacks utilizing algorithm complexity, certificates storage, and certificates distribution. We also suggest some alternative design to prevent or reduce the attacks. SIP, VoIP, NGN, Authentication, Denial of Service, Timing attack.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 1","pages":"Pages 29-35"},"PeriodicalIF":0.0,"publicationDate":"2011-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.07.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127029120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Challenges for the security analysis of Next Generation Networks 下一代网络安全分析面临的挑战
Information Security Technical Report Pub Date : 2011-02-01 DOI: 10.1016/j.istr.2010.10.010
Serap Atay , Marcelo Masera
{"title":"Challenges for the security analysis of Next Generation Networks","authors":"Serap Atay ,&nbsp;Marcelo Masera","doi":"10.1016/j.istr.2010.10.010","DOIUrl":"10.1016/j.istr.2010.10.010","url":null,"abstract":"<div><p>The increasing complexity of information and telecommunications systems and networks is reaching a level beyond human ability, mainly from the security assessment viewpoint. Methodologies currently proposed for managing and assuring security requirements fall short of industrial and societal expectations. The statistics about vulnerabilities and attacks show that the security, reliability and availability objectives are not reached and that the general threat situation is getting worse. With the deployment of Next Generation Networks – NGNs, the complexity of networks, considering their architecture, speed and amount of connections, will increase exponentially. There are several proposals for the network and security architectures of NGNs, but current vulnerability, threat and risk analysis methods do not appear adequate to evaluate them. Appropriate analysis methods should have some additional new characteristics, mainly regarding their adaptation to the continuous evolution of the NGNs. In addition, the application of security countermeasures will require technological improvements, which will demand further security analyses. This paper evaluates the current vulnerability, threat and risk analysis methods from the point of view of the new security requirements of NGNs. Then, the paper proposes to use autonomic and self-adaptive systems/applications for assuring the security of NGNs.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 1","pages":"Pages 3-11"},"PeriodicalIF":0.0,"publicationDate":"2011-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.10.010","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127875505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Clustering NGN user behavior for anomaly detection NGN用户行为聚类异常检测
Information Security Technical Report Pub Date : 2011-02-01 DOI: 10.1016/j.istr.2010.10.011
Claudio Mazzariello , Paolo De Lutiis , Dario Lombardo
{"title":"Clustering NGN user behavior for anomaly detection","authors":"Claudio Mazzariello ,&nbsp;Paolo De Lutiis ,&nbsp;Dario Lombardo","doi":"10.1016/j.istr.2010.10.011","DOIUrl":"10.1016/j.istr.2010.10.011","url":null,"abstract":"<div><p>In the vision of both researchers and standardization committees, networks and services will evolve in the direction of increasing pervasiveness, convergence, and quality of service management capability. Consequently, users will gain an increasing dependency on the presence and availability of network connectivity and the huge plethora of provided services. Yet fostering the development of our society, such dependency on a relatively young technology poses serious threats, especially from the trustworthiness, security and privacy point of view. In this paper, we will describe and critically evaluate user behavior clustering aimed at monitoring and assuring the security of NGN-based applications. Different models of user behavior, developed within both ISP and academic research projects will be described, and several techniques for manipulating and exploiting such model for the anomaly detection purpose will be described and evaluated.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 1","pages":"Pages 20-28"},"PeriodicalIF":0.0,"publicationDate":"2011-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.10.011","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117238398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Matchmaking between PCI-DSS and Security PCI-DSS与安全的对接
Information Security Technical Report Pub Date : 2010-11-01 DOI: 10.1016/j.istr.2011.03.001
André Marïen
{"title":"Matchmaking between PCI-DSS and Security","authors":"André Marïen","doi":"10.1016/j.istr.2011.03.001","DOIUrl":"10.1016/j.istr.2011.03.001","url":null,"abstract":"","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Page 137"},"PeriodicalIF":0.0,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.03.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121855388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PCI DSS audit and compliance PCI DSS审计和遵从性
Information Security Technical Report Pub Date : 2010-11-01 DOI: 10.1016/j.istr.2011.02.004
Georges Ataya
{"title":"PCI DSS audit and compliance","authors":"Georges Ataya","doi":"10.1016/j.istr.2011.02.004","DOIUrl":"10.1016/j.istr.2011.02.004","url":null,"abstract":"<div><p>PCI DSS compliance involves responding to a series of requirements imposed by the credit card industry. To succeed, organisation must implement strict information security management processes and should master the risks related to the protection of credit card sensitive data. There are many actions that could be accomplished before hand to ease the audit process, to reduce the effort and time consumed by the audit engagement and to ensure audit conclusions reflect the exact risk posture of the organisation.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 138-144"},"PeriodicalIF":0.0,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.004","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126081527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Compliance complacency: How ‘check-box’ compliancy remains a pitfall for many organizations worldwide 遵从性自满:“复选框”遵从性如何仍然是全球许多组织的陷阱
Information Security Technical Report Pub Date : 2010-11-01 DOI: 10.1016/j.istr.2011.02.002
J. Andrew Valentine
{"title":"Compliance complacency: How ‘check-box’ compliancy remains a pitfall for many organizations worldwide","authors":"J. Andrew Valentine","doi":"10.1016/j.istr.2011.02.002","DOIUrl":"10.1016/j.istr.2011.02.002","url":null,"abstract":"","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 154-159"},"PeriodicalIF":0.0,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123964067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
How tokenization and encryption can enable PCI DSS compliance 令牌化和加密如何实现PCI DSS合规性
Information Security Technical Report Pub Date : 2010-11-01 DOI: 10.1016/j.istr.2011.02.005
Branden R. Williams
{"title":"How tokenization and encryption can enable PCI DSS compliance","authors":"Branden R. Williams","doi":"10.1016/j.istr.2011.02.005","DOIUrl":"10.1016/j.istr.2011.02.005","url":null,"abstract":"<div><p>PCI DSS tends to affect companies in ways they never imagined. It seems like the successful marketing of a few banks has put numerous cards in all of our customers’ wallets, and many prefer to use them instead of checks or cash. In this chapter, guest author Branden Williams will discuss several methods by which you can tackle this issue, ultimately leading us down a discussion of the various uses for encryption and tokenization, and how we can use those to reduce the impact that PCI DSS has on our organization.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 160-165"},"PeriodicalIF":0.0,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.005","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116649766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
From auditor-centric to architecture-centric: SDLC for PCI DSS 从以审计人员为中心到以体系结构为中心:PCI DSS的SDLC
Information Security Technical Report Pub Date : 2010-11-01 DOI: 10.1016/j.istr.2011.02.003
Gunnar Peterson
{"title":"From auditor-centric to architecture-centric: SDLC for PCI DSS","authors":"Gunnar Peterson","doi":"10.1016/j.istr.2011.02.003","DOIUrl":"10.1016/j.istr.2011.02.003","url":null,"abstract":"<div><p>This paper examines ways to improve security architecture by harnessing the executive attention that compliance activities like PCI DSS bring to security and focus that attention toward improving security architecture over the long term. Threat modeling fills a gap between the system's functional requirements and the auditor's checklist, and is used to catalyze this change of focus.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 150-153"},"PeriodicalIF":0.0,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122872315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Incident response and compliance: A case study of the recent attacks 事件响应和遵从性:最近攻击的案例研究
Information Security Technical Report Pub Date : 2010-11-01 DOI: 10.1016/j.istr.2011.02.001
Jeff Tutton
{"title":"Incident response and compliance: A case study of the recent attacks","authors":"Jeff Tutton","doi":"10.1016/j.istr.2011.02.001","DOIUrl":"10.1016/j.istr.2011.02.001","url":null,"abstract":"<div><p>Recent security related events, including attacks have highlighted the need for a complete Information Security strategy, beyond simply focusing on compliance. Compliance is the minimum set of requirements that an organization should use for measuring security. Because compliance standards such as PCI-DSS (Payment Card Industry-Data Security Standard) focus solely upon credit card data, maintaining only to this minimum standard may cause an organization to lose focus on the big picture. What other sensitive and critical data and systems are you responsible for? This article focuses on the following: PCI standard and reasons to not use a “check-box QSA” to obtain more value during the compliance review; the costs of non-compliance and a data breach; and outlines the lessons learned from the recent attacks starting in December 2010.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 145-149"},"PeriodicalIF":0.0,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121617702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信