RSA algorithm is a very popular public key cryptosystem which has been widely used in industries. Its security relies on the difficulty of factoring large integers. The general number field sieve (GNFS) is so far the best known algorithm for factoring large integers over 110 digits. The Montgomery's block Lanczos method from Linbox is for solving large and sparse linear systems over finite fields and it can be integrated into GNFS algorithm. This paper introduces an improved Montgomery block Lanczos method, based on the version developed in Linbox, integrated with our previously developed parallel GNFS algorithm. This method has a better performance comparing with the original one, can find more solutions or dependencies than the original one with less time complexities. Implementation details and experimental results will be provided as well in the paper as well.
{"title":"A Parallel GNFS Algorithm with the Improved Linbox Montgomery Block Lanczos Method for Integer Factorization","authors":"L. Tianruo Yang, Li Xu, Jong Hyuk Park","doi":"10.1109/ISA.2008.113","DOIUrl":"https://doi.org/10.1109/ISA.2008.113","url":null,"abstract":"RSA algorithm is a very popular public key cryptosystem which has been widely used in industries. Its security relies on the difficulty of factoring large integers. The general number field sieve (GNFS) is so far the best known algorithm for factoring large integers over 110 digits. The Montgomery's block Lanczos method from Linbox is for solving large and sparse linear systems over finite fields and it can be integrated into GNFS algorithm. This paper introduces an improved Montgomery block Lanczos method, based on the version developed in Linbox, integrated with our previously developed parallel GNFS algorithm. This method has a better performance comparing with the original one, can find more solutions or dependencies than the original one with less time complexities. Implementation details and experimental results will be provided as well in the paper as well.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129771784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the E-commerce era, recommender system is introduced to share customer experience and comments. At the same time, there is a need for E-commerce entities to join their recommender system databases to enhance the reliability toward prospective customers and also to maximize the precision of target marketing. However, there will be a privacy disclosure hazard while joining recommender system databases. In order to preserve privacy in merging recommender system databases, we design a novel algorithm based on ElGamal scheme of homomorphic encryption.
{"title":"Preserving Privacy in Joining Recommender Systems","authors":"C.-L.A. Hsieh, J. Zhan, D. Zeng, Feiyue Wang","doi":"10.1109/ISA.2008.101","DOIUrl":"https://doi.org/10.1109/ISA.2008.101","url":null,"abstract":"In the E-commerce era, recommender system is introduced to share customer experience and comments. At the same time, there is a need for E-commerce entities to join their recommender system databases to enhance the reliability toward prospective customers and also to maximize the precision of target marketing. However, there will be a privacy disclosure hazard while joining recommender system databases. In order to preserve privacy in merging recommender system databases, we design a novel algorithm based on ElGamal scheme of homomorphic encryption.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131366087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a new teaching method by introducing Xen into a computer security course. To provide students with hands-on exercises in computer security course, we have designed a laboratory environment for computer security education. It is based on Xen and Linux, all of which are free. Xen provides a secure environment within which students may install, configure, and experiment with the design and test of the system security. Based on this environment, we have developed several labs, covering a wide range of security principles.
{"title":"Teaching Computer Security using Xen in a Virtual Environment","authors":"Dong Hu, Yu Yan Wang","doi":"10.1109/ISA.2008.18","DOIUrl":"https://doi.org/10.1109/ISA.2008.18","url":null,"abstract":"This paper presents a new teaching method by introducing Xen into a computer security course. To provide students with hands-on exercises in computer security course, we have designed a laboratory environment for computer security education. It is based on Xen and Linux, all of which are free. Xen provides a secure environment within which students may install, configure, and experiment with the design and test of the system security. Based on this environment, we have developed several labs, covering a wide range of security principles.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116661434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.
{"title":"An Organizational Framework for Building Secure Software","authors":"A. Hamou-Lhadj, A. Hamou-Lhadj","doi":"10.1109/ISA.2008.105","DOIUrl":"https://doi.org/10.1109/ISA.2008.105","url":null,"abstract":"In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129577863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wormhole attack is one of the most severe threats to ad hoc networks. There have been many researches to overcome the wormhole attack. These researches, however, still have some limitations to handle wormhole attacks properly such as burden of computation, complicated steps before making up a session, and no response method. In this paper, we propose an effective wormhole attack defense method that can properly detect wormhole attacks and respond to them. Each node maintains its neighbors' information. According to the information, each node can identify replayed packet that forwarded by two attackers. We analyze the effectiveness of the proposed method and the efficiency of the approach by using traffic and memory space measure.
{"title":"An Approach to Mitigate Wormhole Attack in Wireless Ad Hoc Networks","authors":"Gunhee Lee, Dong-Kyoo Kim, Jungtaek Seo","doi":"10.1109/ISA.2008.44","DOIUrl":"https://doi.org/10.1109/ISA.2008.44","url":null,"abstract":"Wormhole attack is one of the most severe threats to ad hoc networks. There have been many researches to overcome the wormhole attack. These researches, however, still have some limitations to handle wormhole attacks properly such as burden of computation, complicated steps before making up a session, and no response method. In this paper, we propose an effective wormhole attack defense method that can properly detect wormhole attacks and respond to them. Each node maintains its neighbors' information. According to the information, each node can identify replayed packet that forwarded by two attackers. We analyze the effectiveness of the proposed method and the efficiency of the approach by using traffic and memory space measure.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126915317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jingde Cheng, Y. Goto, Shoichi Morimoto, Daisuke Horie
An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.
{"title":"A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems","authors":"Jingde Cheng, Y. Goto, Shoichi Morimoto, Daisuke Horie","doi":"10.1109/ISA.2008.106","DOIUrl":"https://doi.org/10.1109/ISA.2008.106","url":null,"abstract":"An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131208321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Considering Pervasive Computing environments and a global digital market having complex, often contradictory national and international regulations, it is impossible for rights holders to define universal Digital Rights Management (DRM) policies governing the usage of their content while still considering user rights. Exceptions are unanticipated usage situations where some rights should be waived while still maintaining a given level of persistent protection and governed usage. The industry and traditional DRM approaches haven't considered such alternatives. To tackle this issue and demonstrate the feasibility of such an approach, this paper reports and discusses a proof of concept prototype implementation based on a model [14] supporting exception management in DRM environments using credentials.
{"title":"Exception-Aware Digital Rights Management Architecture Experimentation","authors":"Jean-Henry Morin, M. Pawlak","doi":"10.1109/ISA.2008.72","DOIUrl":"https://doi.org/10.1109/ISA.2008.72","url":null,"abstract":"Considering Pervasive Computing environments and a global digital market having complex, often contradictory national and international regulations, it is impossible for rights holders to define universal Digital Rights Management (DRM) policies governing the usage of their content while still considering user rights. Exceptions are unanticipated usage situations where some rights should be waived while still maintaining a given level of persistent protection and governed usage. The industry and traditional DRM approaches haven't considered such alternatives. To tackle this issue and demonstrate the feasibility of such an approach, this paper reports and discusses a proof of concept prototype implementation based on a model [14] supporting exception management in DRM environments using credentials.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132696553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, Wang-Chang proposed a password authentication scheme for implementing a remote access network system whose security rests in part on the difficulty of factoring a large number and discrete logarithm problem. This paper presents that Wang-Chang's smart card based password authentication scheme is insecure against two impersonation attacks and the off-line password guessing attack.
{"title":"Breaking a Smart Card based Secure Password Authentication Scheme","authors":"Eunjun Yoon, K. Yoo","doi":"10.1109/ISA.2008.86","DOIUrl":"https://doi.org/10.1109/ISA.2008.86","url":null,"abstract":"Recently, Wang-Chang proposed a password authentication scheme for implementing a remote access network system whose security rests in part on the difficulty of factoring a large number and discrete logarithm problem. This paper presents that Wang-Chang's smart card based password authentication scheme is insecure against two impersonation attacks and the off-line password guessing attack.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"302 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133945978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Feasibility study on implementing a strong cryptographic function for resource constrained devices such as embedded devices has been carry out over the past. These studies found that it is not efficient to run an extensive security solution to those devices. For that reason, we tense to provide a security offloading approach to minimize the computing resources involved but maximizing the security functionality. The resource constrained devices will communicate to a centralize security server which we named it CPOP before sending or receiving packets from a not trusted network entity. CPOP is a cryptography process offloading proxy which will offload the cryptography processes such as encryption, decryption and etc to provide secure communication across the network. A prototype of CPOP has been developed and performance analyses results are obtained to justify the feasibility of our approach in providing security services to embedded devices with only limited processing capabilities.
{"title":"CPOP: Cryptography Process Offloading Proxy for Resource Constrained Devices","authors":"Yu-Shu They, Seong-Yee Phang, Sanggon Lee, HoorJae Lee, Hyotaek Lim","doi":"10.1109/ISA.2008.107","DOIUrl":"https://doi.org/10.1109/ISA.2008.107","url":null,"abstract":"Feasibility study on implementing a strong cryptographic function for resource constrained devices such as embedded devices has been carry out over the past. These studies found that it is not efficient to run an extensive security solution to those devices. For that reason, we tense to provide a security offloading approach to minimize the computing resources involved but maximizing the security functionality. The resource constrained devices will communicate to a centralize security server which we named it CPOP before sending or receiving packets from a not trusted network entity. CPOP is a cryptography process offloading proxy which will offload the cryptography processes such as encryption, decryption and etc to provide secure communication across the network. A prototype of CPOP has been developed and performance analyses results are obtained to justify the feasibility of our approach in providing security services to embedded devices with only limited processing capabilities.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132335066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Most cyber-attacks are not single attack actions. They are multi-step attacks composed by a set of attack actions. Although techniques used by attackers can be diverse, attack patterns are generally finite. So we need to find attack steps that are correlated in an attack scenario. By studying the patterns of multi-step cyber attacks, an algorithm is presented for correlating multi-step cyber attacks and constructing attack scenario system based on modeling multi-step cyber attacks. When alerts appear, the algorithm turns them into corresponding attack models based on the knowledge base and correlates them, whether alert or not is based on the weighted cost in the attack path graph and the attack degree of the corresponding host. And attack scenarios can be constructed by correlating the attack path graphs. Moreover, the model can detect intrusion alerts in real time and revise the attack scenarios. Experiments on the DARPA IDS test dataset show the validity of the algorithm.
{"title":"Correlating Multi-Step Attack and Constructing Attack Scenarios Based on Attack Pattern Modeling","authors":"Zhijie Liu, C. Wang, Shifu Chen","doi":"10.1109/ISA.2008.11","DOIUrl":"https://doi.org/10.1109/ISA.2008.11","url":null,"abstract":"Most cyber-attacks are not single attack actions. They are multi-step attacks composed by a set of attack actions. Although techniques used by attackers can be diverse, attack patterns are generally finite. So we need to find attack steps that are correlated in an attack scenario. By studying the patterns of multi-step cyber attacks, an algorithm is presented for correlating multi-step cyber attacks and constructing attack scenario system based on modeling multi-step cyber attacks. When alerts appear, the algorithm turns them into corresponding attack models based on the knowledge base and correlates them, whether alert or not is based on the weighted cost in the attack path graph and the attack degree of the corresponding host. And attack scenarios can be constructed by correlating the attack path graphs. Moreover, the model can detect intrusion alerts in real time and revise the attack scenarios. Experiments on the DARPA IDS test dataset show the validity of the algorithm.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125473064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: