2013 47th International Carnahan Conference on Security Technology (ICCST)最新文献

{"title":"A study of the threat of forgery of certificates issued online","authors":"Sung Wook Lee, Jae Ik Lee, Dong‐Guk Han","doi":"10.1109/CCST.2013.6922060","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922060","url":null,"abstract":"Many online certificate-issuing services are being made available, and the use of those services has increased due to their convenience and diversification. However, development of new hacking techniques has introduced new threats to online certificate issuing services. In this study, we show that the data transmitted from an online certificate issuing server to output devices (such as a PC or printer) can be accessed by a hacker and modified into a false certificate and that the falsified document or certificates can be printed. In addition, we show that hackers can bypass forgery prevention software. Our findings show that the data located in the memory of an Internet browser that conducts the issuing of certificates can be accessed and manipulated, and that the forged certificate can be printed. We also determined that a forged certificate can be printed using the data located in the spool file.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126182074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Using calligraphies features for off line writer identification","authors":"J. L. Vásquez, C. Travieso, J. B. Alonso","doi":"10.1109/CCST.2013.6922062","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922062","url":null,"abstract":"This work proposes an off-line writer identification approach based on graphometrical and forensic features. We selected a set of features with independence of the text and some stability degree to natural changes in the writing. The system uses the LS-SVM classifier with RBF kernel, reaching up to 99.1% of success rate for an own database composed by 100 users with 10 samples per each one.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"398 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115917701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the importance of rare features in AFIS-ranked latent fingerprint matched templates","authors":"Ram P. Krish, Julian Fierrez, D. Ramos, Ruifang Wang","doi":"10.1109/CCST.2013.6922077","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922077","url":null,"abstract":"In this paper, we introduce an algorithm to generate a score from the matched templates derived by the forensic examiner at the ACE-V stage. Such a score can be viewed quantitatively as a measure of confidence of the forensic examiner for the given latent and impression prints. This quantitative measure can be used in statistics-based evidence evaluation frameworks. Together with the description and evaluation of new realistic forensic casework driven score computation, we also exploit this experimental framework to show the importance of type attributes for minutiae in terms of its discriminating ability in forensic scenarios. We derive the conclusion that together with reliably extracted typical minutiae features, the presence of rare minutiae features helps to improve the measure of confidence of the forensic examiner at the ACE-V stage.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130750348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Conformance checking of electronic business processes to secure distributed transactions","authors":"M. Talamo, F. Arcieri, C. Schunck, A. C. D'Iddio","doi":"10.1109/CCST.2013.6922056","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922056","url":null,"abstract":"Advances in computer technologies facilitate the implementation of inter-organizational business processes. At the same time, managing the security of these processes is increasingly difficult. Compliance with high level specifcations, like normatives and pre-agreed protocols, rules and requirements, is difficult to validate. Here we discuss how Conformance Checking, a specific area of Process Mining, can be adapted for this purpose. Its role is to verify if an execution of a business process satisfies specifications represented by formal models (e.g. Petri Nets, Transition Systems, structures based on partial orders, etc). In the process mining literature, few efforts have been dedicated to online checking of business processes and choreographies for security purposes. The main requirement is high precision and reliability of event logs. They should record, precisely and unambiguously, all security-relevant activities of the analyzed process. Mantaining high-level logs becomes difficult with choreographies: log data are distributed, and must be related to events. Important metadata of event logs, like timestamps, can be ambiguous. Moreover, some data cannot be distributed due to security or privacy issues. These problems result in security-relevant ambiguities in event logs. Here we define a framework to create high-level event logs for online inter-organizational compliance checking using a Validation Authority. The system described here has been implemented in the issuing infrastructure for the Italian Electronic Identity card.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117261463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ISO 27001 certification process of Electronic Invoice in the State of Minas Gerais","authors":"L. Naffah Ferreira, Silvana Maria da Silva Constante, Alessandro Marcio de Moraes Zebral, Rogerio Zupo Braga, Helenice Alvarenga, Soraya Naffah Ferreira","doi":"10.1109/CCST.2013.6922072","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922072","url":null,"abstract":"This paper presents the process by means of which the Secretariat of Finance of the State Minas Gerais intends to get an ISO 27001 certification of the Electronic Invoice authorization. In 2007, the Secretariat of Finance of Minas Gerais started the project of Electronic Invoice - NF-e, which involves replacing the conventional invoice, on paper, by a document issued and stored electronically that exists only digitally. The purpose of the Electronic Invoice is documenting the movement of goods occurring between the seller and the buyer, which is subject to State taxes. The legal validity of the Electronic Invoice is guaranteed by the issuer's digital signature and by the reception of the data by Secretariat of Finance of Minas Gerais before of the movement of the goods . The information technology architecture of the Electronic Invoice authorization process of the Secretariat of Finance of the State of Minas Gerais is intended to ensure three basic objectives: 1) availability; 2) scalability and 3) elimination of single point of failure. So, the Secretariat of Finance of the State Minas Gerais concluded that the ISO 27001 certification of the information technology production environment, undergoing evaluation by external entities, namely, certification bodies, would demonstrate explicitly the commitment of the State of Minas Gerais with the general public and entrepreneurs who are based in the Minas Gerais and with those who intend establish themselves in the State of Minas Gerais in near future. This work presents some of the difficulties faced by the Secretariat of Finance of the State Minas Gerais during the preparation for the ISO 27001 certification, which is a major step to ensure the security requirements of information assets that are critical to the business. To the best of our knowledge this is the first ISO 27001 certification process of the Electronic Invoice authorization in Brazil, and the first ISO 27001 certification process in the executive branch of the direct administration in Brazil, in all three levels of government.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114521807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Body shape-based biometric recognition using millimeter wave images","authors":"E. González-Sosa, R. Vera-Rodríguez, Julian Fierrez, J. Ortega-Garcia","doi":"10.1109/CCST.2013.6922076","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922076","url":null,"abstract":"The use of MMW images has been proposed recently in the biometric field aiming to overcome certain limitations when using images acquired at visible frequencies. In this paper, several body shape-based techniques are applied to model the silhouette of images of people acquired at 94 GHz. Three main approaches are presented: a baseline system based on the Euclidean distance, a dynamic programming method and a procedure using Shape Contexts descriptors. Results show that the dynamic time warping algorithm achieves the best results regarding the system performance (around 1.3% EER) and the computation cost. Results achieved here are also compared to previous works based on the extraction of geometric measures between several key points of the body contour. An average relative improvement of 33% EER is achieved for the work reported here.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125627157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Innovative data weighting for iterative reconstruction in a helical CT security baggage scanner","authors":"S. Kisner, Pengchong Jin, C. Bouman, K. Sauer, W. Garms, Todd Gable, Seungseok Oh, M. Merzbacher, S. Skatter","doi":"10.1109/CCST.2013.6922068","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922068","url":null,"abstract":"X-ray computed tomography (CT) currently has widespread application in air travel security systems for the purpose of baggage screening. This work presents an implementation of a fully 3D model-based iterative reconstruction (MBIR) algorithm mapped to a multi-slice helical CT security scanner. We introduce innovations in the data model that are designed to enhance image quality for typical scenes encountered in the security setting. In particular, we explore alternatives in the weighting of the measurements in order to more accurately reconstruct uniform regions and suppress metal artifacts. We compare images from the model-based approach to direct analytical reconstructions, indicating that the MBIR produces higher resolution and lower-noise reconstructions with suppressed metal streaking. The image improvements afforded by MBIR can provide for better operator experience and potentially enable enhanced performance of automatic threat detection (ATD).","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115964489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Gunshot location systems the transfer of the sniper detection technology from military to civilian applications","authors":"J. R. Aguilar","doi":"10.1109/CCST.2013.6922061","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922061","url":null,"abstract":"Since its first appearance by mid-nineties, gunshot location systems have become a valuable tool for acoustics surveillance against the illegal use of firearms in high crime urban areas. Sometimes criticized, the use of this technology is however spreading to more countries due its capability to provide not only gunshot related real time information, but also situational awareness and criminalistics evidence. This paper reviews the development of gunshot location technology, starting from its origin as a military solution for counter sniper operations, up to current days of intelligence led policing and of marketing strategies based on service demand. Acoustical emissions from gunfire events and its influence in shooter localization performance are analyzed. Fundamentals of gunshot origin estimation from muzzle blast wave analysis, and of trajectory estimation of supersonic projectiles from ballistic shock wave analysis, are overviewed. Gunshot location systems are furthermore described in terms of acoustical sensors architectures and its impact in the gunshot location result. Pros and cons of different approaches to data transmission, from wired to wireless, are discussed. Finally, the current status of research, development and implementation of this technology in the Latin America region are presented.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116393891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A complementary study for the evaluation of face recognition technology","authors":"Taketo Horiuchi, Takuro Hada","doi":"10.1109/CCST.2013.6922048","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922048","url":null,"abstract":"In 2010, National Institute of Standard and Technology (NIST) of the U.S. published “Report on the Evaluation of 2D Still-Image Face Recognition Algorithms (MBE 2010 Still Face).” The report mentions that there has been a remarkably huge improvement in the area of face recognition technology from the start of FERET (FacE REcognition Technology) program in 1993 up to 2010. While MBE 2010 Still Face is considered to be one of the best references in choosing appropriate face recognition algorithms from various kinds of software programs in the world, several points seem to be missing that need to be taken into consideration in the evaluation of recognition accuracy when face recognition technology is made use of in criminal investigations. They are the evaluation of the influence coming from (a) longer lapse of time (15-year aging difference), (b) shooting angles (vertical and horizontal), (c) change of face expression (smiling and laughing), and (d) accessories (cap, sunglass, mustache and so on). As the images taken by CCTVs on streets aren't always ideal mug shots, these points are also crucial in selecting the best face recognition algorithms as a tool to fight against crimes. Police Info-Communications Research Center (PICRC) attempts to evaluate the accuracy of face recognition technology by choosing some of the representative face recognition algorithms mentioned in MBE 2010 Still Face. PICRC has certain image database that stores two groups of full-faced photographs of people taken at intervals of 15 years. For instance as for the evaluation of the point (a), after the representative face recognition algorithms compared the photographs of the people with those of their former selves already stored in the database step by step, the degree of face recognition accuracy were verified. It is confirmed that the latest face recognition algorithms are hardly influenced by the four points ((a)-(d)) mentioned above. This result can conclude that the analyses made in MBE 2010 Still Face should be reliable enough even for police organizations to choose suitable face recognition algorithms for criminal investigations.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123177362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bonds to the subject","authors":"M. Carvalho","doi":"10.1109/CCST.2013.6922035","DOIUrl":"https://doi.org/10.1109/CCST.2013.6922035","url":null,"abstract":"Are assigned digital IDs really ours? How deeply is a digital credential tied to owner and how much real life and system interactions can rely on them? This article discusses the digital identities in real world scenarios, how they are bound to us and their comparison with conventional identification documents.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123183388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}