发布求助
文献互助 智能选刊 最新文献

2008 The Fourth International Conference on Information Assurance and Security最新文献

筛选
英文 中文
Data Hiding in Non-Expansion Visual Cryptography Based on Edge Enhancement Multitoning 基于边缘增强多调的非扩展视觉密码中的数据隐藏
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.57
Hao Luo, Faxin Yu, Jeng-Shyang Pan
{"title":"Data Hiding in Non-Expansion Visual Cryptography Based on Edge Enhancement Multitoning","authors":"Hao Luo, Faxin Yu, Jeng-Shyang Pan","doi":"10.1109/IAS.2008.57","DOIUrl":"https://doi.org/10.1109/IAS.2008.57","url":null,"abstract":"This paper proposes a scheme to hide some extra confidential data in transparencies during secret image encryption in visual cryptography. The secret image is multitoned into several levels first. An extended non-expansion visual secret sharing model is employed, i.e. size of transparencies is equal to that of the secret image. Thus less time and space are needed for transparencies transmission and storage.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124055126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Web Application Attack Prevention for Tiered Internet Services 分层互联网服务的Web应用攻击防范
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.62
Susanta Nanda, L. Lam, T. Chiueh
{"title":"Web Application Attack Prevention for Tiered Internet Services","authors":"Susanta Nanda, L. Lam, T. Chiueh","doi":"10.1109/IAS.2008.62","DOIUrl":"https://doi.org/10.1109/IAS.2008.62","url":null,"abstract":"Because most Web application attacks exploit vulnerabilities that result from lack of input validation, a promising approach to thwarting these attacks is to apply validation checks on tainted portions of the operands used in security-sensitive operations, where a byte is tainted if it is data/control dependent on some network packet(s). This paper presents the design, implementation and evaluation of a dynamic checking compiler called WASC, which automatically adds checks into Web applications used in three-tier Internet services to protect them from the most common two types of Web application attacks: SQL- and script-injection attack. In addition to including a taint analysis infrastructure for multi-process and multi-language applications, WASC features the use of SQL and HTML parsers to defeat evasion techniques that exploit interpretation differences between attack detection engines and target applications. Experiments with a fully operational WASC prototype show that it can indeed stop all SQL/script injection attacks that we have tested. Moreover, the end-to-end latency penalty associated with the checks inserted by WASC is less than 30% for the test Web applications used in our performance study.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117238827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A Server Based ASR Approach to Automated Cryptanalysis of Two Time Pads in Case of Speech 一种基于服务器的语音情况下自动密码分析的ASR方法
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.14
L. A. Khan, M. S. Baig
{"title":"A Server Based ASR Approach to Automated Cryptanalysis of Two Time Pads in Case of Speech","authors":"L. A. Khan, M. S. Baig","doi":"10.1109/IAS.2008.14","DOIUrl":"https://doi.org/10.1109/IAS.2008.14","url":null,"abstract":"Keystream reuse in stream ciphers in case of textual data has been the focus of cryptanalysis for quite some time. The first ever use of hidden Markov models based speech recognition approach to cryptanalysis of encrypted digitized speech signals in a keystream reuse situation was presented by us in [1]. In this paper, we extend the idea presented in [1] and show the applicability of different speech recognition architectures in mobile environment to automatically recover the digitized speech signals encrypted under the same keystream. The server based automatic speech recognition (ASR) approach and its associated architectures are adapted to make them applicable in our attack. The two main implementation architectures of network speech recognition (NSR) from the acoustic front-end point of view are compared with respect to automated cryptanalysis of the two time pads of stream ciphered digitized speech. The simulation experiments performed on conventional speech recognition tools are presented for both the NSR architectures.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"171 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114374894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Secure E-Passport Protocol Using Elliptic Curve Diffie-Hellman Key Agreement Protocol 使用椭圆曲线Diffie-Hellman密钥协议的安全电子护照协议
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.22
M. Abid, H. Afifi
{"title":"Secure E-Passport Protocol Using Elliptic Curve Diffie-Hellman Key Agreement Protocol","authors":"M. Abid, H. Afifi","doi":"10.1109/IAS.2008.22","DOIUrl":"https://doi.org/10.1109/IAS.2008.22","url":null,"abstract":"Since 2006, many countries, all over the world, begin to issue e-passports containing biometric data for their citizens. The International Civil Aviation Organization (ICAO) specification for cryptography in e-passport is proven to be insecure and has many threats. The European Union (EU) has defined an extended access control (EAC) mechanism for e-passports. But, even this solution presents many threats especially in security and privacy. In this paper, we present a new method for securing the exchange between an e-passport and the inspection system IS. We propose an on-line authentication mechanism based on elliptic curve Diffie-Hellman key agreement protocol. We create elliptic curve based on biometric data to validate the identity of the user. Our proposal uses a shorter key than others solutions.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116368223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Persian/Arabic Unicode Text Steganography 波斯语/阿拉伯语Unicode文本隐写术
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.12
M. Shirali-Shahreza, S. Shirali-Shahreza
{"title":"Persian/Arabic Unicode Text Steganography","authors":"M. Shirali-Shahreza, S. Shirali-Shahreza","doi":"10.1109/IAS.2008.12","DOIUrl":"https://doi.org/10.1109/IAS.2008.12","url":null,"abstract":"Sending information secretly and communicating covertly have been of great interest for ages. On the other hand, text documents have been widely used and consequently various methods for hiding information in texts (text steganography) have been developed so far. In this paper a new method is proposed to hide information in digital Persian and Arabic Unicode texts.In Persian and Arabic, each letter can have four different shapes regarding to its position in the word. In this method by using this feature of Persian and Arabic languages and the way which documents are saved in the Unicode Standard, the information is hidden in Unicode text documents. This method has a good hiding capacity because it hides one bit in each word. Also this method does not make any apparent changes in the original text and have a perfect perceptual transparency.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130144845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
A Purchase Protocol with Live Cardholder Authentication for Online Credit Card Payment 在线信用卡支付的实时持卡人认证购买协议
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.44
Hannan Xiao, B. Christianson, Ying Zhang
{"title":"A Purchase Protocol with Live Cardholder Authentication for Online Credit Card Payment","authors":"Hannan Xiao, B. Christianson, Ying Zhang","doi":"10.1109/IAS.2008.44","DOIUrl":"https://doi.org/10.1109/IAS.2008.44","url":null,"abstract":"While online shopping are becoming more accepted by people in modern life, cardholders are more concerned about card fraud and the lack of cardholder authentication in the current online credit card payment. This paper proposes a purchase protocol with live cardholder authentication for online transaction which combines telephone banking and online banking together. The order information and payment information are sent though the Internet and encrypted by asymmetric key encryption. The cardholder is authenticated by the card issuing bank ringing back to the customer's phone number and the cardholder inputting the secure PIN and the amount to pay. The live cardholder authentication makes the cardholder feel securer and card fraud difficult. Furthermore, the protocol does not require the cardholder to obtain a public key certificate or install additional software for the online transaction.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130246940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Abusing SIP Authentication 滥用SIP认证
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.29
H. Abdelnur, T. Avanesov, M. Rusinowitch, R. State
{"title":"Abusing SIP Authentication","authors":"H. Abdelnur, T. Avanesov, M. Rusinowitch, R. State","doi":"10.1109/IAS.2008.29","DOIUrl":"https://doi.org/10.1109/IAS.2008.29","url":null,"abstract":"The recent and massive deployment of voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114640219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
A Time and Storage Efficient Solution to Remote File Integrity Check 远程文件完整性检查的时间和存储效率的解决方案
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.30
Sarad Av, Sankar K, Vipin M
{"title":"A Time and Storage Efficient Solution to Remote File Integrity Check","authors":"Sarad Av, Sankar K, Vipin M","doi":"10.1109/IAS.2008.30","DOIUrl":"https://doi.org/10.1109/IAS.2008.30","url":null,"abstract":"Checking the integrity of a file on a remote untrusted or compromised server is to be achieved with minimal computational and storage requirements on part of a healthy verifier. Existing solutions are time and storage intensive. A fast protocol comprising of maximum period linear congruence generators and linear feedback shift registers with compact storage requirements is proposed.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125162914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Adaptive Dynamic Reaction to Automotive IT Security Incidents Using Multimedia Car Environment 基于多媒体汽车环境的汽车IT安全事件自适应动态响应
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.45
Tobias Hoppe, Stefan Kiltz, J. Dittmann
{"title":"Adaptive Dynamic Reaction to Automotive IT Security Incidents Using Multimedia Car Environment","authors":"Tobias Hoppe, Stefan Kiltz, J. Dittmann","doi":"10.1109/IAS.2008.45","DOIUrl":"https://doi.org/10.1109/IAS.2008.45","url":null,"abstract":"Modern cars offer an increasingly powerful multimedia environment. While also the potential for an application as human computer interface (HCI) is growing, in this paper we concentrate on already existing possibilities for their use as computer-human-interface (CHI) to communicate system security related information to the driver. After identifying the intrusion detection approach from desktop IT as a promising supplemental measure for the IT security of future automotive systems and successfully testing it in practice, in this paper we investigate about how such an automotive intrusion detection system (IDS) could communicate security-related information to the driver. We propose an adaptive dynamic concept to address the frequently changing environmental conditions in the automotive domain and discuss it using three exemplarily selected scenarios.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"174 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117194529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Comparison and Evaluation of Identity Management in Three Architectures for Virtual Organizations 虚拟组织三种架构中身份管理的比较与评价
2008 The Fourth International Conference on Information Assurance and Security Pub Date : 2008-09-08 DOI: 10.1109/IAS.2008.67
A. Haidar, A. Abdallah
{"title":"Comparison and Evaluation of Identity Management in Three Architectures for Virtual Organizations","authors":"A. Haidar, A. Abdallah","doi":"10.1109/IAS.2008.67","DOIUrl":"https://doi.org/10.1109/IAS.2008.67","url":null,"abstract":"This paper compares and contrasts authentication mechanisms used in three VO architectures: the first reflects ad-hoc connections among several organizations, the second uses a centrally managed database and the third is based on public key infrastructure (PKI). The reason for studying these particular three architectures is that they cover a large class of currently operating VOs (i.e. supply chains, grids). These architectures used several types of authentication mechanisms starting from traditional username/password, through online trusted servers (Kerberos), to offline trusted third parties: certificate authorities and digital certificates. The current defacto-standard middleware used to build VOs, Globus toolkit, is based on the PKI architecture.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122527119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信