Pub Date : 1996-02-22DOI: 10.1109/NDSS.1996.492353
J. Trostle, B. C. Neuman
While there has been considerable effort in creating a single sign-on solution for interoperability among authentication methods, such interoperability across authorization methods has received little attention. This paper presents a flexible distributed authorization protocol that provides the full generality of restricted proxies while supporting the functionality of and interoperability with existing authorization models including OSF DCE and SESAME V2. Our authorization protocol includes a delegation method that is well suited for certain electronic commerce applications.
{"title":"A flexible distributed authorization protocol","authors":"J. Trostle, B. C. Neuman","doi":"10.1109/NDSS.1996.492353","DOIUrl":"https://doi.org/10.1109/NDSS.1996.492353","url":null,"abstract":"While there has been considerable effort in creating a single sign-on solution for interoperability among authentication methods, such interoperability across authorization methods has received little attention. This paper presents a flexible distributed authorization protocol that provides the full generality of restricted proxies while supporting the functionality of and interoperability with existing authorization models including OSF DCE and SESAME V2. Our authorization protocol includes a delegation method that is well suited for certain electronic commerce applications.","PeriodicalId":104846,"journal":{"name":"Proceedings of Internet Society Symposium on Network and Distributed Systems Security","volume":"145 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123267756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-02-22DOI: 10.1109/NDSS.1996.492413
T. Jaeger, A. Rubin
We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in geographically remote locations to share files using an untrusted network. For example, distribution, of an organization's software to all the organization's sites can be accomplished using this service. Distribution of files in an untrusted network is complicated by two issues: (1) location of files and (2) verification of file integrity. ftp and World-wide Web (WWW) services require some user intervention to locate a file, so they cannot be embedded in automated systems. Distributed systems have mechanisms for automated file location and retrieval, but they require trust in all system principals and do not provide an appropriate balance between availability of files and retrieval cost for our applications. Verification of the integrity of a file retrieved from an untrusted network is necessary because the file is subject to malicious modification attacks. Our service provides the capability to automatically locate, retrieve, and verify files specified by a client using a single trusted principal. We demonstrate our service by building a system shell that automatically downloads remote software when needed.
{"title":"Preserving integrity in remote file location and retrieval","authors":"T. Jaeger, A. Rubin","doi":"10.1109/NDSS.1996.492413","DOIUrl":"https://doi.org/10.1109/NDSS.1996.492413","url":null,"abstract":"We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in geographically remote locations to share files using an untrusted network. For example, distribution, of an organization's software to all the organization's sites can be accomplished using this service. Distribution of files in an untrusted network is complicated by two issues: (1) location of files and (2) verification of file integrity. ftp and World-wide Web (WWW) services require some user intervention to locate a file, so they cannot be embedded in automated systems. Distributed systems have mechanisms for automated file location and retrieval, but they require trust in all system principals and do not provide an appropriate balance between availability of files and retrieval cost for our applications. Verification of the integrity of a file retrieved from an untrusted network is necessary because the file is subject to malicious modification attacks. Our service provides the capability to automatically locate, retrieve, and verify files specified by a client using a single trusted principal. We demonstrate our service by building a system shell that automatically downloads remote software when needed.","PeriodicalId":104846,"journal":{"name":"Proceedings of Internet Society Symposium on Network and Distributed Systems Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125100110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-02-22DOI: 10.1109/NDSS.1996.492420
I. Agi, Li Gong
MPEG (Moving Pictures Expert Group) is an industrial standard for video processing and is widely used in multimedia applications in the Internet. However, no security provision is specified in the standard. We conducted an experimental study of previously proposed selective encryption schemes for MPEG video security. This study showed that these methods are inadequate for sensitive applications. We discuss the tradeoffs between levels of security and computational and compression efficiency.
{"title":"An empirical study of secure MPEG video transmissions","authors":"I. Agi, Li Gong","doi":"10.1109/NDSS.1996.492420","DOIUrl":"https://doi.org/10.1109/NDSS.1996.492420","url":null,"abstract":"MPEG (Moving Pictures Expert Group) is an industrial standard for video processing and is widely used in multimedia applications in the Internet. However, no security provision is specified in the standard. We conducted an experimental study of previously proposed selective encryption schemes for MPEG video security. This study showed that these methods are inadequate for sensitive applications. We discuss the tradeoffs between levels of security and computational and compression efficiency.","PeriodicalId":104846,"journal":{"name":"Proceedings of Internet Society Symposium on Network and Distributed Systems Security","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127374229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-02-22DOI: 10.1109/NDSS.1996.492350
Ceki Gülcü, G. Tsudik
Increasingly large numbers of people communicate today via electronic means such as email or news forums. One of the basic properties of the current electronic communication means is the identification of the end-points. However, at times it is desirable or even critical to hide the identity and/or whereabouts of the end-points (e.g., human users) involved. This paper discusses the goals and desired properties of anonymous email in general and introduces the design and salient features of Babel anonymous remailer. Babel allows email users to converse electronically while remaining anonymous with respect to each other and to other-even hostile-parties. A range of attacks and corresponding countermeasures is considered. An attempt is made to formalize and quantify certain dimensions of anonymity and untraceable communication.
{"title":"Mixing E-mail with Babel","authors":"Ceki Gülcü, G. Tsudik","doi":"10.1109/NDSS.1996.492350","DOIUrl":"https://doi.org/10.1109/NDSS.1996.492350","url":null,"abstract":"Increasingly large numbers of people communicate today via electronic means such as email or news forums. One of the basic properties of the current electronic communication means is the identification of the end-points. However, at times it is desirable or even critical to hide the identity and/or whereabouts of the end-points (e.g., human users) involved. This paper discusses the goals and desired properties of anonymous email in general and introduces the design and salient features of Babel anonymous remailer. Babel allows email users to converse electronically while remaining anonymous with respect to each other and to other-even hostile-parties. A range of attacks and corresponding countermeasures is considered. An attempt is made to formalize and quantify certain dimensions of anonymity and untraceable communication.","PeriodicalId":104846,"journal":{"name":"Proceedings of Internet Society Symposium on Network and Distributed Systems Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116266335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: