发布求助
文献互助 智能选刊 最新文献

2014 IEEE Security and Privacy Workshops最新文献

筛选
英文 中文
Gringotts: Securing Data for Digital Evidence 古灵阁:保护数字证据的数据
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.11
Catherine M. S. Redfield, Hiroyuki Date
{"title":"Gringotts: Securing Data for Digital Evidence","authors":"Catherine M. S. Redfield, Hiroyuki Date","doi":"10.1109/SPW.2014.11","DOIUrl":"https://doi.org/10.1109/SPW.2014.11","url":null,"abstract":"As digital storage and cloud processing become more common in business infrastructure and security systems, maintaining the provable integrity of accumulated institutional data that may be required as legal evidence also increases in complexity. Since data owners may have an interest in a proposed lawsuit, it is essential that any digital evidence be guaranteed against both outside attacks and internal tampering. Since the timescale required for legal disputes is unrelated to computational and mathematical advances, evidential data integrity must be maintained even after the cryptography that originally protected it becomes obsolete. In this paper we propose Gringotts, a system where data is signed on the device that generates it, transmitted from multiple sources to a server using a novel signature scheme, and stored with its signature on a database running Evidence Record Syntax, a protocol for long-term archival systems that maintains the data integrity of the signature, even over the course of changing cryptographic practices. Our proof of concept for a small surveillance camera network had a processing (throughput) overhead of 7.5%, and a storage overhead of 6.2%.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133464207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Phantom Boundaries and Cross-Layer Illusions in 802.15.4 Digital Radio 802.15.4数字无线电中的幻影边界和跨层幻象
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.33
T. Goodspeed
{"title":"Phantom Boundaries and Cross-Layer Illusions in 802.15.4 Digital Radio","authors":"T. Goodspeed","doi":"10.1109/SPW.2014.33","DOIUrl":"https://doi.org/10.1109/SPW.2014.33","url":null,"abstract":"The classic design of protocol stacks, where each layer of the stack receives and unwraps the payload of the next layer, implies that each layer has a parser that accepts Protocol Data Units and extracts the intended Service Data Units from them. The PHY layer plays a special role, because it must create frames, i.e., original PDUs, from a stream of bits or symbols. An important property implicitly expected from these parsers is that SDUs are passed to the next layer only if the encapsulating PDUs from all previous layers were received exactly as transmitted by the sender and were syntactically correct. The Packet-in-packet attack (WOOT 2011) showed that this false assumption could be easily violated and exploited on IEEE 802.15.4 and similar PHY layers, however, it did not challenge the assumption that symbols and bytes recognized by the receiver were as transmitted by the sender. This work shows that even that assumption is wrong: in fact, a valid received frame may share no symbols with the sent one! This property is due to a particular choice of low-level chip encoding of 802.15.4, which enables the attacker to co-opt the receiver's error correction. This case study demonstrates that PHY layer logic is as susceptible to the input language manipulation attacks as other layers, or perhaps more so. Consequently, when designing protocol stacks, language-theoretic considerations must be taken into account from the very bottom of the PHY layer, no layer is too low to be considered \"mere engineering\".","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124512155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations PeerShark:通过跟踪对话检测点对点僵尸网络
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.25
Pratik Narang, S. Ray, C. Hota, V. Venkatakrishnan
{"title":"PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations","authors":"Pratik Narang, S. Ray, C. Hota, V. Venkatakrishnan","doi":"10.1109/SPW.2014.25","DOIUrl":"https://doi.org/10.1109/SPW.2014.25","url":null,"abstract":"The decentralized nature of Peer-to-Peer (P2P) botnets makes them difficult to detect. Their distributed nature also exhibits resilience against take-down attempts. Moreover, smarter bots are stealthy in their communication patterns, and elude the standard discovery techniques which look for anomalous network or communication behavior. In this paper, we propose PeerShark, a novel methodology to detect P2P botnet traffic and differentiate it from benign P2P traffic in a network. Instead of the traditional 5-tuple 'flow-based' detection approach, we use a 2-tuple 'conversation-based' approach which is port-oblivious, protocol-oblivious and does not require Deep Packet Inspection. PeerShark could also classify different P2P applications with an accuracy of more than 95%.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129934425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
Hurdles for Genomic Data Usage Management 基因组数据使用管理的障碍
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.44
Muhammad Naveed
{"title":"Hurdles for Genomic Data Usage Management","authors":"Muhammad Naveed","doi":"10.1109/SPW.2014.44","DOIUrl":"https://doi.org/10.1109/SPW.2014.44","url":null,"abstract":"Our genome determines our appearance, gender, diseases, reaction to drugs, and much more. It not only contains information about us but also about our relatives, past generations, and future generations. This creates many policy and technology challenges to protect privacy and manage usage of genomic data. In this paper, we identify various features of genomic data that make its usage management very challenging and different from other types of data. We also describe some ideas about potential solutions and propose some recommendations for the usage of genomic data.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127845894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
RAPPD: A Language and Prototype for Recipient-Accountable Private Personal Data RAPPD:接受者负责的私人个人数据的语言和原型
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-01 DOI: 10.1109/SPW.2014.16
Y. Kang, Allan M. Schiffman, Jeff Shrager
{"title":"RAPPD: A Language and Prototype for Recipient-Accountable Private Personal Data","authors":"Y. Kang, Allan M. Schiffman, Jeff Shrager","doi":"10.1109/SPW.2014.16","DOIUrl":"https://doi.org/10.1109/SPW.2014.16","url":null,"abstract":"Often communicate private data in informal settings such as email, where we trust that the recipient shares our assumptions regarding the disposition of this data. Sometimes we informally express our desires in this regard, but there is no formal means in such settings to make our wishes explicit, nor to hold the recipient accountable. Here we describe a system and prototype implementation called Recipient-Accountable Private Personal Data, which lets the originator express his or her privacy desires regarding data transmitted in email, and provides some accountability. Our method only assumes that the recipient is reading the email online, and on an email reader that will execute HTML and JavaScript.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"351 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115975242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Improving Hard Disk Contention-Based Covert Channel in Cloud Computing 云计算中基于硬盘争用的隐蔽通道改进
2014 IEEE Security and Privacy Workshops Pub Date : 2014-02-02 DOI: 10.1109/SPW.2014.24
B. Lipinski, W. Mazurczyk, K. Szczypiorski
{"title":"Improving Hard Disk Contention-Based Covert Channel in Cloud Computing","authors":"B. Lipinski, W. Mazurczyk, K. Szczypiorski","doi":"10.1109/SPW.2014.24","DOIUrl":"https://doi.org/10.1109/SPW.2014.24","url":null,"abstract":"Steganographic methods allow the covert exchange of secret data between parties aware of the procedure. The cloud computing environment is a new and emerging target for steganographers, but currently not many solutions have been proposed. This paper proposes CloudSteg, which is a steganographic method that creates a covert channel based on hard disk contention between the two cloud instances that reside on the same physical machine. Experimental results conducted using open-source cloud environment Open Stack show that CloudSteg is able to achieve a bandwidth of about 0.1 bps, which is 1000 times higher than is known from the state-of-the-art version.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"76 11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-02-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129771835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信