发布求助
文献互助 智能选刊 最新文献

2009 Third International Conference on Emerging Security Information, Systems and Technologies最新文献

筛选
英文 中文
Analysis of a Password Strengthening Technique and Its Practical Use 一种密码强化技术分析及其实际应用
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.52
B. Groza
{"title":"Analysis of a Password Strengthening Technique and Its Practical Use","authors":"B. Groza","doi":"10.1109/SECURWARE.2009.52","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.52","url":null,"abstract":"Besides commonly used password strengthening techniques such as salting or repeated applications of a one-way function on the password, we account a less common procedure: the truncation of the output from a one-way function on the password. This technique is used in a Norwegian ATM and a similar method is part of an authentication protocol from Anderson and Lomas which makes use of collision-full hash functions. We depict a probabilistic bound on the probability of guessing the password in the Anderson-Lomas protocol and we propose some improvements on the protocol. Further, the improved protocol proves to be a good solution for a password based authentication between two devices that authenticate in the absence of a previously known secret or of a trusted third party. The protocol proves to have all the desired properties for this scenario.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126612080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Detection of Security and Dependability Threats: A Belief Based Reasoning Approach 安全与可靠性威胁的检测:基于信念的推理方法
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.55
Davide Lorenzoli, G. Spanoudakis
{"title":"Detection of Security and Dependability Threats: A Belief Based Reasoning Approach","authors":"Davide Lorenzoli, G. Spanoudakis","doi":"10.1109/SECURWARE.2009.55","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.55","url":null,"abstract":"Monitoring the preservation of security and dependability (S&D) properties during the operation of systems at runtime is an important verification measure that can increase system resilience. However it does not always provide sufficient scope for taking control actions against violations as it only detects problems after they occur. In this paper, we describe a proactive monitoring approach that detects potential violations of S&D properties, called “threats”, and discuss the results of an initial evaluation of it.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114392661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A Formal IT-Security Model for a Weak Fair-Exchange Cooperation with Non-repudiation Proofs 具有不可抵赖证明的弱公平交换合作的形式化it安全模型
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.15
Rüdiger Grimm
{"title":"A Formal IT-Security Model for a Weak Fair-Exchange Cooperation with Non-repudiation Proofs","authors":"Rüdiger Grimm","doi":"10.1109/SECURWARE.2009.15","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.15","url":null,"abstract":"This article presents a formal IT-security model for the step-by-step exchange of digital items. Following the taxonomy of Asokan the model presented here addresses the security requirements for a so-called “weak” fair exchange. “Weak” refers to the fact, that third parties are used to dissolve disputes. In this model, non-repudiation proofs are used in an external dispute to establish weak fairness. It shows how many unproved steps can be tolerated by one party without loss of fairness. The model is based on the idea of a “continuous balance of obligations and their proofs”. This idea was proposed 1993 by Grimm, but never since formalized properly.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129285210","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Secure Routing Approach for Unstructured P2P Systems 非结构化P2P系统的安全路由方法
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.39
Stefan Kraxberger, Udo Payer
{"title":"Secure Routing Approach for Unstructured P2P Systems","authors":"Stefan Kraxberger, Udo Payer","doi":"10.1109/SECURWARE.2009.39","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.39","url":null,"abstract":"Although P2P systems have found its way into almost every field of application, the lack of adequate security concepts, research for specific security algorithms and implementations of suitable security mechanisms are still limiting their full potential. We are focusing on getting an overall view on the security of heterogeneous unstructured P2P systems and finding solutions to this challenging task. This work tries to make the first step towards secure unstructured P2P systems by applying security to routing. Existing secure routing protocols are either intended for structured P2P systems or use mechanisms not adequate for heterogeneous P2P system. We used the dynamic source routing protocol and proposed security extensions as foundation, adapted and modified the inherent principles to comply with the P2P concept and verified the applicability in a real world system.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130941848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
True Positive Cost Curve: A Cost-Based Evaluation Method for High-Interaction Client Honeypots 真正成本曲线:一种基于成本的高交互客户端蜜罐评价方法
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.17
C. Seifert, P. Komisarczuk, I. Welch
{"title":"True Positive Cost Curve: A Cost-Based Evaluation Method for High-Interaction Client Honeypots","authors":"C. Seifert, P. Komisarczuk, I. Welch","doi":"10.1109/SECURWARE.2009.17","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.17","url":null,"abstract":"Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious web pages by driving a dedicated vulnerable web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious web pages is a crucial task. HICHPs, however, present challenges: They are slow and tend to miss attacks. For researchers to address these shortcomings, they need methods for evaluating HICHPs. This paper (1) presents an evaluation method called the True Positive Cost Curve (TPCC), which makes it possible to evaluate and compare HICHPs in an operating environment, but also allows an operator to tune HICHPs within a specific operating environment; (2) presents improvements on the way HICHPs visit web pages and evaluates them with the TPCC method; and (3) discusses the impact of time bombs on the performance of HICHPs in an operating environment and the ability to tune an HICHP for optimal performance with the help of the TPCC.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128877473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Secure Distributed Multiplication of Two Polynomially Shared Values: Enhancing the Efficiency of the Protocol 两个多项式共享值的安全分布式乘法:提高协议的效率
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.51
P. Lory
{"title":"Secure Distributed Multiplication of Two Polynomially Shared Values: Enhancing the Efficiency of the Protocol","authors":"P. Lory","doi":"10.1109/SECURWARE.2009.51","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.51","url":null,"abstract":"In view of practical applications, it is a high priority to optimize the efficiency of methods for secure multiparty computations. These techniques enable, for instance, truly practical double auctions and distributed signatures. The multiplication protocol for the secure multiparty multiplication of two polynomially shared values over Z_q with a public prime number q is an important module in these computations. The protocol of Gennaro, Rabin and Rabin (1998) is a well known and efficient protocol for this purpose. It requires one round of communication and O(n^2 k log n + n k^2) bit-operations per player, where k is the bit size of the prime q and n is the number of players. In a previous paper (2007), the author has presented a modification of this protocol, that reduces its complexity to O(n^2k + nk^2). The present paper reduces this complexity further to O(n^2 k). This reduction is profitable in situations where n is smaller than k. The new protocol requires the same amount of communication as the original one and is unconditionally secure, as well.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126154957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
List of Criteria for a Secure Computer Architecture 安全计算机体系结构标准列表
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.19
Igor Podebrad, Klaus Hildebrandt, B. Klauer
{"title":"List of Criteria for a Secure Computer Architecture","authors":"Igor Podebrad, Klaus Hildebrandt, B. Klauer","doi":"10.1109/SECURWARE.2009.19","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.19","url":null,"abstract":"The security of a digital system depends directly onthe security of the hardware platform the system is based on.The analysis of currently available computer architectures hasshown that such systems offer a lot of security gaps. This is dueto the fact that in the past hardware has only been optimizedfor speed - never for security. In this paper we propose a set ofhardware features to support system security.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128424590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A New Approach to Protect the OS from Off-line Attacks Using the Smart Card 一种利用智能卡保护操作系统免受离线攻击的新方法
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.57
H. R. Ghaleh, Shahin Norouzi
{"title":"A New Approach to Protect the OS from Off-line Attacks Using the Smart Card","authors":"H. R. Ghaleh, Shahin Norouzi","doi":"10.1109/SECURWARE.2009.57","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.57","url":null,"abstract":"Since the present computer systems use layered and modular architectures and execute the instructions in a number of different phases, therefore it has become an imperative to establish a trusted chain between various layers. It usually is integrity checking by hashing of executable codes. With guarantee of software integrity, the web servers and other network entities can trust to client systems or workstations. Several methods have been proposed for this purpose, each of them have their own advantages and weakness. Recently a group of big software and hardware companies working in Information Technology field known as Trusted Computing Group (TCG) are engaged in designing and making standards of various aspects of trusted computer systems including applications, PCs, networks, cryptography modules and so on. These standards can make the system trusted, but they need some hardware changes such as BIOS and Trusted Platform Module (TPM). These changes are not applicable for present systems and we have to purchase new hardware. This paper is an attempt at propose a new method that can make the present systems trusted. This method uses are movable trusted storage that is compatible with TCG storage standard.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129024916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Detecting Man-in-the-Middle Attacks by Precise Timing 精确定时检测中间人攻击
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.20
B. Aziz, G. Hamilton
{"title":"Detecting Man-in-the-Middle Attacks by Precise Timing","authors":"B. Aziz, G. Hamilton","doi":"10.1109/SECURWARE.2009.20","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.20","url":null,"abstract":"Man-in-the-middle attacks are one of the most popular and fundamental attacks on distributed systems that have evolved with advances in distributed computing technologies and have assumed several shapes ranging from simple IP spoofing to complicated attacks on wireless communications, which have safety-critical applications such as remote wireless passport verification. This paper proposes a static analysis algorithm for the detection of man-in-the-middle attacks in mobile processes using a solution based on precise timing.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130790179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Criteria for Evaluating the Privacy Protection Level of Identity Management Services 身份管理服务隐私保护水平评价标准
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.31
Hyangjin Lee, Inkyoung Jeun, Hyuncheol Jung
{"title":"Criteria for Evaluating the Privacy Protection Level of Identity Management Services","authors":"Hyangjin Lee, Inkyoung Jeun, Hyuncheol Jung","doi":"10.1109/SECURWARE.2009.31","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.31","url":null,"abstract":"Identity Management is the one of web services that manages the digital identity and the personally identifiable information of the user who subscribed for various web services in Internet. It was developed to provide user with an easy way to use and manage various user's digital identities that were provided from each web service. If the user subscribes to an Identity Management service, the user can access the other web sites affiliated with the Identity Management service and use their web services by using the identity issued by the Identity Management service. And the user can manage the user's personally identifiable information distributed among various web sites in an integrated way through this service. However, if the identity provider, which provides this Identity Management service, discloses the user’s identity and personal identifiable information, identity theft can happen throughout the entire affiliated web sites. As a result, the privacy protection level of the Identity provider, that is, the level of protection for personally identifiable information, is the critical factor of successful Identity Management service. Therefore, Identity Provider should provide an easy way to the internal or external auditor of them for assessing the privacy protection level. This paper describes privacy threats for each identity life cycle, such as Identity provision, propagation, use and maintain, and destruction, and proposes the criteria that evaluate the privacy protection level provided by the Identity provider as a countermeasure against these threats. The internal or external auditor can use the criteria described in this paper, as a way of assessing the privacy protection level of Identity Provider","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126237023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信