{"title":"A Consideration of the Reliability of Registration and Attribute Exchange","authors":"Yoshio Kakizaki, Keiichi Iwamura","doi":"10.1109/ARES.2010.32","DOIUrl":"https://doi.org/10.1109/ARES.2010.32","url":null,"abstract":"Attribute information such as age, gender, and job is used in user registration and questionnaires.A verifier must consider what method to use for confirming attribute information when it is used online.For instance,the reliability of the information varies with the method:the verifier can accept the user's claim,confirm by certificate,confirm face-to-face or use other methods. Therefore, the reliability of attribute information becomes a problem when strict verification is necessary for a contract.In this paper,we consider the reliability of registration and attribute information that is exchanged and propose a method by which the reliability of attribute information and its grounds can be returned when attributes are exchanged.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"178 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115722113","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Strategies for Reducing Risks of Inconsistencies in Access Control Policies","authors":"B. Stepien, S. Matwin, A. Felty","doi":"10.1109/ARES.2010.72","DOIUrl":"https://doi.org/10.1109/ARES.2010.72","url":null,"abstract":"Managing access control policies is a complex task. We argue that much of the complexity is unnecessary and mostly due to historical reasons. There are number of legacy policy specification languages that all have limitations of some kind. These limitations have forced policy implementers to use certain styles of writing policies, often resulting in inconsistencies. The detection and resolution of these inconsistencies has been widely researched and many solutions have been found. This paper highlights new possibilities for avoiding inconsistencies, drawing on the expressive power allowed in the condition field of rules in modern languages such as XACML. In particular, we show that making use of this expressive power has many advantages—it allows organizations to considerably reduce the number of policies and rules required to protect company assets; it provides improved views and summaries of related policies; and it allows increased scalability of analysis tools, such as tools that detect inconsistencies and tools that perform audits to verify compliance to regulations. Such tools are increasingly important in the current environment where the number of regulations governing company security continues to grow. In addition, we show how our user-friendly representation for the XACML language facilitates the use of complex conditions by increasing their readability. This increased readability has the additional benefit of allowing non-technical users to better understand the implementation of their policies. These factors all contribute to a lower risk of inconsistencies in policies.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130322485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Multiple Designated Verifiers Signatures Reconsidered","authors":"Mebae Ushida, T. Izu, M. Takenaka, K. Ohta","doi":"10.1109/ARES.2010.58","DOIUrl":"https://doi.org/10.1109/ARES.2010.58","url":null,"abstract":"A multiple designated verifiers signature (MDVS) is introduced in 2004 by Laguillaumie-Vergnaud, in which specific verifiers chosen by the signer (designated verifiers) are the only entities who can verify the signature. They also constructed two concrete MDVS schemes MDVS1 and MDVS2 from bilinear maps which are proved to be secure in the random oracle model. This paper proposes a new forgery attack against MDVS1 and MDVS2, which allows an adversary, from a valid signature sigma on a document, to forge a signature on the same document. Because of the definition of the unforgeability of MDVS schemes, when all designated verifiers are colluded, thencan forge a signature on an arbitrary document (and thus the same document). However, the signer cannot distinguish who forged a signature (whether the adversary or the colluded designated verifiers) when the forged signature is given. Thus, the signer cannot convince the designated verifiers and this is critical for MDVS because the scheme is based on the trusty relationship between the signer and the designated verifiers. We also show the forgery attack against a DVS scheme proposed by Ohyama-Tanaka based on MDVS2.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130486061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Trust Based Multi Path DSR Protocol","authors":"Poonam Gera, K. Garg, M. Misra","doi":"10.1109/ARES.2010.87","DOIUrl":"https://doi.org/10.1109/ARES.2010.87","url":null,"abstract":"Ad-hoc networks establish communication in improvised environments without requiring any fixed infrastructure. These networks are inherently prone to security attacks, with node mobility being the primary cause in allowing security breaches. Therefore secure routing is a must for such networks. A number of secure routing protocols based on trust have recently been proposed. However, all these protocols use the traditional route discovery model, where a node drops RREQ packet if its own ID is in the source route of the packet, or if it has previously processed the packet. A misbehaving node takes advantage of this vulnerability and forwards the RREQ fast, so that the RREQ received from other nodes are dropped and the path discovered includes itself (the misbehaving node). In this paper, we present a unique trust based method which is not vulnerable to this behavior. In our method, each node broadcasts a RREQ packet if it is received from different neighbors. A secure and efficient route to the destination is calculated as a weighted average of the trust value of the nodes in the route, with respect to its behavior observed by its neighboring nodes and the number of nodes in the route. We evaluate the misbehaving node detection rate and the efficiency of our method along a number of parameters. Results show that our method increases the throughput of the network while discovering a secure route.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127027770","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Towards a Privacy-Enhanced Social Networking Site","authors":"Esma Aïmeur, S. Gambs, Ai Ho","doi":"10.1109/ARES.2010.97","DOIUrl":"https://doi.org/10.1109/ARES.2010.97","url":null,"abstract":"Social Networking Sites (SNS), such as Facebook and LinkedIn, have become the established place for keeping contact with old friends and meeting new acquaintances. As a result, a user leaves a big trail of personal information about him and his friends on the SNS, sometimes even without being aware of it. This information can lead to privacy drifts such as damaging his reputation and credibility, security risks (for instance identity theft) and profiling risks. In this paper, we first highlight some privacy issues raised by the growing development of SNS and identify clearly three privacy risks. While it may seem a priori that privacy and SNS are two antagonist concepts, we also identified some privacy criteria that SNS could fulfill in order to be more respectful of the privacy of their users. Finally, we introduce the concept of a Privacy-enhanced Social Networking Site (PSNS) and we describe Privacy Watch, our first implementation of a PSNS.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129231544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Florian Kohlar, Jörg Schwenk, Meiko Jensen, S. Gajek
{"title":"Secure Bindings of SAML Assertions to TLS Sessions","authors":"Florian Kohlar, Jörg Schwenk, Meiko Jensen, S. Gajek","doi":"10.1109/ARES.2010.89","DOIUrl":"https://doi.org/10.1109/ARES.2010.89","url":null,"abstract":"In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121589333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Dual-Level Attack Detection and Characterization for Networks under DDoS","authors":"A. Sardana, R. Joshi","doi":"10.1109/ARES.2010.84","DOIUrl":"https://doi.org/10.1109/ARES.2010.84","url":null,"abstract":"DDoS attacks aim to deny legitimate users of the services. In this paper, we introduce novel dual - level attack detection (D-LAD) scheme for defending against the DDoS attacks. At higher and coarse level, the macroscopic level detectors (MaLAD) attempt to detect congestion inducing attacks which cause apparent slowdown in network functionality. The large volumes attacks are detected early at border routers in transit network before they converge at the victim. At lower and fine level, the microscopic level detectors (MiLAD) detect sophisticated attacks that cause network performance to degrade gracefully and stealth attacks that remain undetected in transit domain and do not impact the victim. These attacks have dramatic impact on victim and are detected at border routers in stub domain near the victim. We employ the concepts of varying threshold and change point detection on entropy to enhance the detection rate. Honeypots help achieve high filtering accuracy. Results demonstrate that in addition to being competitive than other techniques with respect to detection rate and false alarm rate, our scheme is very effective and works well in the presence of different DDoS attacks. The proposed technique provides the quite demanded solution to the DDoS problem.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"209 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115734872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
B. Aziz, Á. Arenas, G. Cortese, B. Crispo, Silvio Causetti
{"title":"A Secure and Scalable Grid-Based Content Management System","authors":"B. Aziz, Á. Arenas, G. Cortese, B. Crispo, Silvio Causetti","doi":"10.1109/ARES.2010.80","DOIUrl":"https://doi.org/10.1109/ARES.2010.80","url":null,"abstract":"We present in this paper a secure and scalable Grid-based content management system for the management of high-volume multimedia data in the domain of the publishing industry. This is achieved by leveraging on existing individual solutions, such as the Alfresco content management system, the SRM standard for building scalable solutions based on the Grid and the GridTrust services for building trustworthy and secure Grid systems. Our solution brings closer the use of the Grid to the enterprise community within the context of a real world use case scenario. The solution facilitates the fine-grained usage control of the storage resources and a reputation-based matching between resource policies and users' past behaviour.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134081545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Taxonomy Refining the Security Requirements for Electronic Voting: Analyzing Helios as a Proof of Concept","authors":"L. Langer, Axel Schmidt, J. Buchmann, M. Volkamer","doi":"10.1109/ARES.2010.106","DOIUrl":"https://doi.org/10.1109/ARES.2010.106","url":null,"abstract":"Over the past years an approved set of security requirements for electronic voting has been established. However, there is no consistent perception of the exact content and scope of these requirements. Therefore, the corner stone for a comprehensive taxonomy refining the security requirements for electronic voting was laid in [1]. In order to verify the validity of this taxonomy, we apply it to the voting schemes Helios 1.0 and 2.0. We provide amendments to the original taxonomy and demonstrate that it successfully distinguishes between different, but related voting schemes, thus supporting its relevance for the study of electronic voting systems.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134213133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secured Key Distribution Scheme for Cryptographic Key Management System","authors":"Kyawt Kyawt Khaing, Khin Mi Mi Aung","doi":"10.1109/ARES.2010.96","DOIUrl":"https://doi.org/10.1109/ARES.2010.96","url":null,"abstract":"Key distribution is the task of distributing secret keys between transmitter and receiver by providing security properties. Our key distribution scheme is beneficial for key transactions where the data encrypting key is encrypted with an upper-level key encrypting key and transmitted to the receiving side. We assume there is a trusted authority (TA) in the network which choose a secret key for communicating, and transits it to parties that wants to communicate with. There could be two or more parties that establish a secret key. At the end of a key tree two parties share a key K. The value of K is not known to any other party except TA. This scheme limits amount of cipher text available to an attacker and also limit exposure in event of key compromise. While the other schemes focus to reduce computation, or the amount of data the needs to be exchanged, our scheme is cable of Self-Adaptive key establishment for Large-Scale users as well as reduces the computational complexity.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"284 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131635585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}