发布求助
文献互助 智能选刊 最新文献

2012 Seventh Asia Joint Conference on Information Security最新文献

筛选
英文 中文
Data Integrity on Remote Storage for On-line Co-working 联机协同工作中远程存储的数据完整性
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.23
He-Ming Ruan, Yu-Shian Chen, C. Lei
{"title":"Data Integrity on Remote Storage for On-line Co-working","authors":"He-Ming Ruan, Yu-Shian Chen, C. Lei","doi":"10.1109/AsiaJCIS.2012.23","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.23","url":null,"abstract":"Nowadays, the cloud computing have engulfed not only the IT industry but also the general publics all around the world. Our daily life is now full of various cloud services such as Gmail or Google Document. Although the cloud services can provide on-line platforms for co-working between a group of collaborators, trust is always a hesitation for a user to adopt cloud services. In this paper, we aim at the integrity issue for on-line co-working and seek for a proper solution. We develop a framework to enable the remote data integrity verification for on-line co-working scenarios. In addition to provide a framework, we also show the feasibility of our framework by providing a concrete example.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115772773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multipurpose Network Monitoring Platform Using Dynamic Address Assignment 基于动态地址分配的多用途网络监控平台
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.21
Masashi Eto, D. Inoue, Mio Suzuki, K. Nakao
{"title":"Multipurpose Network Monitoring Platform Using Dynamic Address Assignment","authors":"Masashi Eto, D. Inoue, Mio Suzuki, K. Nakao","doi":"10.1109/AsiaJCIS.2012.21","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.21","url":null,"abstract":"There have been a number of network monitoring projects launched to cope with cyber threats in the Internet. In those projects, several types of sensors such as black hole sensor, low and high interaction honey pot, and web crawlers are deployed to analyze characteristics of attackers from various perspectives. However, there are some problems of deployment and operation of network monitoring systems, address allocation problem, heavy burden of honey pot operation and address blacklisting problem. To address these problems, this paper proposes a novel multipurpose network monitoring platform that can handle any type of sensors with applying a virtual sensor mechanism and a dynamic address assignment technique. This paper presents the architecture of the platform and provides a preliminary study of the proposed methods with some experiments prior to the development of the system.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"03 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127213685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
DroidMat: Android Malware Detection through Manifest and API Calls Tracing DroidMat: Android恶意软件检测通过Manifest和API调用跟踪
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.18
Dong-Jie Wu, Ching-Hao Mao, Te-En Wei, Hahn-Ming Lee, Kuo-Ping Wu
{"title":"DroidMat: Android Malware Detection through Manifest and API Calls Tracing","authors":"Dong-Jie Wu, Ching-Hao Mao, Te-En Wei, Hahn-Ming Lee, Kuo-Ping Wu","doi":"10.1109/AsiaJCIS.2012.18","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.18","url":null,"abstract":"Recently, the threat of Android malware is spreading rapidly, especially those repackaged Android malware. Although understanding Android malware using dynamic analysis can provide a comprehensive view, it is still subjected to high cost in environment deployment and manual efforts in investigation. In this study, we propose a static feature-based mechanism to provide a static analyst paradigm for detecting the Android malware. The mechanism considers the static information including permissions, deployment of components, Intent messages passing and API calls for characterizing the Android applications behavior. In order to recognize different intentions of Android malware, different kinds of clustering algorithms can be applied to enhance the malware modeling capability. Besides, we leverage the proposed mechanism and develop a system, called Droid Mat. First, the Droid Mat extracts the information (e.g., requested permissions, Intent messages passing, etc) from each application's manifest file, and regards components (Activity, Service, Receiver) as entry points drilling down for tracing API Calls related to permissions. Next, it applies K-means algorithm that enhances the malware modeling capability. The number of clusters are decided by Singular Value Decomposition (SVD) method on the low rank approximation. Finally, it uses kNN algorithm to classify the application as benign or malicious. The experiment result shows that the recall rate of our approach is better than one of well-known tool, Androguard, published in Black hat 2011, which focuses on Android malware analysis. In addition, Droid Mat is efficient since it takes only half of time than Androguard to predict 1738 apps as benign apps or Android malware.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124889286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 635
SSL/TLS Status Survey in Japan - Transitioning against the Renegotiation Vulnerability and Short RSA Key Length Problem 日本SSL/TLS现状调查-针对重新协商漏洞和短RSA密钥长度问题的过渡
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.10
Yuji Suga
{"title":"SSL/TLS Status Survey in Japan - Transitioning against the Renegotiation Vulnerability and Short RSA Key Length Problem","authors":"Yuji Suga","doi":"10.1109/AsiaJCIS.2012.10","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.10","url":null,"abstract":"In 2009, researchers released details of a vulnerability in the SSL and TLS protocols that could allow Man-in-the-Middle attacks to be carried out. SSL and TLS operate between the IP and application layers and ensure application data encryption and data integrity, authenticating the target of communications using X.509 public key certificates. As they are used together with application layer communication protocols such as HTTP, SMTP, and POP, it seems that this vulnerability affects a large number of applications and systems. This vulnerability can be attributed to a problem in the SSL and TLS protocol specifications themselves. Fixes have been released for Open SSL and Apache immediately, however most of these involve simply disabling the renegotiation feature that is causing the problem. More thorough measures would require an update to the current specifications and migration to implementations that follow the new specifications. IETF published countermeasures with unprecedented speed as RFC5746, however server-side implementations are not deployed because of problems in business such as the loss of opportunities and backward compatibilities. This paper discusses about problems of a transitioning to new specifications including the SSL/TLS renegotiation vulnerability and short key lengths of RSA algorithm using in SSL/TLS, and also reports the latest status of these weakness on web sites of local governments and universities in Japan. Note that 40.7% local government are vulnerable against the DOS attack using the SSL/TLS renegotiation vulnerability and 36.9% sites use 1024 bit or less RSA keys.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"50 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114130539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
PDAF: Proactive Distributed Authentication Framework for Regional Network 面向区域网络的主动分布式认证框架
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.15
Ruidong Li, M. Ohnishi, Y. Owada, H. Harai
{"title":"PDAF: Proactive Distributed Authentication Framework for Regional Network","authors":"Ruidong Li, M. Ohnishi, Y. Owada, H. Harai","doi":"10.1109/AsiaJCIS.2012.15","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.15","url":null,"abstract":"We are designing a regional network for New Generation Network (NWGN), which is a future network vision. Regional network needs strong security protections to enable it to be robust under various attacks, such as impersonation attack, replay attack, and illegal modification. To disable these attacks, we identify the design requirements and then propose a proactive and distributed authentication framework (PDAF), where a novel entity called regional network key server (RNKS) is introduced for ID/key generation in this network. By the proposed PDAF, the automatic trustworthy registration, distributed access authentication, handover authentication and mutual authentication can be achieved by end devices, and meanwhile trustworthy information dissemination and transmission can be realized for networking devices without involving trust third parties (TTPs).","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129040413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Flaw and Configuration Analysis of Cloud Component Using First Order Logic 基于一阶逻辑的云组件缺陷与配置分析
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.25
R. Ando
{"title":"Flaw and Configuration Analysis of Cloud Component Using First Order Logic","authors":"R. Ando","doi":"10.1109/AsiaJCIS.2012.25","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.25","url":null,"abstract":"Nowadays, large scale systems of open source code are adopted for mission critical systems on Cloud computing environment. However, despite of availability of Cloud component as open source software, there has been no methodology proposed for analyzing configuration flaw for these open source systems. In this paper we propose a FoL (First order Logic) based configuration analysis for detecting configuration flaw of source code. In proposed system, programming code is translated into clausal representation of FoL. Extracting call chain from a flaw detected to configuration part enables us to find where and how to erase the flaw of large scale Cloud component. In experiment, we have discovered several configurations which has potential vulnerabilities in large scale open source code of Cloud component.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126093654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Attack Sequence Detection in Cloud Using Hidden Markov Model 基于隐马尔可夫模型的云攻击序列检测
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.24
Chia-Mei Chen, D. Guan, Yu-Zhi Huang, Ya-Hui Ou
{"title":"Attack Sequence Detection in Cloud Using Hidden Markov Model","authors":"Chia-Mei Chen, D. Guan, Yu-Zhi Huang, Ya-Hui Ou","doi":"10.1109/AsiaJCIS.2012.24","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.24","url":null,"abstract":"Cloud computing provides business new working paradigm with the benefit of cost reduce and resource sharing. Tasks from different users may be performed on the same machine. Therefore, one primary security concern is whether user data is secure in cloud. On the other hand, hacker may facilitate cloud computing to launch larger range of attack, such as a request of port scan in cloud with multiple virtual machines executing such malicious action. In addition, hacker may perform a sequence of attacks in order to compromise his target system in cloud, for example, evading an easy-to-exploit machine in a cloud and then using the previous compromised to attack the target. Such attack plan may be stealthy or inside the computing environment, so intrusion detection system or firewall has difficulty to identify it. The proposed detection system analyzes multiple logs from cloud to extract the intensions of the actions recorded in logs. Stealthy reconnaissance actions are often neglected by administrator for the insignificant number of violations. Hidden Markov model is adopted to model the sequence of attack performed by hacker and such stealthy events in a long time frame will become significant in the state-aware model. The preliminary results show that the proposed system can identify such attack plans in the real network.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132360206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Synthesis of Secure Passwords 安全密码的合成
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.13
Tomoki Sato, H. Kikuchi
{"title":"Synthesis of Secure Passwords","authors":"Tomoki Sato, H. Kikuchi","doi":"10.1109/AsiaJCIS.2012.13","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.13","url":null,"abstract":"This paper studies a synthesis of password to be easily identified and hardly forgot. A new synthesis method is proposed to construct a good passwords that satisfy both requirements. Our method focuses on the change of frequency of combined words. Each of two words has a high term frequency but the combination is not quite common and then the frequency of the combined words can give strong impression in our memory. In order to verify our hypothesis, the paper presents a formal definitions of impression I, conflict C and accuracy A for synthesized words. The impression is a measure based on subjective evaluation for words. The conflict represents a degree how much reduction in frequency is given by combination of two words. The degree of conflict can be evaluated by a fraction of synthesized words in a particular corpus. The experimental results shows that the above hypothesis holds with positive correlation between accuracy for memory and the impression given from the synthesized words.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131389908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Study on Method to Analyze Application on Bada Using GUI without Source Code 基于GUI的无源代码Bada应用程序分析方法研究
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.19
Hanjae Jeong, Dongho Won
{"title":"A Study on Method to Analyze Application on Bada Using GUI without Source Code","authors":"Hanjae Jeong, Dongho Won","doi":"10.1109/AsiaJCIS.2012.19","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.19","url":null,"abstract":"Analyzing vulnerability or flaw on smart phone is important issue because it has sensitive information such as financial or private. Previous researches concern about major smart phone OSs such as Apple's iPhone and Google's Android. However, they did not concern about Samsung's bada. To improve analyzing efficiency, in this paper, we study a method to analyze application on bada using GUI without source code.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116265530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mobile Friendly and Highly Efficient Remote User Authenticated Key Agreement Protocol Featuring Untraceability 具有不可追溯性的移动友好和高效的远程用户认证密钥协议协议
2012 Seventh Asia Joint Conference on Information Security Pub Date : 2012-08-09 DOI: 10.1109/AsiaJCIS.2012.14
Chin-Chen Chang, Hai-Duong Le, Ching-Hsiang Chang
{"title":"Mobile Friendly and Highly Efficient Remote User Authenticated Key Agreement Protocol Featuring Untraceability","authors":"Chin-Chen Chang, Hai-Duong Le, Ching-Hsiang Chang","doi":"10.1109/AsiaJCIS.2012.14","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2012.14","url":null,"abstract":"Authentication and key agreement protocols are the essential guardians of the distributed applications. They help the servers and users establish mutual trust and create secure communication channels. In this paper, we propose an authentication and key agreement scheme that is secure and has low communication and computation costs. Besides its efficiency, the most significant feature of the scheme is to provide initiator untraceability which completely conceals the users' identities from all eavesdropping adversaries. The scheme is suitable to be used in mobile services and e-commerce applications due to its low costs on communication and computation as well as its untraceability feature.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127308093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信