Sungju Lee, Daesung Moon, Hanna Choi, Yongwha Chung
One of the solutions to the auto-alignment problem in the fuzzy fingerprint vault exploited the idea of the geometric hashing technique. Although this solution can provide higher verification accuracy, it requires more memory space due to the large size of the hash table. In this paper, we propose an approach to reduce the size of the hash table by using the time-memory tradeoff without sacrificing the verification accuracy. That is, instead of generating the full hash table at the enrollment phase, our approach generates the enrollment hash table "on-the-fly" at the verification phase. The size of the hash table can be reduced further by selecting the basis set carefully. Based on the experimental results, we confirm that the proposed approach can reduce both the static and the dynamic memory requirements without sacrificing both the verification accuracy and the security level.
{"title":"Memory-Efficient Fuzzy Fingerprint Vault based on the Geometric Hashing","authors":"Sungju Lee, Daesung Moon, Hanna Choi, Yongwha Chung","doi":"10.1109/ISA.2008.60","DOIUrl":"https://doi.org/10.1109/ISA.2008.60","url":null,"abstract":"One of the solutions to the auto-alignment problem in the fuzzy fingerprint vault exploited the idea of the geometric hashing technique. Although this solution can provide higher verification accuracy, it requires more memory space due to the large size of the hash table. In this paper, we propose an approach to reduce the size of the hash table by using the time-memory tradeoff without sacrificing the verification accuracy. That is, instead of generating the full hash table at the enrollment phase, our approach generates the enrollment hash table \"on-the-fly\" at the verification phase. The size of the hash table can be reduced further by selecting the basis set carefully. Based on the experimental results, we confirm that the proposed approach can reduce both the static and the dynamic memory requirements without sacrificing both the verification accuracy and the security level.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133288681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Power company have been operated the automation system for relaying and supervisory controls by using public communication network. But these systems must have the strictest requirements of communication. For these reasons, there are a lot of difficulties to apply to the automation system considering the cost, location environment, and other characteristics of power lines. But, recently, the existing power line can be used as communication media by using power line communication (PLC). PLC can be adopted as a main communication means, and other wired/wireless can be adopted as second means. In order to this, the high voltage PLC have to be used as a long distance communication network. In our study, in case of accidents, we suggest the intelligent Compound Communication System for optimal roundabout routes in communication network, and verified its performance and reliability in the real test field.
{"title":"A Study on the Compound Communication Network over the High Voltage Power Line for Distribution Automation System","authors":"D. Hyun, Younghun Lee","doi":"10.1109/ISA.2008.28","DOIUrl":"https://doi.org/10.1109/ISA.2008.28","url":null,"abstract":"Power company have been operated the automation system for relaying and supervisory controls by using public communication network. But these systems must have the strictest requirements of communication. For these reasons, there are a lot of difficulties to apply to the automation system considering the cost, location environment, and other characteristics of power lines. But, recently, the existing power line can be used as communication media by using power line communication (PLC). PLC can be adopted as a main communication means, and other wired/wireless can be adopted as second means. In order to this, the high voltage PLC have to be used as a long distance communication network. In our study, in case of accidents, we suggest the intelligent Compound Communication System for optimal roundabout routes in communication network, and verified its performance and reliability in the real test field.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133688362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wormhole attack is one of the most severe threats to ad hoc networks. There have been many researches to overcome the wormhole attack. These researches, however, still have some limitations to handle wormhole attacks properly such as burden of computation, complicated steps before making up a session, and no response method. In this paper, we propose an effective wormhole attack defense method that can properly detect wormhole attacks and respond to them. Each node maintains its neighbors' information. According to the information, each node can identify replayed packet that forwarded by two attackers. We analyze the effectiveness of the proposed method and the efficiency of the approach by using traffic and memory space measure.
{"title":"An Approach to Mitigate Wormhole Attack in Wireless Ad Hoc Networks","authors":"Gunhee Lee, Dong-Kyoo Kim, Jungtaek Seo","doi":"10.1109/ISA.2008.44","DOIUrl":"https://doi.org/10.1109/ISA.2008.44","url":null,"abstract":"Wormhole attack is one of the most severe threats to ad hoc networks. There have been many researches to overcome the wormhole attack. These researches, however, still have some limitations to handle wormhole attacks properly such as burden of computation, complicated steps before making up a session, and no response method. In this paper, we propose an effective wormhole attack defense method that can properly detect wormhole attacks and respond to them. Each node maintains its neighbors' information. According to the information, each node can identify replayed packet that forwarded by two attackers. We analyze the effectiveness of the proposed method and the efficiency of the approach by using traffic and memory space measure.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126915317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a new teaching method by introducing Xen into a computer security course. To provide students with hands-on exercises in computer security course, we have designed a laboratory environment for computer security education. It is based on Xen and Linux, all of which are free. Xen provides a secure environment within which students may install, configure, and experiment with the design and test of the system security. Based on this environment, we have developed several labs, covering a wide range of security principles.
{"title":"Teaching Computer Security using Xen in a Virtual Environment","authors":"Dong Hu, Yu Yan Wang","doi":"10.1109/ISA.2008.18","DOIUrl":"https://doi.org/10.1109/ISA.2008.18","url":null,"abstract":"This paper presents a new teaching method by introducing Xen into a computer security course. To provide students with hands-on exercises in computer security course, we have designed a laboratory environment for computer security education. It is based on Xen and Linux, all of which are free. Xen provides a secure environment within which students may install, configure, and experiment with the design and test of the system security. Based on this environment, we have developed several labs, covering a wide range of security principles.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116661434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.
{"title":"An Organizational Framework for Building Secure Software","authors":"A. Hamou-Lhadj, A. Hamou-Lhadj","doi":"10.1109/ISA.2008.105","DOIUrl":"https://doi.org/10.1109/ISA.2008.105","url":null,"abstract":"In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129577863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, Wang-Chang proposed a password authentication scheme for implementing a remote access network system whose security rests in part on the difficulty of factoring a large number and discrete logarithm problem. This paper presents that Wang-Chang's smart card based password authentication scheme is insecure against two impersonation attacks and the off-line password guessing attack.
{"title":"Breaking a Smart Card based Secure Password Authentication Scheme","authors":"Eunjun Yoon, K. Yoo","doi":"10.1109/ISA.2008.86","DOIUrl":"https://doi.org/10.1109/ISA.2008.86","url":null,"abstract":"Recently, Wang-Chang proposed a password authentication scheme for implementing a remote access network system whose security rests in part on the difficulty of factoring a large number and discrete logarithm problem. This paper presents that Wang-Chang's smart card based password authentication scheme is insecure against two impersonation attacks and the off-line password guessing attack.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133945978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Considering Pervasive Computing environments and a global digital market having complex, often contradictory national and international regulations, it is impossible for rights holders to define universal Digital Rights Management (DRM) policies governing the usage of their content while still considering user rights. Exceptions are unanticipated usage situations where some rights should be waived while still maintaining a given level of persistent protection and governed usage. The industry and traditional DRM approaches haven't considered such alternatives. To tackle this issue and demonstrate the feasibility of such an approach, this paper reports and discusses a proof of concept prototype implementation based on a model [14] supporting exception management in DRM environments using credentials.
{"title":"Exception-Aware Digital Rights Management Architecture Experimentation","authors":"Jean-Henry Morin, M. Pawlak","doi":"10.1109/ISA.2008.72","DOIUrl":"https://doi.org/10.1109/ISA.2008.72","url":null,"abstract":"Considering Pervasive Computing environments and a global digital market having complex, often contradictory national and international regulations, it is impossible for rights holders to define universal Digital Rights Management (DRM) policies governing the usage of their content while still considering user rights. Exceptions are unanticipated usage situations where some rights should be waived while still maintaining a given level of persistent protection and governed usage. The industry and traditional DRM approaches haven't considered such alternatives. To tackle this issue and demonstrate the feasibility of such an approach, this paper reports and discusses a proof of concept prototype implementation based on a model [14] supporting exception management in DRM environments using credentials.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132696553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Feasibility study on implementing a strong cryptographic function for resource constrained devices such as embedded devices has been carry out over the past. These studies found that it is not efficient to run an extensive security solution to those devices. For that reason, we tense to provide a security offloading approach to minimize the computing resources involved but maximizing the security functionality. The resource constrained devices will communicate to a centralize security server which we named it CPOP before sending or receiving packets from a not trusted network entity. CPOP is a cryptography process offloading proxy which will offload the cryptography processes such as encryption, decryption and etc to provide secure communication across the network. A prototype of CPOP has been developed and performance analyses results are obtained to justify the feasibility of our approach in providing security services to embedded devices with only limited processing capabilities.
{"title":"CPOP: Cryptography Process Offloading Proxy for Resource Constrained Devices","authors":"Yu-Shu They, Seong-Yee Phang, Sanggon Lee, HoorJae Lee, Hyotaek Lim","doi":"10.1109/ISA.2008.107","DOIUrl":"https://doi.org/10.1109/ISA.2008.107","url":null,"abstract":"Feasibility study on implementing a strong cryptographic function for resource constrained devices such as embedded devices has been carry out over the past. These studies found that it is not efficient to run an extensive security solution to those devices. For that reason, we tense to provide a security offloading approach to minimize the computing resources involved but maximizing the security functionality. The resource constrained devices will communicate to a centralize security server which we named it CPOP before sending or receiving packets from a not trusted network entity. CPOP is a cryptography process offloading proxy which will offload the cryptography processes such as encryption, decryption and etc to provide secure communication across the network. A prototype of CPOP has been developed and performance analyses results are obtained to justify the feasibility of our approach in providing security services to embedded devices with only limited processing capabilities.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132335066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jingde Cheng, Y. Goto, Shoichi Morimoto, Daisuke Horie
An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.
{"title":"A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems","authors":"Jingde Cheng, Y. Goto, Shoichi Morimoto, Daisuke Horie","doi":"10.1109/ISA.2008.106","DOIUrl":"https://doi.org/10.1109/ISA.2008.106","url":null,"abstract":"An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131208321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Privacy of personal information is an area of growing concern and importance in the digital age. Privacy as an issue rises when there is a conflict of interest between its commercial value and respect for an individual's right to privacy. This lends itself to the fact this trade off is of economic value and the issue of privacy is an economic problem and hence justifies the emergence of the economics of privacy as an important discipline which is a complex interplay of regulation, technology and people dynamics and the efficiency of doing business. In this survey paper we look into the work done by eminent people on the issue of privacy and its relationship with people, technology and regulation from an economic perspective and its increasing relevance today. Privacy affects each one of us in some way that we cannot afford to ignore it and it helps to be in cognizance of what is going on around us.
{"title":"The Economics of Privacy-Privacy: People, Policy and Technology","authors":"J. Zhan, Vaidyanathan Rajamani","doi":"10.1109/ISA.2008.71","DOIUrl":"https://doi.org/10.1109/ISA.2008.71","url":null,"abstract":"Privacy of personal information is an area of growing concern and importance in the digital age. Privacy as an issue rises when there is a conflict of interest between its commercial value and respect for an individual's right to privacy. This lends itself to the fact this trade off is of economic value and the issue of privacy is an economic problem and hence justifies the emergence of the economics of privacy as an important discipline which is a complex interplay of regulation, technology and people dynamics and the efficiency of doing business. In this survey paper we look into the work done by eminent people on the issue of privacy and its relationship with people, technology and regulation from an economic perspective and its increasing relevance today. Privacy affects each one of us in some way that we cannot afford to ignore it and it helps to be in cognizance of what is going on around us.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114381913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: