Chadha et al. proposed a group key scheme for wireless sensor networks via local collaboration. A group key was derived from base station's broadcast message and a node's secret. However, there is no authentication in the group key scheme. It is essential to share a reliable group key among the entire nodes even though it results in a little overhead.
{"title":"Authenticated Group Key Distribution for Unreliable Sensor Networks","authors":"Hwaseong Lee, Y. H. Kim, Dong Hoon Lee","doi":"10.1109/ISA.2008.54","DOIUrl":"https://doi.org/10.1109/ISA.2008.54","url":null,"abstract":"Chadha et al. proposed a group key scheme for wireless sensor networks via local collaboration. A group key was derived from base station's broadcast message and a node's secret. However, there is no authentication in the group key scheme. It is essential to share a reliable group key among the entire nodes even though it results in a little overhead.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123093800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article focuses on cryptographic key management systems (KMS) for SCADA systems environments. It first gives a generic view on the constraints, requirements and desired technical properties in SCADA contexts. Then, the most widespread solutions are presented, before discussing how they meet such conditions. The work done by different initiatives on this issue is also introduced. Finally, perspectives and research directions are proposed in consequence. The article aims at presenting open issues on the area, to foster discussion and research, according to the authors' view.
{"title":"Cryptographic Key Management for SCADA Systems-Issues and Perspectives","authors":"L. Piètre-Cambacédès, P. Sitbon","doi":"10.1109/ISA.2008.77","DOIUrl":"https://doi.org/10.1109/ISA.2008.77","url":null,"abstract":"This article focuses on cryptographic key management systems (KMS) for SCADA systems environments. It first gives a generic view on the constraints, requirements and desired technical properties in SCADA contexts. Then, the most widespread solutions are presented, before discussing how they meet such conditions. The work done by different initiatives on this issue is also introduced. Finally, perspectives and research directions are proposed in consequence. The article aims at presenting open issues on the area, to foster discussion and research, according to the authors' view.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130759983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The upcoming high-speed networks are expected to support a wide variety of real-time multimedia applications. However, the current Internet architecture offers mainly best-effort service and does not meet the requirements of future integrated services networks that will require guarantee for transferring heterogeneous data. There are many parameters involve in improving the performance of a computer network such as reliability, delay, jitter, bandwidth, etc. These parameters together determine the Quality of Service (QoS). The requirements of the above parameters will vary from one application to another application. Applications like file transfer, remote login, etc., will require high reliability. But, applications like audio, video, etc., will require low reliability, because they can tolerate errors. The objectives of this paper are to propose a technique to store the results of a data transfer in binary based on the above parameters, to compare the expected requirements with the actual requirements, to show performance degradation and to suggest ideas to minimize differences between expected requirements and actual requirements. Ultimately, the outcome of this paper will give better results to improve the performance of the network.
{"title":"A Contemporary Technique to Guarantee Quality of Service (QoS) for Heterogeneous Data Traffic","authors":"P. Newton","doi":"10.1109/ISA.2008.14","DOIUrl":"https://doi.org/10.1109/ISA.2008.14","url":null,"abstract":"The upcoming high-speed networks are expected to support a wide variety of real-time multimedia applications. However, the current Internet architecture offers mainly best-effort service and does not meet the requirements of future integrated services networks that will require guarantee for transferring heterogeneous data. There are many parameters involve in improving the performance of a computer network such as reliability, delay, jitter, bandwidth, etc. These parameters together determine the Quality of Service (QoS). The requirements of the above parameters will vary from one application to another application. Applications like file transfer, remote login, etc., will require high reliability. But, applications like audio, video, etc., will require low reliability, because they can tolerate errors. The objectives of this paper are to propose a technique to store the results of a data transfer in binary based on the above parameters, to compare the expected requirements with the actual requirements, to show performance degradation and to suggest ideas to minimize differences between expected requirements and actual requirements. Ultimately, the outcome of this paper will give better results to improve the performance of the network.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"189 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132575557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Proxy mobile IPv6 has been proposed to enable a network-based mobility support which does not require a mobile host to be involved in mobility signaling. In the Proxy mobile IPv6 specification, an authentication procedure is required as an initial part of registration for network access. However, the current specification does not provide the authentication procedure explicitly. Thus, in this paper, we propose authentication methods classified based on security level. Due to the limited resource of wireless networks, we analyze authentication traffic in terms of cost. The presented performance evaluation results demonstrate the impacts of each authentication method.
{"title":"A Traffic Analysis of Authentication Methods for Proxy Mobile IPv6","authors":"Jong‐Hyouk Lee, Tai M. Chung","doi":"10.1109/ISA.2008.75","DOIUrl":"https://doi.org/10.1109/ISA.2008.75","url":null,"abstract":"Proxy mobile IPv6 has been proposed to enable a network-based mobility support which does not require a mobile host to be involved in mobility signaling. In the Proxy mobile IPv6 specification, an authentication procedure is required as an initial part of registration for network access. However, the current specification does not provide the authentication procedure explicitly. Thus, in this paper, we propose authentication methods classified based on security level. Due to the limited resource of wireless networks, we analyze authentication traffic in terms of cost. The presented performance evaluation results demonstrate the impacts of each authentication method.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"231 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132246791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yong-Hun Kim, Taek-Young Youn, Young-Ho Park, Seokhie Hong
Three-party password-authenticated key exchange protocol is a cryptographic tool that allows two clients to share a common session key using different passwords by the help of a trusted server. In a three-party key exchange protocol, the server should charge some cost to participate in an execution of the protocol between two clients, and the cost can be heavy burden on the server when many users want to establish a session key. In this paper, we propose a smart card-based three-party key exchange protocol which permits two clients to establish a common session key without the server's aid.
{"title":"Smart Card-Based Three-Party Key Exchange without Server's Assisitance","authors":"Yong-Hun Kim, Taek-Young Youn, Young-Ho Park, Seokhie Hong","doi":"10.1109/ISA.2008.65","DOIUrl":"https://doi.org/10.1109/ISA.2008.65","url":null,"abstract":"Three-party password-authenticated key exchange protocol is a cryptographic tool that allows two clients to share a common session key using different passwords by the help of a trusted server. In a three-party key exchange protocol, the server should charge some cost to participate in an execution of the protocol between two clients, and the cost can be heavy burden on the server when many users want to establish a session key. In this paper, we propose a smart card-based three-party key exchange protocol which permits two clients to establish a common session key without the server's aid.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123882346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Choi, Antonio Savoldi, P. Gubian, Seokhee Lee, Sangjin Lee
The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.
{"title":"Live Forensic Analysis of a Compromised Linux System Using LECT (Linux Evidence Collection Tool)","authors":"J. Choi, Antonio Savoldi, P. Gubian, Seokhee Lee, Sangjin Lee","doi":"10.1109/ISA.2008.41","DOIUrl":"https://doi.org/10.1109/ISA.2008.41","url":null,"abstract":"The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129938348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The position of user or object is important context to provide the user with the user-oriented services. To position the user or object, we propose the autonomous positioning technique in this paper. In the autonomous positioning technique, the acceleration and the moving direction are used to position the user or the moving object. The moving length is calculated from the acceleration. And the calculated moving length and the direction is used to calculate new position of user or object. To show that the autonomous positioning technique is effective and useful, we implement the positioning device which uses the autonomous positioning technique. From the prototype implemented, we know that the proposed positioning is useful.
{"title":"Positioning using Acceleration and Moving Direction","authors":"Bongeun Gu, Yun-Seol Kwak","doi":"10.1109/ISA.2008.97","DOIUrl":"https://doi.org/10.1109/ISA.2008.97","url":null,"abstract":"The position of user or object is important context to provide the user with the user-oriented services. To position the user or object, we propose the autonomous positioning technique in this paper. In the autonomous positioning technique, the acceleration and the moving direction are used to position the user or the moving object. The moving length is calculated from the acceleration. And the calculated moving length and the direction is used to calculate new position of user or object. To show that the autonomous positioning technique is effective and useful, we implement the positioning device which uses the autonomous positioning technique. From the prototype implemented, we know that the proposed positioning is useful.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117227323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al. 's scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al. 's scheme and makes it more efficient in computation and communication.
{"title":"Cryptanalysis and Improvement on a Digital Signature Scheme without using One-way Hash and Message Redundancy","authors":"Jie Liu, Jianhua Li","doi":"10.1109/ISA.2008.37","DOIUrl":"https://doi.org/10.1109/ISA.2008.37","url":null,"abstract":"Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al. 's scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al. 's scheme and makes it more efficient in computation and communication.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"8 28","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120935885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In a true ubiquitous world, RFID tags will be available in everything, everywhere, and at all times. However, since those tags are bounded with constraints, with no foolproof method to manage the changing hands of the same-tagged item, there is no assurance of privacy and security in passive tags. Yet there are several vender specific solutions but none of them comprehensively solve the security risks and privacy threats arise in the domain of product lifecycle. Thus, there is a need to recognize a standard solution at least for a specific domain. Therefore we proposed the POP Method that comprehensively solves the problems arising in the domain of product lifecycle. In this paper, we compare and contrast the available major solutions against the POP method. We first provide evaluation criteria, and then we survey major proposed solutions, including ours. Next, we present the evaluation results addressing the security and privacy together with the functional aspects. Finally, we conclude the paper by realizing the best available solution for the product lifecycle with passive tags.
{"title":"A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions","authors":"K. Koralalage, Jingde Cheng","doi":"10.1109/ISA.2008.89","DOIUrl":"https://doi.org/10.1109/ISA.2008.89","url":null,"abstract":"In a true ubiquitous world, RFID tags will be available in everything, everywhere, and at all times. However, since those tags are bounded with constraints, with no foolproof method to manage the changing hands of the same-tagged item, there is no assurance of privacy and security in passive tags. Yet there are several vender specific solutions but none of them comprehensively solve the security risks and privacy threats arise in the domain of product lifecycle. Thus, there is a need to recognize a standard solution at least for a specific domain. Therefore we proposed the POP Method that comprehensively solves the problems arising in the domain of product lifecycle. In this paper, we compare and contrast the available major solutions against the POP method. We first provide evaluation criteria, and then we survey major proposed solutions, including ours. Next, we present the evaluation results addressing the security and privacy together with the functional aspects. Finally, we conclude the paper by realizing the best available solution for the product lifecycle with passive tags.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115420348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.
在普及计算中,嵌入式系统和企业系统都有可能受到黑客攻击,包括零日攻击。特别是,在黑客获得根权限的情况下,损害是显著的。为了解决这个问题,Security-Enhanced Linux (SELinux)非常有用。但是,SELinux有一个问题,由于过于细粒度的访问控制,配置非常复杂。作为解决这个问题的方法,SELinux策略编辑器(SEEdit)已经被开发出来;这是一个简化SELinux配置的工具。SEEdit使用SPDL (Simplified Policy Description Language)作为策略描述语言。在SPDL中,我们定义了新的访问权限,它集成了SELinux中使用的访问向量权限(avp),以在安全策略中提供访问权限。因此,我们提出了一组访问权限,称为集成访问权限(IAPs),它可以在SELinux中减少配置工作负载和保证安全性之间实现良好的平衡。此外,我们评估了我们的iap并证明它们几乎是安全的。
{"title":"Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission","authors":"T. Yamaguchi, T. Tabata, Y. Nakamura","doi":"10.1109/ISA.2008.21","DOIUrl":"https://doi.org/10.1109/ISA.2008.21","url":null,"abstract":"In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130899200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}