P. Kruus, D. Sterne, R. Gopaul, Michael Heyman, B. Rivera, Peter Budulas, B. Luu, Tommy Johnson, N. Ivanic, G. Lawler
{"title":"In-Band Wormholes and Countermeasures in OLSR Networks","authors":"P. Kruus, D. Sterne, R. Gopaul, Michael Heyman, B. Rivera, Peter Budulas, B. Luu, Tommy Johnson, N. Ivanic, G. Lawler","doi":"10.1109/SECCOMW.2006.359551","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359551","url":null,"abstract":"In a wormhole attack, colluding nodes create the illusion that two remote regions of a MANET are directly connected through nodes that appear to be neighbors, but are actually distant from each other. This undermines shortest-path routing calculations, allowing the attacking nodes to attract traffic, which can then be manipulated. Prior research has concentrated on out-of-band wormholes, which covertly connect the purported neighbors via a separate wireline network or RF channel. We present a detailed description of in-band wormholes in OLSR networks. These connect the purported neighbors via covert, multi-hop tunnels. In-band wormholes are an important threat because they do not require specialized hardware and can be launched by any node in the MANET. Moreover, unlike out-of-band wormholes, in-band wormholes consume network capacity, inherently degrading service. We explain the conditions under which an in-band wormhole will collapse and how it can be made collapse resilient. We identify the self-contained and extended forms of in-band wormholes and present wormhole gravitational analysis, a technique for comparing the effect of wormholes on the network. Finally, we identify potential countermeasures for preventing and detecting in-band wormholes based on packet loss rates, packet delays, and topological characteristics, and we describe the results of initial laboratory experiments to assess their effectiveness","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129965437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"TOPO: A Topology-aware Single Packet Attack Traceback Scheme","authors":"Linfeng Zhang, Y. Guan","doi":"10.1109/SECCOMW.2006.359556","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359556","url":null,"abstract":"With the phenomenal growth of the Internet, more and more people enjoy and depend on its provided services. Unfortunately, the number of network-based attacks is also increasing quickly. Network attackers can very easily hide their identities, and thereby reduce the chance of being captured and punished. Some attacks can even succeed by using only one or a few well-targeted packets. Therefore, it is desirable to design effective and efficient single packet IP traceback systems to attribute attackers. Several single packet IP traceback systems have been designed using Bloom filters. However, the inherent false positives of Bloom filters caused by unavoidable collisions restrain the effectiveness of these systems. To reduce the impact of unavoidable collisions in Bloom filters, we propose a topology-aware single packet IP traceback system, namely TOPO. We utilize the router's local topology information, i.e., its immediate predecessor information. Our performance analysis shows that TOPO can reduce the number and scope of unnecessary queries, and significantly decrease false attributions. Furthermore, to improve the practicability of Bloom filter-based IP traceback systems, we design TOPO to allow partial deployment while maintaining its traceback capability. When Bloom filters are used, it is difficult to decide their optimal control parameters a priori. We design a k-adaptive mechanism which can dynamically adjust parameters of Bloom filters to reduce the false positive rate","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126788014","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Reputation-based Trust-Aware Recommender System","authors":"S. Kitisin, C. Neuman","doi":"10.1109/SECCOMW.2006.359555","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359555","url":null,"abstract":"The volume of information available grows so large that it is time-consuming for people to find relevant reliable quality information. With the growth of online communities like Web boards and e-commerce communities, a new kind of information is made available - rating given by one user to another user. However, conventional recommender systems compute their recommendations regardless of the recommenders' past behaviors and reputation. They omit these significant social elements commonly done in decision making and advice seeking process in the real world. We propose an approach to include the social factors e.g. user's past behaviors and reputation together as an element of trust that can be incorporated into the current recommender system framework and show our experiments in order to test our solution","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116563072","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secure Real-time User Preference Collection for Broadcast Scheduling","authors":"Xuhua Ding, Shuhong Wang, Baihua Zheng","doi":"10.1109/SECCOMW.2006.359540","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359540","url":null,"abstract":"Efficient broadcast scheduling is essential to the performance of wireless data broadcast systems. Existing algorithms for broadcast scheduling are mostly based on the knowledge of users' data access pattern. Unfortunately, the requirement of exposing individual preference profile becomes a serious threat to user privacy. In this paper, we investigate the issue of securely collecting user access patterns in real-time for broadcast scheduling. We propose a novel secure user profile collection protocol which protects the privacy of individual users yet facilitates efficient wireless data broadcast scheduling. To address the crucial issue of power conservation in mobile devices, our scheme does not rely on expensive public key cryptography. Light computation and communication at the user end makes the scheme feasible for mobile devices with limited resource. Our theoretical security analysis shows that the proposed protocol preserves user privacy against eavesdroppers and malicious broadcast servers. Moreover, our extensive performance evaluation experiments show that the proposed scheme has low computation and communication cost","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120986492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An Architecture for an Email Worm Prevention System","authors":"M. Taibah, E. Al-Shaer, R. Boutaba","doi":"10.1109/SECCOMW.2006.359559","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359559","url":null,"abstract":"Email worms comprise the largest portion of Internet worms today. Previous research has shown that they are an effective vehicle to deliver malicious code to a large group of users. These worms spread rapidly using the email infrastructure, causing significant financial damage, network congestion, and privacy invasion. We present a dynamic architecture to proactively defend a protected domain against email worms. This architecture integrates concepts from the areas of Markov decision processes, Rabin fingerprinting and honeypots to inspect, detect, and quarantine unknown email worms in a timely manner. We also present the results of several simulation experiments to evaluate the effectiveness of the architecture under different environment conditions","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126127511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Basney, Patrick Flanigan, Jin Heo, H. Khurana, Joe Muggli, Meenal Pant, A. Slagell, Von Welch
{"title":"Mithril: Adaptable Security for Survivability in Collaborative Computing Sites","authors":"J. Basney, Patrick Flanigan, Jin Heo, H. Khurana, Joe Muggli, Meenal Pant, A. Slagell, Von Welch","doi":"10.1109/SECCOMW.2006.359560","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359560","url":null,"abstract":"Scientific computing sites enable collaborations over the Internet but also face increased risks from malicious parties. Ensuring availability of computing services at these sites is critical for scientists and engineers across the world and requires addressing the challenges of openness, usability, performance, and compatibility. We have developed an approach for survivability of sites using adaptable security mechanisms that address these challenges. Using this approach we have develop tools that tackle immediate threats facing open sites as illustrated in recent events","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114682303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Packet Coding for Strong Anonymity in Ad Hoc Networks","authors":"I. Aad, C. Castelluccia, J. Hubaux","doi":"10.1109/SECCOMW.2006.359571","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359571","url":null,"abstract":"Several techniques to improve anonymity have been proposed in the literature. They rely basically on multicast or on onion routing to thwart global attackers or local attackers respectively. None of the techniques provide a combined solution due to the incompatibility between the two components, as we show in this paper. We propose novel packet coding techniques that make the combination possible, thus integrating the advantages in a more complete and robust solution","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114807674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Towards More Efficient Distance Bounding Protocols for Use in Sensor Networks","authors":"C. Meadows, P. Syverson, LiWu Chang","doi":"10.1109/SECCOMW.2006.359532","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359532","url":null,"abstract":"In this paper we describe two secure protocols for estimating distance in sensor networks based on time of flight of signals. Both have lower message complexity and lower overhead than similar protocols offering the same degree of security. One is a distance bounding protocol, in which a dishonest node that is not in collusion with any other dishonest nodes can pretend to be further away than it is, but not any closer. Another is an authenticated distance estimation protocol in which an honest node can compute its distance from another honest node without fear of their communication being hijacked by an attacker. We provide a formal analysis to show that these protocols satisfy their security properties","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130674489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Providing Tunable Security Services: An IEEE 802.11i Example","authors":"S. Lindskog, A. Brunström, Z. Faigl, Katalin Toth","doi":"10.1109/SECCOMW.2006.359583","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359583","url":null,"abstract":"The basic idea of QoS is to provide mechanisms that can offer different service levels, which are expressed through well-defined parameters that are specified at run-time on the basis of need. Bit rate, throughput, delay, jitter, and packet loss rate are all examples of common QoS parameters suggested for packet networks. These parameters are all aimed to express (and guarantee) a certain service level with respect to reliability and/or performance. In this paper, we investigate how security can be treated as yet another QoS parameter through the use of tunable security services. The main idea with this work is to let users specify a trade-off between security and performance through the choice of available security configuration(s). The performance metric used is latency. The concept is illustrated using the IEEE 802.11i wireless local area networking standard","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125735804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Wavelet-based Real Time Detection of Network Traffic Anomalies","authors":"Chin-Tser Huang, Sachin Thareja, Y. Shin","doi":"10.1109/SECCOMW.2006.359584","DOIUrl":"https://doi.org/10.1109/SECCOMW.2006.359584","url":null,"abstract":"Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like denial of service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127957153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
