Many websites on the internet are based on database, especially websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the internet. Different from many protection systems deployed between web servers and internet, this article designed a database protection system between web server and database server. It parses network and database protocol of the packets passing through, and extracts the SQL statements, then analyzes and filters the SQL statements, so it protects the database effectively on the application layer and its effectiveness is independent of any particular target system, application environment, or DBMS. Even there is no need to modify the source code of existing web applications. This system has been carried out in application and has good effect.
{"title":"A Database Protection System Aiming at SQL Attack","authors":"Liwu Deng, Ruzhi Xu, Lizheng Jiang, Guangjuan Lv","doi":"10.1109/IAS.2009.322","DOIUrl":"https://doi.org/10.1109/IAS.2009.322","url":null,"abstract":"Many websites on the internet are based on database, especially websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the internet. Different from many protection systems deployed between web servers and internet, this article designed a database protection system between web server and database server. It parses network and database protocol of the packets passing through, and extracts the SQL statements, then analyzes and filters the SQL statements, so it protects the database effectively on the application layer and its effectiveness is independent of any particular target system, application environment, or DBMS. Even there is no need to modify the source code of existing web applications. This system has been carried out in application and has good effect.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122286992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid increase in using mobile communication networks for transmitting confidential data and conducting commercial transactions such as mobile e-commerce is creating large demands in designing secure mobile business systems. However, the mobile devices and mobile communication network have some weakness. It can cause some problems using traditional VPN technologies in mobile computing environments immediately. Currently, mobile users’ authentication in IKE is being done using certificates or PSK with aggressive mode commonly. They have serious security related issues (for PSK with aggressive mode) and need high deployment and maintain cost (for certificates). In this paper, we propose a new approach that is based on PSK where the IKE negotiation phase is modified for using in mobile computing environments. The modified IKE consists of four messages, and the responder doesn’t need to store any state while receiving message 1. It uses strong cookies and pre-calculated DHpp stack, etc technologies to counter IP flooding attacks and Man-in-the-Middle DoS attacks, because it does not require the responder to perform heavy computations before the initiator has authenticated itself. Otherwise, for one mobile user, it has a group of PSKs to be random selected, and the initiator and responder exchange identity info and agree on PSK with Hash (PSK-ID|IDi) or Hash (PSK-ID|IDr) info. Therefore, it provides the initiator and responder’s identity protection and prevention of passive dictionary based attacks on pre-shared keys.
随着使用移动通信网络传输机密数据和进行移动电子商务等商业交易的迅速增加,对设计安全的移动商务系统提出了很大的要求。然而,移动设备和移动通信网络存在一些弱点。在移动计算环境中使用传统VPN技术会立即引起一些问题。目前,移动用户在IKE中的身份验证通常采用证书或具有野蛮模式的PSK进行。它们有严重的安全相关问题(对于具有攻击模式的PSK),并且需要很高的部署和维护成本(对于证书)。在本文中,我们提出了一种基于PSK的新方法,其中修改了IKE协商阶段以用于移动计算环境。修改后的IKE由四条消息组成,响应方在接收消息1时不需要存储任何状态。它使用强大的cookie和预计算的DHpp堆栈等技术来对抗IP洪水攻击和中间人DoS攻击,因为它不需要响应者在发起者验证自己之前执行大量的计算。否则,对于一个移动用户,它有一组随机选择的PSK,发起者和响应者通过Hash (PSK- id |IDi)或Hash (PSK- id |IDr) info交换身份信息并对PSK达成一致。因此,它提供了发起者和响应者的身份保护和防止基于被动字典的预共享密钥攻击。
{"title":"The Improving of IKE with PSK for Using in Mobile Computing Environments","authors":"Dingguo Yu, Nan Chen","doi":"10.1109/IAS.2009.117","DOIUrl":"https://doi.org/10.1109/IAS.2009.117","url":null,"abstract":"The rapid increase in using mobile communication networks for transmitting confidential data and conducting commercial transactions such as mobile e-commerce is creating large demands in designing secure mobile business systems. However, the mobile devices and mobile communication network have some weakness. It can cause some problems using traditional VPN technologies in mobile computing environments immediately. Currently, mobile users’ authentication in IKE is being done using certificates or PSK with aggressive mode commonly. They have serious security related issues (for PSK with aggressive mode) and need high deployment and maintain cost (for certificates). In this paper, we propose a new approach that is based on PSK where the IKE negotiation phase is modified for using in mobile computing environments. The modified IKE consists of four messages, and the responder doesn’t need to store any state while receiving message 1. It uses strong cookies and pre-calculated DHpp stack, etc technologies to counter IP flooding attacks and Man-in-the-Middle DoS attacks, because it does not require the responder to perform heavy computations before the initiator has authenticated itself. Otherwise, for one mobile user, it has a group of PSKs to be random selected, and the initiator and responder exchange identity info and agree on PSK with Hash (PSK-ID|IDi) or Hash (PSK-ID|IDr) info. Therefore, it provides the initiator and responder’s identity protection and prevention of passive dictionary based attacks on pre-shared keys.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114068956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Among so much embedded image coding algorithms, the SPECK algorithm gains more and more applications for it’s special features. But considering some disadvantages, An improved SPECK algorithm is presented in this dissertation, Besides the high coding efficiency, the improved algorithm preserves the properties of the SPECK. The experimental results show that the coding efficiency can be further improved and the computational complexity can be lowered by the improved SPECK algorithm.
{"title":"An Improved SPECK Image Coding Algorithm","authors":"Baojun Han, Yan Liu","doi":"10.1109/IAS.2009.201","DOIUrl":"https://doi.org/10.1109/IAS.2009.201","url":null,"abstract":"Among so much embedded image coding algorithms, the SPECK algorithm gains more and more applications for it’s special features. But considering some disadvantages, An improved SPECK algorithm is presented in this dissertation, Besides the high coding efficiency, the improved algorithm preserves the properties of the SPECK. The experimental results show that the coding efficiency can be further improved and the computational complexity can be lowered by the improved SPECK algorithm.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115948196","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, a parametrization of two-dimensional wavelet filter system is used as a method to protect wavelet-based watermarks against unauthorized detection. This system is developed in terms of a novel transformation-Shift Unitary transform (SUT) of Conjugate Quadrature filter (CQF). The commonly used wavelet filters are only special cases of this system. Based on this system, a watermarking scheme is described to embed watermark into low frequency sub-bands of wavelet transformation. We overcome degradation problem by performing median filtering to the lowest frequency sub-band of wavelet transform and embed watermark into visually insensitive locations. Experiments show this method is robust to compression,median-filtering etc.
{"title":"A Watermarking Scheme Based on Two-dimensional Wavelet Filter Parametrization","authors":"Guosheng Cheng, Jianwei Yang","doi":"10.1109/IAS.2009.136","DOIUrl":"https://doi.org/10.1109/IAS.2009.136","url":null,"abstract":"In this paper, a parametrization of two-dimensional wavelet filter system is used as a method to protect wavelet-based watermarks against unauthorized detection. This system is developed in terms of a novel transformation-Shift Unitary transform (SUT) of Conjugate Quadrature filter (CQF). The commonly used wavelet filters are only special cases of this system. Based on this system, a watermarking scheme is described to embed watermark into low frequency sub-bands of wavelet transformation. We overcome degradation problem by performing median filtering to the lowest frequency sub-band of wavelet transform and embed watermark into visually insensitive locations. Experiments show this method is robust to compression,median-filtering etc.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"456 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121170488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kerberos protocol is a famous identity authentication protocol and it is widely used in the network as a standard. But there is still not a strict proof of it base on the Formal method. That is very nervous for the users. So a security analysis of the Kerberos protocol using BAN logic is proposed in this paper, and the reliability, practicability and security of Kerberos protocol are proved.
{"title":"Security Analysis of the Kerberos Protocol Using BAN Logic","authors":"K. Fan, Hui Li, Yue Wang","doi":"10.1109/IAS.2009.320","DOIUrl":"https://doi.org/10.1109/IAS.2009.320","url":null,"abstract":"Kerberos protocol is a famous identity authentication protocol and it is widely used in the network as a standard. But there is still not a strict proof of it base on the Formal method. That is very nervous for the users. So a security analysis of the Kerberos protocol using BAN logic is proposed in this paper, and the reliability, practicability and security of Kerberos protocol are proved.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121659858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this article, we proposed an intrusion prevention system, named Cumulative-Sum-based Intrusion Prevention System (CSIPS) which detects malicious behaviors, attacks and distributed attacks launched to remote clients and local hosts based on the Cumulative Sum (CUSUM) algorithm. Experimental results show that CSIPSs in a united defense environment can carry out a higher security level for the environment.
{"title":"Detecting DoS and DDoS Attacks by Using an Intrusion Detection and Remote Prevention System","authors":"Fang-Yie Leu, Zhi-Yang Li","doi":"10.1109/IAS.2009.294","DOIUrl":"https://doi.org/10.1109/IAS.2009.294","url":null,"abstract":"In this article, we proposed an intrusion prevention system, named Cumulative-Sum-based Intrusion Prevention System (CSIPS) which detects malicious behaviors, attacks and distributed attacks launched to remote clients and local hosts based on the Cumulative Sum (CUSUM) algorithm. Experimental results show that CSIPSs in a united defense environment can carry out a higher security level for the environment.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123744782","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hsien-Huang P. Wu, Shih-Hsin Chang, P. Weng, Soon-Lin Chen
Because of the prevalence of digital imaging in radiology and the developments of electronic three-dimensional (3D) viewing devices, digital stereoradiography will become an efficient and economical way for improving the diagnostic efficacy. A viewing device based on one compact mirror and two flat-panel LCDs to achieve high resolution of digital dental stereoradiography is proposed and its effectiveness was evaluated. The proposed viewing method shows better performance compared with the other two approaches. Clinical use of the viewing instruments can be expected to show similar results.
{"title":"Economical Dental Stereoradiography in Digital Era","authors":"Hsien-Huang P. Wu, Shih-Hsin Chang, P. Weng, Soon-Lin Chen","doi":"10.1109/IAS.2009.168","DOIUrl":"https://doi.org/10.1109/IAS.2009.168","url":null,"abstract":"Because of the prevalence of digital imaging in radiology and the developments of electronic three-dimensional (3D) viewing devices, digital stereoradiography will become an efficient and economical way for improving the diagnostic efficacy. A viewing device based on one compact mirror and two flat-panel LCDs to achieve high resolution of digital dental stereoradiography is proposed and its effectiveness was evaluated. The proposed viewing method shows better performance compared with the other two approaches. Clinical use of the viewing instruments can be expected to show similar results.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123798199","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Keywords are indexed automatically for large-scale categorization corpora. Indexed keywords of more than 20 documents are selected as seed words, thus overcoming subjectivity of selecting seed words in clustering; at the same time, clustering is limited to particular category corpora and keywords indexed feature extraction method is adopted to obtain domanial words automatically, thus reducing noise of similarity calculation
{"title":"Words Clustering Based on Keywords Indexing from Large-scale Categorization Corpora","authors":"Liu Hua","doi":"10.1109/IAS.2009.271","DOIUrl":"https://doi.org/10.1109/IAS.2009.271","url":null,"abstract":"Keywords are indexed automatically for large-scale categorization corpora. Indexed keywords of more than 20 documents are selected as seed words, thus overcoming subjectivity of selecting seed words in clustering; at the same time, clustering is limited to particular category corpora and keywords indexed feature extraction method is adopted to obtain domanial words automatically, thus reducing noise of similarity calculation","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123863338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Certificateless PKC and self-certified PKC are two new public key systems. They remove the necessity of certificate to ensure the authentication of the user's public key in CB-PKC and also overcome the inherent key escrow problem in IB-PKC. Recently, Zhang et.al proposed a self-certified signcryption scheme, and Wu et.al gave a certificateless signcryption scheme. However, in this paper, we analyze the security of Zhangemph{ et.al}'s self-certified signcryption scheme and Wu emph{et.al} certificateless signcryption scheme, and show that the two signcryption schemes are insecure though the two schemes were proven to be secure under the random oracle model in cite{mu} and cite{wu}. In the self-certified signcryption scheme, a malicious user can forge a signcryption on an arbitrary message $m$ without CA's authentication. In Wuemph{et.al}'s certificateless signcryption scheme, confidentiality of signcryption is not satisfied. Namely, the scheme is not against chosen ciphertext attack. Finally, we give the corresponding attack,and to overcome the above flaws, we also discuss the corresponding improved method, respectively.
{"title":"Cryptoanalysis of Two Signcryption Schemes","authors":"Jianhong Zhang, Qin Geng","doi":"10.1109/IAS.2009.101","DOIUrl":"https://doi.org/10.1109/IAS.2009.101","url":null,"abstract":"Certificateless PKC and self-certified PKC are two new public key systems. They remove the necessity of certificate to ensure the authentication of the user's public key in CB-PKC and also overcome the inherent key escrow problem in IB-PKC. Recently, Zhang et.al proposed a self-certified signcryption scheme, and Wu et.al gave a certificateless signcryption scheme. However, in this paper, we analyze the security of Zhangemph{ et.al}'s self-certified signcryption scheme and Wu emph{et.al} certificateless signcryption scheme, and show that the two signcryption schemes are insecure though the two schemes were proven to be secure under the random oracle model in cite{mu} and cite{wu}. In the self-certified signcryption scheme, a malicious user can forge a signcryption on an arbitrary message $m$ without CA's authentication. In Wuemph{et.al}'s certificateless signcryption scheme, confidentiality of signcryption is not satisfied. Namely, the scheme is not against chosen ciphertext attack. Finally, we give the corresponding attack,and to overcome the above flaws, we also discuss the corresponding improved method, respectively.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121526122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hong-shan Kong, Ming-qing Zhang, Jun Tang, Chang-yuan Luo
Network security is attracting more and more attention. Simulation is a better choice to research the problems of network security because of their high complexity. Based on the purpose and actuality of simulation of network security, this paper puts forward a simulation method of network security using system dynamics. After giving the steps of system dynamics simulation of network security, this paper has simulated the attack of worm using system dynamics. The simulation results indicate system dynamics can describe the processes of worm attack well. The research of system dynamics of network security will extend the methods of simulation of network security.
{"title":"The Research of Simulation for Network Security Based on System Dynamics","authors":"Hong-shan Kong, Ming-qing Zhang, Jun Tang, Chang-yuan Luo","doi":"10.1109/IAS.2009.251","DOIUrl":"https://doi.org/10.1109/IAS.2009.251","url":null,"abstract":"Network security is attracting more and more attention. Simulation is a better choice to research the problems of network security because of their high complexity. Based on the purpose and actuality of simulation of network security, this paper puts forward a simulation method of network security using system dynamics. After giving the steps of system dynamics simulation of network security, this paper has simulated the attack of worm using system dynamics. The simulation results indicate system dynamics can describe the processes of worm attack well. The research of system dynamics of network security will extend the methods of simulation of network security.","PeriodicalId":240354,"journal":{"name":"2009 Fifth International Conference on Information Assurance and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116781617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: