In modern era, remote user can access the multiple-services from anywhere in the world at any time through Internet. So, to provide the legitimacy among the users, various remote user authentication schemes have been designed. Recently, Chuang and Chang has proposed a scheme under multi-server architecture based on three security factors namely, smart card, password and biometric and claimed that, their scheme can resist several kind of attacks and can be successful to provide more security properties than that of existing schemes. In this paper, we have reviewed their schemes and proved that Chuang and Chang's scheme cannot resist server spoofing or user impersonate attack, password guessing attack and also fails to achieve forward key secrecy. To overcome their weaknesses and fulfill such important security requirements, we have proposed an improved remote user authentication scheme under multi-server environment.
{"title":"A perfect dynamic-id and biometric based remote user authentication scheme under multi-server environments using smart cards","authors":"Subhasish Banerjee, M. P. Dutta, C. Bhunia","doi":"10.1145/2799979.2799984","DOIUrl":"https://doi.org/10.1145/2799979.2799984","url":null,"abstract":"In modern era, remote user can access the multiple-services from anywhere in the world at any time through Internet. So, to provide the legitimacy among the users, various remote user authentication schemes have been designed. Recently, Chuang and Chang has proposed a scheme under multi-server architecture based on three security factors namely, smart card, password and biometric and claimed that, their scheme can resist several kind of attacks and can be successful to provide more security properties than that of existing schemes. In this paper, we have reviewed their schemes and proved that Chuang and Chang's scheme cannot resist server spoofing or user impersonate attack, password guessing attack and also fails to achieve forward key secrecy. To overcome their weaknesses and fulfill such important security requirements, we have proposed an improved remote user authentication scheme under multi-server environment.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"209 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123279611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Malware authors make use of some anti-reverse engineering and obfuscation techniques like packing and encoding in-order to conceal their malicious payload. These techniques succeeded in evading the traditional signature based AV scanners. Packed or encoded malware samples are difficult to be analysed directly by the AV scanners. So, such samples must be initially unpacked or decoded for efficient analysis of the malicious code. This paper illustrates a static information theoretic method for the classification of packed and encoded files. The proposed method extracts fragments of fixed size from the files and calculates the entropy scores of the fragments. These entropy scores are then used for computing the Similarity Distance Matrix for fragments in a file-pair. The proposed system classifies all the encoded and packed samples properly, thereby obtaining improved detection. The proposed system is also capable of differentiating the type of packers used for the packing or encoding process.
{"title":"Information theoretic method for classification of packed and encoded files","authors":"Jithu Raphel, P. Vinod","doi":"10.1145/2799979.2800015","DOIUrl":"https://doi.org/10.1145/2799979.2800015","url":null,"abstract":"Malware authors make use of some anti-reverse engineering and obfuscation techniques like packing and encoding in-order to conceal their malicious payload. These techniques succeeded in evading the traditional signature based AV scanners. Packed or encoded malware samples are difficult to be analysed directly by the AV scanners. So, such samples must be initially unpacked or decoded for efficient analysis of the malicious code. This paper illustrates a static information theoretic method for the classification of packed and encoded files. The proposed method extracts fragments of fixed size from the files and calculates the entropy scores of the fragments. These entropy scores are then used for computing the Similarity Distance Matrix for fragments in a file-pair. The proposed system classifies all the encoded and packed samples properly, thereby obtaining improved detection. The proposed system is also capable of differentiating the type of packers used for the packing or encoding process.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129239322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis
Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provisions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increasing in system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.
{"title":"An analytical processing approach to supporting cyber security compliance assessment","authors":"F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis","doi":"10.1145/2799979.2800007","DOIUrl":"https://doi.org/10.1145/2799979.2800007","url":null,"abstract":"Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provisions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increasing in system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131051002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Emmanouil Vasilomanolakis, Shankar Karuppayah, Panayotis Kikiras, M. Mühlhäuser
In recent years, the amount and the sophistication of cyber attacks has increased significantly. This creates a plethora of challenges from a security perspective. First, for the efficient monitoring of a network, the generated alerts need to be presented and summarized in a meaningful manner. Second, additional analytics are required to identify sophisticated and correlated attacks. In particular, the detection of correlated attacks requires collaboration between different monitoring points. Cyber incident monitors are platforms utilized for supporting the tasks of network administrators and provide an initial step towards coping with the aforementioned challenges. In this paper, we present our cyber incident monitor TraCINg. TraCINg obtains alert data from honeypot sensors distributed across all over the world. The main contribution of this paper is a thoughtful discussion of the lessons learned, both from a design rational perspective as well as from the analysis of data gathered during a five month deployment period. Furthermore, we show that even with a relatively small number of deployed sensors, it is possible to detect correlated attacks that target multiple sensors.
{"title":"A honeypot-driven cyber incident monitor: lessons learned and steps ahead","authors":"Emmanouil Vasilomanolakis, Shankar Karuppayah, Panayotis Kikiras, M. Mühlhäuser","doi":"10.1145/2799979.2799999","DOIUrl":"https://doi.org/10.1145/2799979.2799999","url":null,"abstract":"In recent years, the amount and the sophistication of cyber attacks has increased significantly. This creates a plethora of challenges from a security perspective. First, for the efficient monitoring of a network, the generated alerts need to be presented and summarized in a meaningful manner. Second, additional analytics are required to identify sophisticated and correlated attacks. In particular, the detection of correlated attacks requires collaboration between different monitoring points. Cyber incident monitors are platforms utilized for supporting the tasks of network administrators and provide an initial step towards coping with the aforementioned challenges. In this paper, we present our cyber incident monitor TraCINg. TraCINg obtains alert data from honeypot sensors distributed across all over the world. The main contribution of this paper is a thoughtful discussion of the lessons learned, both from a design rational perspective as well as from the analysis of data gathered during a five month deployment period. Furthermore, we show that even with a relatively small number of deployed sensors, it is possible to detect correlated attacks that target multiple sensors.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129627568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper deals with the prototype for secure voice communication with hardware encryption of data. The main elements are hands-free headset, on which microcontroller with in-flow symmetrical algorithm of block encryption is supported as well as switching server, mobile application and encrypting center.
{"title":"Secure voice communication system with hardware encryption of data on hands-free headset","authors":"A. Boruchinkin","doi":"10.1145/2799979.2800030","DOIUrl":"https://doi.org/10.1145/2799979.2800030","url":null,"abstract":"This paper deals with the prototype for secure voice communication with hardware encryption of data. The main elements are hands-free headset, on which microcontroller with in-flow symmetrical algorithm of block encryption is supported as well as switching server, mobile application and encrypting center.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125997418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Knyazeva, Alexander Tselykh, A. Tselykh, E. Popkova
In this paper, we present a graph-based approach to a data mining problem of exploring and revealing domain groups of users prone to committing financial fraud. Data mining in financial applications refers to extracting and organizing knowledge from large amount of legal and financial data according to certain criteria. In order to solve this problem, information about the companies should be well-defined and arranged according to a data mining process model. Here, we introduced a graph-based model to formalize large amounts of data as well as a methodology of graph centers of interest to solve classification and prediction data mining tasks that are vital to handle fraud detection. A graph-based model consists of a set of real objects, such as shareholders, vendors, and directors, with some object attributes and relations between the objects. IBM i2 software is used to visualize data and graph model representation.
{"title":"A graph-based data mining approach to preventing financial fraud: a case study","authors":"M. Knyazeva, Alexander Tselykh, A. Tselykh, E. Popkova","doi":"10.1145/2799979.2800002","DOIUrl":"https://doi.org/10.1145/2799979.2800002","url":null,"abstract":"In this paper, we present a graph-based approach to a data mining problem of exploring and revealing domain groups of users prone to committing financial fraud. Data mining in financial applications refers to extracting and organizing knowledge from large amount of legal and financial data according to certain criteria. In order to solve this problem, information about the companies should be well-defined and arranged according to a data mining process model. Here, we introduced a graph-based model to formalize large amounts of data as well as a methodology of graph centers of interest to solve classification and prediction data mining tasks that are vital to handle fraud detection. A graph-based model consists of a set of real objects, such as shareholders, vendors, and directors, with some object attributes and relations between the objects. IBM i2 software is used to visualize data and graph model representation.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127023687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In today's world of informatics, penetration tests becoming one of the most important factors in ensuring corporate information security. Penetration test methodologies provided to this day for ensuring information security have mostly concentrated on network components such as servers and firewalls. The fact that there has not been sufficient focus on router security in the penetration tests that have been conducted leads to major problems in ensuring corporate information security. This study presents a router penetration test methodology consisting of three steps to ensure full range router security. The effectiveness of the methodology presented was analyzed in a virtual penetration test laboratory, for which the design is provided in this study. Following the test trials, it was observed that the presented test methodology enables the common security vulnerabilities occurring on routers to be controlled in order.
{"title":"Developing a penetration test methodology in ensuring router security and testing it in a virtual laboratory","authors":"E. Küçüksille, Mehmet Ali Yalçinkaya, Samet Ganal","doi":"10.1145/2799979.2799989","DOIUrl":"https://doi.org/10.1145/2799979.2799989","url":null,"abstract":"In today's world of informatics, penetration tests becoming one of the most important factors in ensuring corporate information security. Penetration test methodologies provided to this day for ensuring information security have mostly concentrated on network components such as servers and firewalls. The fact that there has not been sufficient focus on router security in the penetration tests that have been conducted leads to major problems in ensuring corporate information security. This study presents a router penetration test methodology consisting of three steps to ensure full range router security. The effectiveness of the methodology presented was analyzed in a virtual penetration test laboratory, for which the design is provided in this study. Following the test trials, it was observed that the presented test methodology enables the common security vulnerabilities occurring on routers to be controlled in order.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122237392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
DDoS attacks have become fatal attacks in recent times. There are large number of incidents which have been reported recently and caused heavy downtime and economic losses. Evolution of utility computing models like cloud computing and its adoption across enterprises is visible due to many promising features. Effects of DDoS attacks in cloud are no more similar to what they were in traditional fixed or on premise infrastructure. In addition to effects on the service, economic or sustainability effects are significant in the form of Economic Denial of Sustainability (EDoS) attacks. We argue that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server. Some of these important stakeholders are co-hosted virtual servers, physical server(s), network and, cloud service providers. We have shown through system analysis, experiments and simulations that these stakeholders are indeed affected though they are not the actual targets. Effects to other stakeholders include performance interference, web service performance, resource race, indirect EDoS, downtime and, business losses. Cloud scale simulations have revealed that overall energy consumption and no. of VM migrations are adversely affected due to DDoS/EDoS attacks. Losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.
{"title":"DDoS/EDoS attack in cloud: affecting everyone out there!","authors":"G. Somani, M. Gaur, D. Sanghi","doi":"10.1145/2799979.2800005","DOIUrl":"https://doi.org/10.1145/2799979.2800005","url":null,"abstract":"DDoS attacks have become fatal attacks in recent times. There are large number of incidents which have been reported recently and caused heavy downtime and economic losses. Evolution of utility computing models like cloud computing and its adoption across enterprises is visible due to many promising features. Effects of DDoS attacks in cloud are no more similar to what they were in traditional fixed or on premise infrastructure. In addition to effects on the service, economic or sustainability effects are significant in the form of Economic Denial of Sustainability (EDoS) attacks. We argue that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server. Some of these important stakeholders are co-hosted virtual servers, physical server(s), network and, cloud service providers. We have shown through system analysis, experiments and simulations that these stakeholders are indeed affected though they are not the actual targets. Effects to other stakeholders include performance interference, web service performance, resource race, indirect EDoS, downtime and, business losses. Cloud scale simulations have revealed that overall energy consumption and no. of VM migrations are adversely affected due to DDoS/EDoS attacks. Losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"361 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115900336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper reviews the problem of a secure data transfer in distributed computing networks. It analysis the most popular covert channels (the steganographic methods of communications) and introduces their classification. The article also presents a class of the most effective steganographic methods, describes its formal model and performs a security analysis based on the proposed model.
{"title":"Steganographic methods of communications in distributed computing networks","authors":"A. S. Konoplev, A. Busygin","doi":"10.1145/2799979.2800024","DOIUrl":"https://doi.org/10.1145/2799979.2800024","url":null,"abstract":"This paper reviews the problem of a secure data transfer in distributed computing networks. It analysis the most popular covert channels (the steganographic methods of communications) and introduces their classification. The article also presents a class of the most effective steganographic methods, describes its formal model and performs a security analysis based on the proposed model.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125017307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Different sectors of the economy have recently witnessed increased focus on innovative technologies in evaluating human capacity of an enterprise. The Principal Component Analysis exemplifies modern knowledge-based techniques used to assess quality of specialist training. The current challenge facing by the higher education institutions of the Russian Federation is preparing qualified and competitive in the global labor market personnel, through multi-disciplinary education. This paper addresses the issue of occupational guidance at the Institute of Financial and Economic Security of the NRNU MEPhI with regard to relevant divisions of the Federal Financial Monitoring Service, by means of mathematical models. The object of the research is the system of specialist training in the area of financial monitoring. The research subject comprises methods, algorithms identifying contribution of educational disciplines to profile-based preparation of students in the sphere of financial monitoring. The goal of this study is to improve the quality of education in the field of financial monitoring by developing methods and algorithms that determine theoretical and practical contribution of subjects to specialist training.
{"title":"Profile-based students assignment to core financial intelligence unit departments","authors":"D. Chukova, A. Pakhomov","doi":"10.1145/2799979.2800018","DOIUrl":"https://doi.org/10.1145/2799979.2800018","url":null,"abstract":"Different sectors of the economy have recently witnessed increased focus on innovative technologies in evaluating human capacity of an enterprise. The Principal Component Analysis exemplifies modern knowledge-based techniques used to assess quality of specialist training. The current challenge facing by the higher education institutions of the Russian Federation is preparing qualified and competitive in the global labor market personnel, through multi-disciplinary education. This paper addresses the issue of occupational guidance at the Institute of Financial and Economic Security of the NRNU MEPhI with regard to relevant divisions of the Federal Financial Monitoring Service, by means of mathematical models. The object of the research is the system of specialist training in the area of financial monitoring. The research subject comprises methods, algorithms identifying contribution of educational disciplines to profile-based preparation of students in the sphere of financial monitoring. The goal of this study is to improve the quality of education in the field of financial monitoring by developing methods and algorithms that determine theoretical and practical contribution of subjects to specialist training.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125542169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: