发布求助
文献互助 智能选刊 最新文献

2006 2nd IEEE Workshop on Secure Network Protocols最新文献

筛选
英文 中文
A Proposal of Anonymous IEEE802.1X Authentication Protocol for Wireless Networks 一种无线网络匿名IEEE802.1X认证协议方案
2006 2nd IEEE Workshop on Secure Network Protocols Pub Date : 2006-11-12 DOI: 10.1109/NPSEC.2006.320343
N. Funabiki, T. Nakanishi, H. Takahashi, K. Miki, J. Kawashima
{"title":"A Proposal of Anonymous IEEE802.1X Authentication Protocol for Wireless Networks","authors":"N. Funabiki, T. Nakanishi, H. Takahashi, K. Miki, J. Kawashima","doi":"10.1109/NPSEC.2006.320343","DOIUrl":"https://doi.org/10.1109/NPSEC.2006.320343","url":null,"abstract":"Recently, wireless network services are available at a variety of public spaces such as stations, airports, and hotels. In such services, the IEEE802.1X-based authentication protocol has been often used to permit only registered users in network connections. However, this protocol allows Internet service providers (ISPs) to collect the privacy information of users such as their access locations and network service use records. Besides, ISPs have to keep in secret the personal information of their users for authentication, although they only need the legitimacy of them. To solve these problems, this paper presents an anonymous authentication protocol based on IEEE802.1X. The group signature scheme is adopted to anonymously verify the legitimacy of users, whereas misbehaving users can be traced in case. We implement the proposed protocol by modifying open source softwares for IEEE802.1X and verify the effectiveness in terms of the processing time and the packet size.","PeriodicalId":206067,"journal":{"name":"2006 2nd IEEE Workshop on Secure Network Protocols","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130154063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Unregister Attacks in SIP 取消注册SIP攻击
2006 2nd IEEE Workshop on Secure Network Protocols Pub Date : 2006-11-12 DOI: 10.1109/NPSEC.2006.320344
A. Bremler-Barr, R. Halachmi-Bekel, J. Kangasharju
{"title":"Unregister Attacks in SIP","authors":"A. Bremler-Barr, R. Halachmi-Bekel, J. Kangasharju","doi":"10.1109/NPSEC.2006.320344","DOIUrl":"https://doi.org/10.1109/NPSEC.2006.320344","url":null,"abstract":"In this paper we present the unregister attack, a new kind of a denial of service attack on SIP servers. In this attack, the attacker sends a spoofed \"unregister\" message to a SIP server and cancels the registration of the victim at that server. This prevents the victim user from receiving any calls. We have tested common implementations of SIP servers and show that the unregister attack is easily performed on SIP servers which do not use authentication. Even on SIP servers with authentication, an attacker able to sniff the traffic between the client and server can still successfully attack common servers. We show that the root causes behind this vulnerability are either buggy implementations, or the SIP specification RFC which does not require sufficient security from the implementations. We present a solution, the SIP one-way hash function algorithm (SOFIA), motivated by the onetime password mechanism [6]. SOFIA prevents the unregister attack in all situations. The algorithm is easy to deploy since it requires only a minor modification, namely adding one header field into the SIP messages. Furthermore, the algorithm is fully backwards compatible and requires no additional configuration from the user or the server.","PeriodicalId":206067,"journal":{"name":"2006 2nd IEEE Workshop on Secure Network Protocols","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114782871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Firewall Policy Reconstruction by Active Probing: An Attacker's View 主动探测防火墙策略重构:攻击者视角
2006 2nd IEEE Workshop on Secure Network Protocols Pub Date : 2006-11-12 DOI: 10.1109/NPSEC.2006.320342
T. Samak, A. El-Atawy, E. Al-Shaer, Hong Li
{"title":"Firewall Policy Reconstruction by Active Probing: An Attacker's View","authors":"T. Samak, A. El-Atawy, E. Al-Shaer, Hong Li","doi":"10.1109/NPSEC.2006.320342","DOIUrl":"https://doi.org/10.1109/NPSEC.2006.320342","url":null,"abstract":"Having a firewall policy that is correct and complete is crucial to the safety of the computer network. An adversary will benefit a lot from knowing the policy or its semantics. In this paper we show how an attacker can reconstruct a firewall's policy by probing the firewall by sending tailored packets into a network and forming an idea of what the policy looks like. We present two approaches of compiling this information into a policy that can be arbitrary close to the original one used in the deployed firewall. The first approach is based on region growing from single firewall response to sample packets. The other approach uses split-and-merge in order to divide the space of the firewall's rules and analyzes each independently. Both techniques merge the results obtained into a more compact version of the policies reconstructed.","PeriodicalId":206067,"journal":{"name":"2006 2nd IEEE Workshop on Secure Network Protocols","volume":"434 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114049379","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
PEUC-WiN: Privacy Enhancement by User Cooperation in Wireless Networks PEUC-WiN:无线网络中用户合作的隐私增强
2006 2nd IEEE Workshop on Secure Network Protocols Pub Date : 2006-11-12 DOI: 10.1109/NPSEC.2006.320345
Karim El Defrawy, Claudio Soriente
{"title":"PEUC-WiN: Privacy Enhancement by User Cooperation in Wireless Networks","authors":"Karim El Defrawy, Claudio Soriente","doi":"10.1109/NPSEC.2006.320345","DOIUrl":"https://doi.org/10.1109/NPSEC.2006.320345","url":null,"abstract":"Location awareness capabilities of today's wireless networks provide position tailored services but, at the same time, impose serious privacy implications for the wireless users. Interface identifiers allow an adversary to trace a user's movement and location over time in a wireless environment. This causes a significant privacy threat to users, since an adversary could learn a lot of information about them from their locations. Current proposed location privacy mechanisms suffer from a high rate of network disruption and degraded throughput. In this paper, we introduce a new scheme to improve the location privacy of wireless users while minimizing network disruption. The proposed scheme achieves its goals by exploiting the collaboration among users in the same coverage area of an access point in a wireless system.","PeriodicalId":206067,"journal":{"name":"2006 2nd IEEE Workshop on Secure Network Protocols","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129033753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Automatic Vulnerability Checking of IEEE 802.16 WiMAX Protocols through TLA+ 基于TLA+的IEEE 802.16 WiMAX协议漏洞自动检测
2006 2nd IEEE Workshop on Secure Network Protocols Pub Date : 2006-11-12 DOI: 10.1109/NPSEC.2006.320346
P. Narayana, Ruiming Chen, Yao Zhao, Yan Chen, Z. Fu, Hai Zhou
{"title":"Automatic Vulnerability Checking of IEEE 802.16 WiMAX Protocols through TLA+","authors":"P. Narayana, Ruiming Chen, Yao Zhao, Yan Chen, Z. Fu, Hai Zhou","doi":"10.1109/NPSEC.2006.320346","DOIUrl":"https://doi.org/10.1109/NPSEC.2006.320346","url":null,"abstract":"Vulnerability analysis is indispensably the first step towards securing a network protocol, but currently remains mostly a best effort manual process with no completeness guarantee. Formal methods are proposed for vulnerability analysis and most existing work focus on security properties such as perfect forwarding secrecy and correctness of authentication. However, it remains unclear how to apply these methods to analyze more subtle vulnerabilities such as denial-of-service (DoS) attacks. To address this challenge, in this paper, we propose use of TLA+ to automatically check DoS vulnerability of network protocols with completeness guarantee. In particular, we develop new schemes to avoid state space explosion in property checking and to model attackers' capabilities for finding realistic attacks. As a case study, we successfully identify threats to IEEE 802.16 air interface protocols.","PeriodicalId":206067,"journal":{"name":"2006 2nd IEEE Workshop on Secure Network Protocols","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132017701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Efficient Techniques for Detecting False Origin Advertisements in Inter-domain Routing 域间路由中虚假源通告的有效检测技术
2006 2nd IEEE Workshop on Secure Network Protocols Pub Date : 2006-11-12 DOI: 10.1109/NPSEC.2006.320341
S. Y. Qiu, F. Monrose, A. Terzis, P. Mcdaniel
{"title":"Efficient Techniques for Detecting False Origin Advertisements in Inter-domain Routing","authors":"S. Y. Qiu, F. Monrose, A. Terzis, P. Mcdaniel","doi":"10.1109/NPSEC.2006.320341","DOIUrl":"https://doi.org/10.1109/NPSEC.2006.320341","url":null,"abstract":"The Border Gateway Protocol (BGP), and hence the Internet, remains critically vulnerable to a range of prefix forgery attacks. In this paper, we address these attacks by proposing a non-cryptographic, incrementally deployable mechanism to probabilistically detect forged BGP origin advertisements. Upon receiving an advertisement from a \"suspicious\" origin, the receiving domain intelligently probes other ASes about the received information. Any dissenting information indicates potential forgery or error, and is reported by the polled ASes to the true origin and processed appropriately. In this design, we exploit the fact that the highly connected AStopology makes it difficult to block the dissemination of information as it traverses the Internet. We evaluate the effectiveness of our probing mechanism via simulation on realistic Internet topologies. The experiments show that 98% of forgeries can be detected even when as few as 10% of the ASes participate in the protocol under a naive polling stratagem. Moreover, we show that judicious node selection can further improve detection rates while minimizing the number of probes.","PeriodicalId":206067,"journal":{"name":"2006 2nd IEEE Workshop on Secure Network Protocols","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125134473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Reducing the Impact of DoS Attacks on Endpoint IP Security 减少DoS攻击对终端IP安全的影响
2006 2nd IEEE Workshop on Secure Network Protocols Pub Date : 2006-11-12 DOI: 10.1109/NPSEC.2006.320340
J. Touch, Y.-H.E. Yang
{"title":"Reducing the Impact of DoS Attacks on Endpoint IP Security","authors":"J. Touch, Y.-H.E. Yang","doi":"10.1109/NPSEC.2006.320340","DOIUrl":"https://doi.org/10.1109/NPSEC.2006.320340","url":null,"abstract":"IP security is designed to protect hosts from attack, but can itself provide a way to overwhelm the resources of a host. One such denial of service (DoS) attack involves sending incorrectly signed packets to a host, which then consumes substantial CPU resources to reject unwanted traffic. This paper examines the impact of such attacks, and provides a preliminary exploration of ways to reduce their impact. Measurements of the impact of DoS attack traffic on times86-based hosts in FreeBSD indicate that a single DoS attacker can reduce throughput by half. This impact can be reduced to approximately 20% by layering low-effort nonce validation on IPsec's more CPU-intensive cryptographic algorithms, but the choice of algorithm does not have as large an effect. This work suggests that effective DoS resistance requires an hierarchical defense using both nonces and strong cryptography at the endpoints.","PeriodicalId":206067,"journal":{"name":"2006 2nd IEEE Workshop on Secure Network Protocols","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133691384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信