This paper provides a roadmap for developing security-critical projects using rational unified process as a framework for development. The security quality requirements engineering (SQUARE) methodology provides a way to address security issues early in the development lifecycle. SQUARE can be more effective when it fits into an organization's existing development process. Hence this paper describes a way to fit the SQUARE methodology into the rational unified process.
{"title":"Incorporating Security Requirements Engineering into the Rational Unified Process","authors":"N. Mead, V. Viswanathan, J. Zhan","doi":"10.1109/ISA.2008.19","DOIUrl":"https://doi.org/10.1109/ISA.2008.19","url":null,"abstract":"This paper provides a roadmap for developing security-critical projects using rational unified process as a framework for development. The security quality requirements engineering (SQUARE) methodology provides a way to address security issues early in the development lifecycle. SQUARE can be more effective when it fits into an organization's existing development process. Hence this paper describes a way to fit the SQUARE methodology into the rational unified process.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1039 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131553030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we propose a method to enhance the security of Abdalla and Reyzin 's forward-secure signature scheme, by producing a backward-secure detection. In the proposed scheme, we embedded the hash-chain into the forward-secure signature scheme. It achieves not only forward-security but also backward-security for the digital signature.
{"title":"A Forward-Secure Signature with Backward-Secure Detection","authors":"Dai-Rui Lin, Chih-I Wang","doi":"10.1109/ISA.2008.79","DOIUrl":"https://doi.org/10.1109/ISA.2008.79","url":null,"abstract":"In this paper, we propose a method to enhance the security of Abdalla and Reyzin 's forward-secure signature scheme, by producing a backward-secure detection. In the proposed scheme, we embedded the hash-chain into the forward-secure signature scheme. It achieves not only forward-security but also backward-security for the digital signature.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123960042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, remote user authentication schemes using smart cards has been researched to provide user privacy because of increasing interest and demands. Previously, provided authentication schemes were only concerned about providing user privacy against outside attackers, but the scheme, which guarantees user privacy against both a remote server and outside attackers, has been recently demanded because the user's information has leaked out through the service providers. When the remote server perceives a user doing a malicious act, the server should be able to trace the malicious user by receiving help from a trust agency. In this paper, we suggest a scheme which not only guarantees user privacy against both a remote server and outside attackers, but also provides traceable anonymity authentication.
{"title":"Anonymous and Traceable Authentication Scheme using Smart Cards","authors":"Seil Kim, H. Rhee, J. Chun, Dong Hoon Lee","doi":"10.1109/ISA.2008.52","DOIUrl":"https://doi.org/10.1109/ISA.2008.52","url":null,"abstract":"Recently, remote user authentication schemes using smart cards has been researched to provide user privacy because of increasing interest and demands. Previously, provided authentication schemes were only concerned about providing user privacy against outside attackers, but the scheme, which guarantees user privacy against both a remote server and outside attackers, has been recently demanded because the user's information has leaked out through the service providers. When the remote server perceives a user doing a malicious act, the server should be able to trace the malicious user by receiving help from a trust agency. In this paper, we suggest a scheme which not only guarantees user privacy against both a remote server and outside attackers, but also provides traceable anonymity authentication.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"29 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128973861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network intrusion detection system serves as a second line of defense to intrusion prevention. Anomaly detection approach is important in order to detect new attacks. Outlier detection scheme is one of the most successful anomaly detection approaches. In this paper, we propose a novel outlier detection scheme based on cost-distribution to detect anomaly behavior in network intrusion detection. We evaluate the capability of this new approach with the data set from KDD Cup 1999 data mining competition. The results indicate that the cost-distribution based scheme outperforms current outlier anomaly detection approaches in the capability to detect attacks and low false alarm rate.
{"title":"A Novel Outlier Detection Scheme for Network Intrusion Detection Systems","authors":"K. Prakobphol, J. Zhan","doi":"10.1109/ISA.2008.26","DOIUrl":"https://doi.org/10.1109/ISA.2008.26","url":null,"abstract":"Network intrusion detection system serves as a second line of defense to intrusion prevention. Anomaly detection approach is important in order to detect new attacks. Outlier detection scheme is one of the most successful anomaly detection approaches. In this paper, we propose a novel outlier detection scheme based on cost-distribution to detect anomaly behavior in network intrusion detection. We evaluate the capability of this new approach with the data set from KDD Cup 1999 data mining competition. The results indicate that the cost-distribution based scheme outperforms current outlier anomaly detection approaches in the capability to detect attacks and low false alarm rate.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129195659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
International software providers have entered China market in recent years. One typical example is MSN. As an indigenous IT products, QQ provides almost the same functions as MSN and competes with MSN for years. Market survey indicates that QQ dominates the local instance message market. Why QQ could win the battle with MSN in China market? In this paper, we investigate the detailed designs of MSN vs. QQ, focusing in particular on their privacy protection. We find that, in general, users' privacy concern level is low in China. Users show inclination to be connected with strangers in virtual community. They may trade off certain level of privacy protection to gain the chance of visiting by strangers. Moreover, in the position of control could mitigate users' privacy concern. Indigenous IT products, such as QQ, understand and leverage users' behavior. By lowering privacy protection and providing various control tools, QQ successfully caters to the need of young generation in China, which is main Internet users in China. Such results shed light on how to survive in China market for international IT product providers.
{"title":"Why MSN Lost to QQ in China Market? Different Privacy Protection Design","authors":"Z. Meng, Meiyun Zuo","doi":"10.1109/ISA.2008.66","DOIUrl":"https://doi.org/10.1109/ISA.2008.66","url":null,"abstract":"International software providers have entered China market in recent years. One typical example is MSN. As an indigenous IT products, QQ provides almost the same functions as MSN and competes with MSN for years. Market survey indicates that QQ dominates the local instance message market. Why QQ could win the battle with MSN in China market? In this paper, we investigate the detailed designs of MSN vs. QQ, focusing in particular on their privacy protection. We find that, in general, users' privacy concern level is low in China. Users show inclination to be connected with strangers in virtual community. They may trade off certain level of privacy protection to gain the chance of visiting by strangers. Moreover, in the position of control could mitigate users' privacy concern. Indigenous IT products, such as QQ, understand and leverage users' behavior. By lowering privacy protection and providing various control tools, QQ successfully caters to the need of young generation in China, which is main Internet users in China. Such results shed light on how to survive in China market for international IT product providers.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114524801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security development project planning is a tricky task because a security manager is not sure about what combination of effective safeguards should be implemented to prevent threats from occurring and damaging future business continuity. Such the decision making problem is necessarily accompanied with investment constraints (e.g. limited budget, positive return requirement, implementation advices). Thus, it is not easy to justify a security investment plan having the several constraints. In this paper, we model the constraints and formulate the decision making problem to find the best solution by using Integer Programming.
{"title":"Maximizing Return on Security Safeguard Investment with Constraint Satisfaction","authors":"Taek Lee, Do-Hoon Kim, H. In","doi":"10.1109/ISA.2008.59","DOIUrl":"https://doi.org/10.1109/ISA.2008.59","url":null,"abstract":"Security development project planning is a tricky task because a security manager is not sure about what combination of effective safeguards should be implemented to prevent threats from occurring and damaging future business continuity. Such the decision making problem is necessarily accompanied with investment constraints (e.g. limited budget, positive return requirement, implementation advices). Thus, it is not easy to justify a security investment plan having the several constraints. In this paper, we model the constraints and formulate the decision making problem to find the best solution by using Integer Programming.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115135882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The purpose of this paper is to investigate the influence of different intensity distributions on palmprint identification. A intensity adjustment function, which can overcome the shortage of intensity translation caused by unstable lighting, is used to generate intensity distributions. Experiments, which are based on the database of 98 individuals, using Gabor features and PCA features show that the performances of each experiment are varied more or less, and they perform better when the mapping weighted toward darker than the mapping weighted toward brighter. Two assumptions are considered that when the mapping weighted toward darker, palmprints have more distinction (or contrast) for individuals; and the intensity distributions have more consistency which can overcome the shortage brought by the unstable lighting. They would be validated in future work. That the Gabor features perform better than PCA features is an additional conclusion of this paper.
{"title":"Experimental Evaluation of Different Intensity Distributions for Palmprint Identification","authors":"Yanqiang Zhang, Z. Qiu, Dongmei Sun","doi":"10.1109/ISA.2008.67","DOIUrl":"https://doi.org/10.1109/ISA.2008.67","url":null,"abstract":"The purpose of this paper is to investigate the influence of different intensity distributions on palmprint identification. A intensity adjustment function, which can overcome the shortage of intensity translation caused by unstable lighting, is used to generate intensity distributions. Experiments, which are based on the database of 98 individuals, using Gabor features and PCA features show that the performances of each experiment are varied more or less, and they perform better when the mapping weighted toward darker than the mapping weighted toward brighter. Two assumptions are considered that when the mapping weighted toward darker, palmprints have more distinction (or contrast) for individuals; and the intensity distributions have more consistency which can overcome the shortage brought by the unstable lighting. They would be validated in future work. That the Gabor features perform better than PCA features is an additional conclusion of this paper.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115348618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sensor nodes are tiny, low-power, computationally limited and battery constrained electromechanical devices that are usually deployed for sensing some type of data in the field. Random key predistribution mechanisms have been proposed to provide security for wireless sensor networks. In the literature, there are well known random key predistribution schemes. Some of these schemes are secure, but quite complex to apply, while some other are easily applicable but they do not offer reasonable security. In this paper, we propose random key predistribution schemes for wireless sensor networks that provide varying ranges of security and that are easily applicable due to their simplicity. In this respect, our schemes serve as a tradeoff. Moreover, our proposed schemes show a good extensibility property. We assume prior deployment knowledge. We examine performance of our schemes and compare them with well known random key predistribution schemes.
{"title":"Simple and Flexible Random Key Predistribution Schemes for Wireless Sensor Networks Using Deployment Knowledge","authors":"S. E. Tasçi, E. Bayramoglu, A. Levi","doi":"10.1109/ISA.2008.108","DOIUrl":"https://doi.org/10.1109/ISA.2008.108","url":null,"abstract":"Sensor nodes are tiny, low-power, computationally limited and battery constrained electromechanical devices that are usually deployed for sensing some type of data in the field. Random key predistribution mechanisms have been proposed to provide security for wireless sensor networks. In the literature, there are well known random key predistribution schemes. Some of these schemes are secure, but quite complex to apply, while some other are easily applicable but they do not offer reasonable security. In this paper, we propose random key predistribution schemes for wireless sensor networks that provide varying ranges of security and that are easily applicable due to their simplicity. In this respect, our schemes serve as a tradeoff. Moreover, our proposed schemes show a good extensibility property. We assume prior deployment knowledge. We examine performance of our schemes and compare them with well known random key predistribution schemes.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127207944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In 2006, Shao et al. showed that Wang et al.'s deniable authentication protocol based on ElGamal cryptography is insecure to a person-in-the-middle attack; that is, in the whole process, the receiver cannot be aware of the existence of this adversary as well as the modification of the messages. Furthermore, they also presented a modification of Wang et al.'s protocol to overcome the security flaw. However, the current paper demonstrates that Shao et al.'s improved deniable authentication protocol is susceptible to a malicious receiver's impersonation attack. To mitigate this security breach, we propose an improved deniable authentication protocol based on ElGamal cryptography.
{"title":"Secure Deniable Authentication Protocol Based on ElGamal Cryptography","authors":"Eunjun Yoon, K. Yoo","doi":"10.1109/ISA.2008.85","DOIUrl":"https://doi.org/10.1109/ISA.2008.85","url":null,"abstract":"In 2006, Shao et al. showed that Wang et al.'s deniable authentication protocol based on ElGamal cryptography is insecure to a person-in-the-middle attack; that is, in the whole process, the receiver cannot be aware of the existence of this adversary as well as the modification of the messages. Furthermore, they also presented a modification of Wang et al.'s protocol to overcome the security flaw. However, the current paper demonstrates that Shao et al.'s improved deniable authentication protocol is susceptible to a malicious receiver's impersonation attack. To mitigate this security breach, we propose an improved deniable authentication protocol based on ElGamal cryptography.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"715 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126180416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper deals with an add-on for biometric security systems, especially for the fingerprint recognition technology. This added part of such systems is the liveness detection. Our method is based on detection of optical characteristics of the finger surface (skin). The main idea is to detect the movements of papillary lines, but some another optical information could be extracted, what is outlined at the end.
{"title":"Liveness Detection for Biometric Systems Based on Papillary Lines","authors":"M. Drahanský, Dana Lodrova","doi":"10.1109/ISA.2008.58","DOIUrl":"https://doi.org/10.1109/ISA.2008.58","url":null,"abstract":"This paper deals with an add-on for biometric security systems, especially for the fingerprint recognition technology. This added part of such systems is the liveness detection. Our method is based on detection of optical characteristics of the finger surface (skin). The main idea is to detect the movements of papillary lines, but some another optical information could be extracted, what is outlined at the end.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122526112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: