发布求助
文献互助 智能选刊 最新文献

2009 Third International Conference on Emerging Security Information, Systems and Technologies最新文献

筛选
英文 中文
Multi-level Authentication Scheme Utilizing Smart Cards and Biometrics 利用智能卡和生物识别技术的多级认证方案
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.22
Mücahit Mutlugün, I. Sogukpinar
{"title":"Multi-level Authentication Scheme Utilizing Smart Cards and Biometrics","authors":"Mücahit Mutlugün, I. Sogukpinar","doi":"10.1109/SECURWARE.2009.22","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.22","url":null,"abstract":"Authentication is an important part of security area. Smart Cards and Biometrics are widely used in authentication schemes. In this work, we propose a novel architecture and scheme for remote authentication. In this architecture, authentication level is decided by a policy server. The scheme provides an ability to use three authentication factors within different levels. Additional credentials are requested from user upon the authentication level determined by the policy server. The proposed scheme is designed to resist well-known attacks like replay and forgery attacks. At the same time, it fulfills many requirements expected from authentication schemes like mutual authentication and not to keep verification table. We also compared our scheme with well known schemes in the literature.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125141947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Quantification of the Effect of Security on Performance in Wireless LANs 无线局域网中安全性对性能影响的量化
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.16
G. R. Begh, A. H. Mir
{"title":"Quantification of the Effect of Security on Performance in Wireless LANs","authors":"G. R. Begh, A. H. Mir","doi":"10.1109/SECURWARE.2009.16","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.16","url":null,"abstract":"This paper investigates and quantifies the effect of different security protocols on the performance of a wireless LAN. Experiments were performed on a wireless test-bed and the data obtained was analyzed for throughput, delay and packet loss under different security scenarios. Both TCP and UDP traffic streams were analyzed at three different data rates. The effect of congestion is also quantified. The results reveal that no significant degradation in performance occurs by enabling security protocols in a wireless LAN.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114556898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
The Pushdown Attack on AES AES的下推攻击
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.50
M. El-Fotouh, K. Diepold
{"title":"The Pushdown Attack on AES","authors":"M. El-Fotouh, K. Diepold","doi":"10.1109/SECURWARE.2009.50","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.50","url":null,"abstract":"We present a new idea on chosen plaintext cryptanalysis, where we can bypass some of the cipher's encryption rounds at its beginning. To illustrate this idea, we developed the Pushdown attack. This attack can increase the strength of some chosen plaintext attacks. We applied the Pushdown attack on AES and was able to achieve a 6-round attack that requires only 2$^{11}$ chosen plaintexts, this reduces the chosen plaintexts needed by the Square attack with a factor of 2$^{21}$.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121711280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Towards Proactive Policies Supporting Event-Based Task Delegation 面向支持基于事件的任务委派的主动策略
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.23
Khaled Gaaloul, P. Miseldine, F. Charoy
{"title":"Towards Proactive Policies Supporting Event-Based Task Delegation","authors":"Khaled Gaaloul, P. Miseldine, F. Charoy","doi":"10.1109/SECURWARE.2009.23","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.23","url":null,"abstract":"Delegation mechanisms are receiving increasing interest from the research community. Task delegation is a mechanism that supports organisational flexibility in the human-centric workflow systems, and ensures delegation of authority in access control systems. In this paper, we consider task delegation as an advanced security mechanism supporting policy decision. We define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them in terms of delegation policies. When one of these events changes, our access policy decision may change proactively implying dynamic delegation of authority. Existing work on access control systems remain stateless and do not consider this perspective. We highlight such limitations, and propose a task delegation framework to support proactive enforcement of delegation policies.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117346540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Personalized Filtering of Polymorphic E-mail Spam 多态垃圾邮件的个性化过滤
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.45
Masaru Takesue
{"title":"Personalized Filtering of Polymorphic E-mail Spam","authors":"Masaru Takesue","doi":"10.1109/SECURWARE.2009.45","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.45","url":null,"abstract":"Which of emails are spams depends on the recipient's interest, so it is desirable to filter spams based on his/her interest. We store the fingerprints (FPs) of k portions of each spam's content in our filter and examine the metrics for detecting the polymorphic spams devised with intent to thwart the detection. For a smaller size of the filter, we exploit two Bloom filters (in fact, merged into a single one to reduce cache miss) to replace the least recently matched spams by recently matched ones. We use as the metrics the number $N_t (≤ k)$ of FPs in the filter matching with those of an incoming email, but also of the $N_T$ FPs, the greatest number $N_d$ of FPs stored for a single spam. We plot spams and legitimate emails in the $N_d-N_t$ space and detect spams by a piecewise linear function. The experiments with about 4,000 real world emails show that our filter achieves the false negative rate of about 0.36 with no false positive.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124937270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Secrecy for Bounded Security Protocols without Freshness Check 无新鲜度检查的有限安全协议的保密性
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.13
Catalin V. Bîrjoveanu
{"title":"Secrecy for Bounded Security Protocols without Freshness Check","authors":"Catalin V. Bîrjoveanu","doi":"10.1109/SECURWARE.2009.13","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.13","url":null,"abstract":"The secrecy problem for security protocols is the problem to decide whether or not a given security protocol has leaky runs. The complexity of the secrecy problem for bounded security protocols without freshness check remained open. In this paper, we prove DEXPTIME-completeness of the secrecy problem for bounded security protocols without freshness check, solving the problem left open.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121217446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Replay Attack of Dynamic Rights within an Authorised Domain 授权域中动态权限重放攻击
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.30
I. Abbadi, Muntaha Alawneh
{"title":"Replay Attack of Dynamic Rights within an Authorised Domain","authors":"I. Abbadi, Muntaha Alawneh","doi":"10.1109/SECURWARE.2009.30","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.30","url":null,"abstract":"Digital Rights Management (DRM), unlike access control techniques, associates content with a rights object specifying content usage rules. The rights object is always bound with content and enforced wherever content is transferred and used. Such a rights object, in many cases, contains dynamic rights, which change with usage and time, e.g. play period, print count, and expire after a specific period. Most existing DRM techniques do not address the replay attack problem for dynamic rights. This problem has the greatest impact when the DRM mechanisms get integrated with authorised domains. In this paper we mainly focus on the replay attack for dynamic rights when it is transferred between member devices in an authorised domain, and when it is restored from an old backup enabling the reuse of an expired license. We also propose a novel mechanism for controlling and managing the consumption of dynamic rights between member devices in a domain. This is to provide a controlled environment for a user to transfer dynamic rights back and forth between domain devices in order to use content on any device member in the domain at a chosen time.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130837091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Using Object-Oriented Concepts to Develop a High-Level Information Privacy Risk Management Model 用面向对象的概念开发高级信息隐私风险管理模型
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.11
K. Reddy, H. Venter
{"title":"Using Object-Oriented Concepts to Develop a High-Level Information Privacy Risk Management Model","authors":"K. Reddy, H. Venter","doi":"10.1109/SECURWARE.2009.11","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.11","url":null,"abstract":"In this paper we present a conceptual model for the management of information privacy risk in large organisations. The model is based on the similarities between the concepts of departments in large organisations and the object-oriented computer paradigm. It is a high-level model that takes a holistic view of information privacy risk management, and, as such, identifies risk in both manual and automated processes during the acquisition, processing, storage and dissemination of information. While conceptual in nature, the model is well suited to practical implementation due to the structure it derives from the object-oriented paradigm. The practical application of the model is demonstrated by way of an example scenario. This paper contributes by addressing the absence in the literature of freely available models for the holistic management information privacy risk in large organisations.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121882805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes 信息系统安全工程(ESIS)流程:业务流程的形式主义
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.24
Wilson Goudalo, D. Seret
{"title":"The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes","authors":"Wilson Goudalo, D. Seret","doi":"10.1109/SECURWARE.2009.24","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.24","url":null,"abstract":"Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define Engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of Security know-how into UML profiles, we focus this work on the presentation of the Process of Engineering of Security into the formalism of Business Processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of Security of Information Systems into the formalism of business process, and presents the concepts of engineering of Security of Information Systems using the foundations and models of Information Systems Engineering.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126429026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
On the Tradeoff between MAC-Layer and Network-Layer Topology-Controlled Malware Spreading Schemes in Ad Hoc and Sensor Networks Ad Hoc和传感器网络中mac层和网络层拓扑控制恶意软件传播方案的权衡
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.46
V. Karyotis, Anastasios Kakalis, S. Papavassiliou
{"title":"On the Tradeoff between MAC-Layer and Network-Layer Topology-Controlled Malware Spreading Schemes in Ad Hoc and Sensor Networks","authors":"V. Karyotis, Anastasios Kakalis, S. Papavassiliou","doi":"10.1109/SECURWARE.2009.46","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.46","url":null,"abstract":"Significant interest has been raised recently in wireless networks in modeling and dealing effectively with different types of attacks. In this paper, emphasis is placed on the attacker's perspective and based on a probabilistic framework we study intelligent strategies for spreading malicious software, in order to realize the potentials of such attacks. The considered attack schemes are based on the topology control capabilities of wireless nodes and may be realized either at the Network layer by using node degree related information or the MAC layer by setting attackers to sleep for energy conservation purposes. To the best of our knowledge this is the first attempt to adopt the use of sleeping schedules in order to eventually increase attack efficiency. We compare the performance of the two families of strategies using both time-independent and time-dependent attack metrics. Our evaluation analysis reveals an inherent tradeoff between the two families that depends, among others, on the idle energy consumption and the network density.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122843078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信