Hoon Ko, Yong-Jun Lee, Kyung-Sang Sung, H. Oh, Yongtae Shin
While a lot of important information is being sent and received on the Internet, the information could be exposed to many threats, and the more the multicast service is various and generalized, the more the service range is widened. When a new member joins in or leaves from the multicast group, the group key, which the existing member used, should be newly updated. The existing method had a problem that the performance was depreciated by the key exchanging. This paper proposes the effective group management mechanism for a secure transmission of the multicast data on the multicast group.
{"title":"A Study on an Effective Group Management Scheme for Secure Multicast in MIPv6","authors":"Hoon Ko, Yong-Jun Lee, Kyung-Sang Sung, H. Oh, Yongtae Shin","doi":"10.1109/ISA.2008.68","DOIUrl":"https://doi.org/10.1109/ISA.2008.68","url":null,"abstract":"While a lot of important information is being sent and received on the Internet, the information could be exposed to many threats, and the more the multicast service is various and generalized, the more the service range is widened. When a new member joins in or leaves from the multicast group, the group key, which the existing member used, should be newly updated. The existing method had a problem that the performance was depreciated by the key exchanging. This paper proposes the effective group management mechanism for a secure transmission of the multicast data on the multicast group.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124874384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper gives sufficient conditions that guarantee the secrecy property for cryptographic protocols. Intuitively, these conditions state that agents should not decrease the security level of components when they send them in the network. Moreover, the verification of this condition can be performed using the standard description of cryptographic protocols and the verification process can be made automatic.
{"title":"Sufficient Conditions for Secrecy under Any Equational Theories","authors":"H. Houmani, M. Mejri","doi":"10.1109/ISA.2008.102","DOIUrl":"https://doi.org/10.1109/ISA.2008.102","url":null,"abstract":"This paper gives sufficient conditions that guarantee the secrecy property for cryptographic protocols. Intuitively, these conditions state that agents should not decrease the security level of components when they send them in the network. Moreover, the verification of this condition can be performed using the standard description of cryptographic protocols and the verification process can be made automatic.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125545835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
IT governance becomes one of hot issues in corporate information system including university ERP. IT governance provides IT value and mitigates IT-related risks such that the organization takes new business chances and grows in the future. In this paper, we briefly introduced IT governance with security engineering and university information system. And then, we proposed a strategic approach of IT governance for university information system with new performance criteria.
{"title":"Security Engineering in IT Governance for University Information System","authors":"H. Kwon","doi":"10.1109/ISA.2008.93","DOIUrl":"https://doi.org/10.1109/ISA.2008.93","url":null,"abstract":"IT governance becomes one of hot issues in corporate information system including university ERP. IT governance provides IT value and mitigates IT-related risks such that the organization takes new business chances and grows in the future. In this paper, we briefly introduced IT governance with security engineering and university information system. And then, we proposed a strategic approach of IT governance for university information system with new performance criteria.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122761083","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paper presents an new authentication method on WiMAX, which is a new and hot research point for telecommunication and computer scientist. In the IEEE 802.11 technology, security was added later while IEEE 802.16 considered the security issues during the design of the protocol. However, security mechanism of the IEEE 802.16 still remains a question. WiMAX is relatively a new technology and does not deployed widely to justify the evidence of threats, risk and vulnerability in real situations. We discuss the authentication design based on neural cryptography in the end.
{"title":"Secure Authentication on WiMAX with Neural Cryptography","authors":"Dong Hu, Yu Yan Wang","doi":"10.1109/ISA.2008.16","DOIUrl":"https://doi.org/10.1109/ISA.2008.16","url":null,"abstract":"The paper presents an new authentication method on WiMAX, which is a new and hot research point for telecommunication and computer scientist. In the IEEE 802.11 technology, security was added later while IEEE 802.16 considered the security issues during the design of the protocol. However, security mechanism of the IEEE 802.16 still remains a question. WiMAX is relatively a new technology and does not deployed widely to justify the evidence of threats, risk and vulnerability in real situations. We discuss the authentication design based on neural cryptography in the end.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116614781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Forensic tools are used to create critical evidence in computer-related crimes investigation. The evidence has an effect on judgment by the court and it requires verification of forensic tools. The verification should require an agreement of law enforcement organizations. Computer Forensic Tool Testing (CFTT) Verification project provides a measure of assurance that the tools used in the investigations produce valid results [1]. CFTT suggests requirements, assertions and test cases document for verification of forensic tools. There are hidden data in acquired image however CFTT do not deal with detection test on hidden data. Detection technology depends on cover carriers, such as images, audio, text or code represented digitally, hold the hidden data. This paper proposes preprocesses for detection of hidden data to be existed or not by forensic tools.
{"title":"Detection of Hidden Information in Forensic Tools","authors":"Yeog Kim, Jewan Bang, Sangjin Lee, Jongin Lim","doi":"10.1109/ISA.2008.34","DOIUrl":"https://doi.org/10.1109/ISA.2008.34","url":null,"abstract":"Forensic tools are used to create critical evidence in computer-related crimes investigation. The evidence has an effect on judgment by the court and it requires verification of forensic tools. The verification should require an agreement of law enforcement organizations. Computer Forensic Tool Testing (CFTT) Verification project provides a measure of assurance that the tools used in the investigations produce valid results [1]. CFTT suggests requirements, assertions and test cases document for verification of forensic tools. There are hidden data in acquired image however CFTT do not deal with detection test on hidden data. Detection technology depends on cover carriers, such as images, audio, text or code represented digitally, hold the hidden data. This paper proposes preprocesses for detection of hidden data to be existed or not by forensic tools.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129498209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Impossible differential cryptanalysis is a method recovering secret key by getting rid of the keys that satisfy impossible differential relations. This cryptanalysis has been used to attack AES and many good results were gotten. For the new block cipher ARIA is similar to AES in structure, it is necessary to research its security against impossible differential cryptanalysis. We find a new impossible differential property of the block cipher ARIA, and we propose an attack against ARIA reduced to six rounds based on this property. In our attack, 10 bytes of round keys are needed to be guessed instead of 12 bytes in the previous one, so the time complexity is reduced by 216 times. It needs 2120 chosen plaintexts and 296 encryptions in our attack.
{"title":"Improved Impossible Differential Cryptanalysis of ARIA","authors":"Shenhua Li, Chunyan Song","doi":"10.1109/ISA.2008.10","DOIUrl":"https://doi.org/10.1109/ISA.2008.10","url":null,"abstract":"Impossible differential cryptanalysis is a method recovering secret key by getting rid of the keys that satisfy impossible differential relations. This cryptanalysis has been used to attack AES and many good results were gotten. For the new block cipher ARIA is similar to AES in structure, it is necessary to research its security against impossible differential cryptanalysis. We find a new impossible differential property of the block cipher ARIA, and we propose an attack against ARIA reduced to six rounds based on this property. In our attack, 10 bytes of round keys are needed to be guessed instead of 12 bytes in the previous one, so the time complexity is reduced by 216 times. It needs 2120 chosen plaintexts and 296 encryptions in our attack.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128750773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security of Internet is becoming the latest important concerns along with extensive application of the Internet. All elements that compose security system over maliciously action can display the performance though accomplish harmony of security elements perfectly. Weakness of some a part causes fatal result to whole security system. Therefore, security systems need elaborate design and mutual coordination in each elements. In this paper, we propose the method of one time password key generation of OTP using fingerprint features. Fingerprint is powerful personal authentication factors, and it can create variable password key for one time using information of fingerprint features. And we performed a simulation for proposed password key generation method.
{"title":"Password Generation of OTP System using Fingerprint Features","authors":"Byung-Rae Cha, C. Kim","doi":"10.1109/ISA.2008.73","DOIUrl":"https://doi.org/10.1109/ISA.2008.73","url":null,"abstract":"Security of Internet is becoming the latest important concerns along with extensive application of the Internet. All elements that compose security system over maliciously action can display the performance though accomplish harmony of security elements perfectly. Weakness of some a part causes fatal result to whole security system. Therefore, security systems need elaborate design and mutual coordination in each elements. In this paper, we propose the method of one time password key generation of OTP using fingerprint features. Fingerprint is powerful personal authentication factors, and it can create variable password key for one time using information of fingerprint features. And we performed a simulation for proposed password key generation method.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128271172","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mobile Agent based e-commerce systems are increasingly drawing more and more attention in recent years. However, there exist some transaction risks while enabling agents make purchase decisions and exploit information to other unknown agents in the virtual markets. Trust and reputation are widely introduced to mitigate this risk by deriving the trustworthiness of certain agent from his transaction history. Despite existing of some proposed reputation-based trust models addressing the above issue, most of them can not readily be used since there are many unforseen changes in the electronic markets. To this end, this paper proposes a novel reputation computing model that integrates a direct reputation and a recommended reputation. Specially, we present a three-factor method to evaluate the direct repu tation from personal self-experience, and adopt the vector similarity to evaluate the recommendation credibility that can effectively detect the dishonest recommendations. In addition, we amend the short term reputation and penalty factor metric to make our mechanism effective in detecting malicious agents with strategic behavior. Our experiments show that the model is highly dependable and effective.
{"title":"A Novel Reputation Computing Model for Mobile Agent-Based E-Commerce Systems","authors":"Zaobin Gan, Yijie Li, Guoqiang Xiao, Dengwen Wei","doi":"10.1109/ISA.2008.31","DOIUrl":"https://doi.org/10.1109/ISA.2008.31","url":null,"abstract":"Mobile Agent based e-commerce systems are increasingly drawing more and more attention in recent years. However, there exist some transaction risks while enabling agents make purchase decisions and exploit information to other unknown agents in the virtual markets. Trust and reputation are widely introduced to mitigate this risk by deriving the trustworthiness of certain agent from his transaction history. Despite existing of some proposed reputation-based trust models addressing the above issue, most of them can not readily be used since there are many unforseen changes in the electronic markets. To this end, this paper proposes a novel reputation computing model that integrates a direct reputation and a recommended reputation. Specially, we present a three-factor method to evaluate the direct repu tation from personal self-experience, and adopt the vector similarity to evaluate the recommendation credibility that can effectively detect the dishonest recommendations. In addition, we amend the short term reputation and penalty factor metric to make our mechanism effective in detecting malicious agents with strategic behavior. Our experiments show that the model is highly dependable and effective.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121802675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we present the intelligent multimedia data hiding techniques and their possible applications. An introduction on intelligent multimedia data hiding is described which covers backgrounds, recent advances, methodologies, and implementations. The histogram-based reversible data hiding technique is then presented with simulation results and also illustrated by using actual implementations.
{"title":"Intelligent Multimedia Data Hiding Techniques and Applications","authors":"Hsiang-Cheh Huang, W. Fang","doi":"10.1109/ISA.2008.83","DOIUrl":"https://doi.org/10.1109/ISA.2008.83","url":null,"abstract":"In this paper, we present the intelligent multimedia data hiding techniques and their possible applications. An introduction on intelligent multimedia data hiding is described which covers backgrounds, recent advances, methodologies, and implementations. The histogram-based reversible data hiding technique is then presented with simulation results and also illustrated by using actual implementations.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131481830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Heewan Park, Hyun-il Lim, Seokwoo Choi, Taisook Han
A software birthmark means the inherent characteristics of a program that can be used to identify the program. By means of comparing the birthmarks of programs, the fact of the software theft can be detected. In this paper, a static Java birthmark is proposed by utilizing a set of behaviors as the characteristics of the Java applications. A behavior denotes a sequence of byte codes which share their operands through the operand stack. We evaluate the proposed birthmark with respect to two properties required for birthmark, i.e., credibility and resilience. The empirical results show that the proposed birthmark is credible and resilient to program transformation. Therefore, the proposed birthmark can be used for identifying the software's originality.
{"title":"A Static Java Birthmark Based on Operand Stack Behaviors","authors":"Heewan Park, Hyun-il Lim, Seokwoo Choi, Taisook Han","doi":"10.1109/ISA.2008.15","DOIUrl":"https://doi.org/10.1109/ISA.2008.15","url":null,"abstract":"A software birthmark means the inherent characteristics of a program that can be used to identify the program. By means of comparing the birthmarks of programs, the fact of the software theft can be detected. In this paper, a static Java birthmark is proposed by utilizing a set of behaviors as the characteristics of the Java applications. A behavior denotes a sequence of byte codes which share their operands through the operand stack. We evaluate the proposed birthmark with respect to two properties required for birthmark, i.e., credibility and resilience. The empirical results show that the proposed birthmark is credible and resilient to program transformation. Therefore, the proposed birthmark can be used for identifying the software's originality.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131534709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: