One of the most substantial ways to protect sensitive information is encryption of data. However, the cryptographic method brings in some problems such as inefficiency and malfunctioning, especially impossibility of arithmetic. The previous works in this area have been proved insecure or can provide only a few or several SQL queries. Actually, there is no scheme which can support secure all kinds of SQL queries and arithmetic. We propose a novel scheme to solve this problem. We do not encrypt every data itself but permute all the data within each attribute so that we can break the relation of the data and the owner. Accordingly, the proposed scheme guarantees intractability of re-identification for data-owners' privacy and at the same time enables the miner to get the information he wants.
{"title":"Privacy Preserving SQL Queries","authors":"Hyun-A. Park, J. Zhan, Dong Hoon Lee","doi":"10.1109/ISA.2008.40","DOIUrl":"https://doi.org/10.1109/ISA.2008.40","url":null,"abstract":"One of the most substantial ways to protect sensitive information is encryption of data. However, the cryptographic method brings in some problems such as inefficiency and malfunctioning, especially impossibility of arithmetic. The previous works in this area have been proved insecure or can provide only a few or several SQL queries. Actually, there is no scheme which can support secure all kinds of SQL queries and arithmetic. We propose a novel scheme to solve this problem. We do not encrypt every data itself but permute all the data within each attribute so that we can break the relation of the data and the owner. Accordingly, the proposed scheme guarantees intractability of re-identification for data-owners' privacy and at the same time enables the miner to get the information he wants.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131277836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper will discusses the potential market for e-commerce in Saudi Arabia, the current infrastructure available and plans for future infrastructure developments to better support the growing e-commerce marketplace. During a field trip to Saudi Arabia the following information was collected to describe the current situation of e-commerce in Saudi and to help determine its future. The choice of Saudi Arabia for this study arose from two factors, first: Saudi is a growing market for e- commerce and disputes; second: some important information was needed to be collected to test the proposed e-commerce taxonomy, and Saudi has less strict privacy rules.
{"title":"E-commerce and E-commerce Fraud in Saudi Arabia: A Case Study","authors":"S. Alfuraih","doi":"10.1109/ISA.2008.45","DOIUrl":"https://doi.org/10.1109/ISA.2008.45","url":null,"abstract":"This paper will discusses the potential market for e-commerce in Saudi Arabia, the current infrastructure available and plans for future infrastructure developments to better support the growing e-commerce marketplace. During a field trip to Saudi Arabia the following information was collected to describe the current situation of e-commerce in Saudi and to help determine its future. The choice of Saudi Arabia for this study arose from two factors, first: Saudi is a growing market for e- commerce and disputes; second: some important information was needed to be collected to test the proposed e-commerce taxonomy, and Saudi has less strict privacy rules.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133228014","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sang Su Lee, Tae Park, Sanguk Shin, Sung-Kyong Un, D. Hong
In this paper, we describe a new forensic image format which can handle high capacity computer disk storages like IDE, SAT A, USB, or etc. And also, it supports metadata that can be defined and extended by users. Especially, it has flag field in which users set the encryption and digital signature algorithms.
在本文中,我们描述了一种新的法医图像格式,它可以处理高容量的计算机磁盘存储,如IDE, SAT a, USB等。此外,它还支持可以由用户定义和扩展的元数据。特别地,它有标记字段,用户可以在其中设置加密算法和数字签名算法。
{"title":"A New Forensic Image Format for High Capacity Disk Storage","authors":"Sang Su Lee, Tae Park, Sanguk Shin, Sung-Kyong Un, D. Hong","doi":"10.1109/ISA.2008.109","DOIUrl":"https://doi.org/10.1109/ISA.2008.109","url":null,"abstract":"In this paper, we describe a new forensic image format which can handle high capacity computer disk storages like IDE, SAT A, USB, or etc. And also, it supports metadata that can be defined and extended by users. Especially, it has flag field in which users set the encryption and digital signature algorithms.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132108735","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Seungwook Hong, Hakjae Kim, Sungju Lee, Yongwha Chung
As the mobile handheld devices equipped with fingerprint sensors are produced, it becomes important to protect the private information of a user (i.e., fingerprint image) in the remote applications. In this paper, we consider the possible scenarios to transmit fingerprint images from the handheld device to a server securely using both encryption and watermarking. Moreover, to transmit the large-sized fingerprint images via a restricted bandwidth, the image compression should be considered. Based on the experimental results, we compare and analyze three factors(i.e., the energy consumption, the watermark detection rate, and the fingerprint recognition rate) of the possible compression standard techniques (i.e., the JPEG2000 and the WSQ).
{"title":"Analyzing the Secure and Energy Efficient Transmissions of Compressed Fingerprint Images using Encryption and Watermarking","authors":"Seungwook Hong, Hakjae Kim, Sungju Lee, Yongwha Chung","doi":"10.1109/ISA.2008.57","DOIUrl":"https://doi.org/10.1109/ISA.2008.57","url":null,"abstract":"As the mobile handheld devices equipped with fingerprint sensors are produced, it becomes important to protect the private information of a user (i.e., fingerprint image) in the remote applications. In this paper, we consider the possible scenarios to transmit fingerprint images from the handheld device to a server securely using both encryption and watermarking. Moreover, to transmit the large-sized fingerprint images via a restricted bandwidth, the image compression should be considered. Based on the experimental results, we compare and analyze three factors(i.e., the energy consumption, the watermark detection rate, and the fingerprint recognition rate) of the possible compression standard techniques (i.e., the JPEG2000 and the WSQ).","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125180575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Secure group communication is one of the most significant requirements for different applications of a sensor network which employs a group rekeying mechanism for the secure and efficient delivery of its group data. We present a group rekeying scheme for broadcast security of a location aware wireless sensor network exploiting the polynomial share based peer to peer key establishment [3, 4, 5] technique for implementing secure channels between group nodes and then, we introduce a mechanism to deliver the group key to each sensor node.
{"title":"A Group Rekeying Scheme for Location-aware Sensor Networks","authors":"S. Biswas, S. R. Afzal, Gunhee Lee, Dong-Kyoo Kim","doi":"10.1109/ISA.2008.99","DOIUrl":"https://doi.org/10.1109/ISA.2008.99","url":null,"abstract":"Secure group communication is one of the most significant requirements for different applications of a sensor network which employs a group rekeying mechanism for the secure and efficient delivery of its group data. We present a group rekeying scheme for broadcast security of a location aware wireless sensor network exploiting the polynomial share based peer to peer key establishment [3, 4, 5] technique for implementing secure channels between group nodes and then, we introduce a mechanism to deliver the group key to each sensor node.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130713735","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There are management and security of software source code equivalent to assembly lines of important infrastructure in the early stage of information society directly. A support technology and framework to protect software source code are so poor state. In this paper, the proposed model that is support protection and access control between software source code as object and subject that is not authenticated safely was named CRYPTEX model. And we propose active business model to provide delegate, mobile, and security/access control function for passive software source code in document state using CRYPTEX.
{"title":"CRYPTEX Model for Software Source Code","authors":"Byung-Rae Cha","doi":"10.1109/ISA.2008.74","DOIUrl":"https://doi.org/10.1109/ISA.2008.74","url":null,"abstract":"There are management and security of software source code equivalent to assembly lines of important infrastructure in the early stage of information society directly. A support technology and framework to protect software source code are so poor state. In this paper, the proposed model that is support protection and access control between software source code as object and subject that is not authenticated safely was named CRYPTEX model. And we propose active business model to provide delegate, mobile, and security/access control function for passive software source code in document state using CRYPTEX.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114270212","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sensor devices have critical resource constraints such as processing speed, memory size and energy supply. Especially, energy consumption affects the network lifetime so that energy efficiency is an important requirement for wireless sensor networks (WSNs). It means that it is a considerable matter to choose the energy- and memory-efficient cryptographic algorithm suitable for wireless sensor networks. Tiny Sec, de facto security architecture for wireless sensor networks, supports traditional cryptographic algorithms such as RC5 and Skipjack while the traditional cryptographic algorithms might be unsuitable for 8-bit computing devices of which wireless sensor networks consist. Accordingly, it is necessary to evaluate the traditional cryptographic algorithms and 8-bit oriented cryptographic algorithm in performance but there is no work in this area. In this paper, we consider another candidate HIGHT, designed to be proper to ubiquitous 8-bit computing devices (e.g. sensor node or RFID tag), for wireless sensor networks. After implementing new lightweight HIGHT on Mica! and analyzing the performance between HIGHT and the traditional cryptographic algorithms, we can conclude that HIGHT, outstanding in security and efficiency, is recommended for TinySec as like traditional cryptographic algorithms on TinySec. Hence, we recommend new lightweight candidate HIGHT to be added to security module in TinySec.
{"title":"Implementation and Analysis of New Lightweight Cryptographic Algorithm Suitable for Wireless Sensor Networks","authors":"W. Koo, Hwaseong Lee, Y. H. Kim, Dong Hoon Lee","doi":"10.1109/ISA.2008.53","DOIUrl":"https://doi.org/10.1109/ISA.2008.53","url":null,"abstract":"Sensor devices have critical resource constraints such as processing speed, memory size and energy supply. Especially, energy consumption affects the network lifetime so that energy efficiency is an important requirement for wireless sensor networks (WSNs). It means that it is a considerable matter to choose the energy- and memory-efficient cryptographic algorithm suitable for wireless sensor networks. Tiny Sec, de facto security architecture for wireless sensor networks, supports traditional cryptographic algorithms such as RC5 and Skipjack while the traditional cryptographic algorithms might be unsuitable for 8-bit computing devices of which wireless sensor networks consist. Accordingly, it is necessary to evaluate the traditional cryptographic algorithms and 8-bit oriented cryptographic algorithm in performance but there is no work in this area. In this paper, we consider another candidate HIGHT, designed to be proper to ubiquitous 8-bit computing devices (e.g. sensor node or RFID tag), for wireless sensor networks. After implementing new lightweight HIGHT on Mica! and analyzing the performance between HIGHT and the traditional cryptographic algorithms, we can conclude that HIGHT, outstanding in security and efficiency, is recommended for TinySec as like traditional cryptographic algorithms on TinySec. Hence, we recommend new lightweight candidate HIGHT to be added to security module in TinySec.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122737390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Intrusion detection is the means to identify the intrusive behaviors and provides useful information to intruded systems to respond fast and to avoid or reduce damages. In recent years, learning machine technology is often used as a detection method in anomaly detection. In this research, we use support vector machine as a learning method for anomaly detection, and use LibSVM as the support vector machine tool. By using this tool, we get rid of numerous and complex operation and do not have to use external tools for finding parameters as need by using other algorithms such as the genetic algorithm. Experimental results show that high average detection rates and low average false positive rates in anomaly detection are achieved by our proposed approach.
{"title":"Anomaly Detection Using LibSVM Training Tools","authors":"Chu-Hsing Lin, Jung-Chun Liu, Chia-Han Ho","doi":"10.1109/ISA.2008.12","DOIUrl":"https://doi.org/10.1109/ISA.2008.12","url":null,"abstract":"Intrusion detection is the means to identify the intrusive behaviors and provides useful information to intruded systems to respond fast and to avoid or reduce damages. In recent years, learning machine technology is often used as a detection method in anomaly detection. In this research, we use support vector machine as a learning method for anomaly detection, and use LibSVM as the support vector machine tool. By using this tool, we get rid of numerous and complex operation and do not have to use external tools for finding parameters as need by using other algorithms such as the genetic algorithm. Experimental results show that high average detection rates and low average false positive rates in anomaly detection are achieved by our proposed approach.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124605589","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Khalid Sultan, Abdeslam En-Nouaary, A. Hamou-Lhadj
In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software is delivered to the customer. The proposed metrics are defined using the goal/question/metric method. It is anticipated that software engineers will use these metrics in combination with other techniques to detect security risks and prevent these risks from becoming reality. This work is part of a larger research project that aims at examining the concept of "Design for Security". The objective is to investigate software engineering techniques to support security requirements from the very beginning of the development process.
{"title":"Catalog of Metrics for Assessing Security Risks of Software throughout the Software Development Life Cycle","authors":"Khalid Sultan, Abdeslam En-Nouaary, A. Hamou-Lhadj","doi":"10.1109/ISA.2008.104","DOIUrl":"https://doi.org/10.1109/ISA.2008.104","url":null,"abstract":"In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software is delivered to the customer. The proposed metrics are defined using the goal/question/metric method. It is anticipated that software engineers will use these metrics in combination with other techniques to detect security risks and prevent these risks from becoming reality. This work is part of a larger research project that aims at examining the concept of \"Design for Security\". The objective is to investigate software engineering techniques to support security requirements from the very beginning of the development process.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132166430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Boldt, A. Jacobsson, Niklas Lavesson, P. Davidsson
The amount of spyware increases rapidly over the Internet and it is usually hard for the average user to know if a software application hosts spyware. This paper investigates the hypothesis that it is possible to detect from the end user license agreement (EULA) whether its associated software hosts spyware or not. We generated a data set by collecting 100 applications with EULAs and classifying each EULA as either good or bad. An experiment was conducted, in which 15 popular default-configured mining algorithms were applied on the EULA data set. The results show that 13 algorithms are significantly better than random guessing, thus we conclude that the hypothesis can be accepted. Moreover, 2 algorithms also perform significantly better than the current state-of-the-art EULA analysis method. Based on these results, we present a novel tool that can be used to prevent the installation of spyware.
{"title":"Automated Spyware Detection Using End User License Agreements","authors":"M. Boldt, A. Jacobsson, Niklas Lavesson, P. Davidsson","doi":"10.1109/ISA.2008.91","DOIUrl":"https://doi.org/10.1109/ISA.2008.91","url":null,"abstract":"The amount of spyware increases rapidly over the Internet and it is usually hard for the average user to know if a software application hosts spyware. This paper investigates the hypothesis that it is possible to detect from the end user license agreement (EULA) whether its associated software hosts spyware or not. We generated a data set by collecting 100 applications with EULAs and classifying each EULA as either good or bad. An experiment was conducted, in which 15 popular default-configured mining algorithms were applied on the EULA data set. The results show that 13 algorithms are significantly better than random guessing, thus we conclude that the hypothesis can be accepted. Moreover, 2 algorithms also perform significantly better than the current state-of-the-art EULA analysis method. Based on these results, we present a novel tool that can be used to prevent the installation of spyware.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130524084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: