In this paper, we propose a framework, named as A-MAKE, which efficiently provides security, privacy, and accountability for communications in wireless mesh networks. More specifically, the framework provides an anonymous mutual authentication protocol whereby legitimate users can connect to network from anywhere without being identified or tracked. No single party (e.g., network operator) can violate the privacy of a user, which is provided in our framework in the strongest sense. Our framework utilizes group signatures, where the private key and the credentials of the users are generated through a secure three-party protocol. User accountability is implemented via user revocation protocol that can be executed by two semitrusted authorities, one of which is the network operator. The assumptions about the trust level of the network operator are relaxed. Our framework makes use of much more efficient signature generation and verification algorithms in terms of computation complexity than their counterparts in literature,where signature size is comparable to the shortest signatures proposed for similar purposes so far.
{"title":"A-MAKE: An Efficient, Anonymous and Accountable Authentication Framework for WMNs","authors":"Ahmet Onur Durahim, E. Savaş","doi":"10.1109/ICIMP.2010.16","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.16","url":null,"abstract":"In this paper, we propose a framework, named as A-MAKE, which efficiently provides security, privacy, and accountability for communications in wireless mesh networks. More specifically, the framework provides an anonymous mutual authentication protocol whereby legitimate users can connect to network from anywhere without being identified or tracked. No single party (e.g., network operator) can violate the privacy of a user, which is provided in our framework in the strongest sense. Our framework utilizes group signatures, where the private key and the credentials of the users are generated through a secure three-party protocol. User accountability is implemented via user revocation protocol that can be executed by two semitrusted authorities, one of which is the network operator. The assumptions about the trust level of the network operator are relaxed. Our framework makes use of much more efficient signature generation and verification algorithms in terms of computation complexity than their counterparts in literature,where signature size is comparable to the shortest signatures proposed for similar purposes so far.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114238887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Intrusion Detection Systems are essential in a network security solution. However, with the significant development of network technologies, the current IDS architecture does not support high-speed communications. Therefore, improving the performance of IDS is a major concern for researchers. In this paper, we present a model of intrusion detection based on the classification of network connections. Our approach is based on the principle of an intelligent loss. We propose a classification model based on the principle that a connection is either malicious or not. In the first case, the connection must be handled by the IDS; otherwise we can ignore it. This method reduces significantly the network flow sent to the IDS with a tolerance of an error threshold. This threshold can be adjusted by the updating process of the classification model.
{"title":"IDS Adaptation for an Efficient Detection in High-Speed Networks","authors":"Abdelhalim Zaidi, Tayeb Kenaza, N. Agoulmine","doi":"10.1109/ICIMP.2010.10","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.10","url":null,"abstract":"Intrusion Detection Systems are essential in a network security solution. However, with the significant development of network technologies, the current IDS architecture does not support high-speed communications. Therefore, improving the performance of IDS is a major concern for researchers. In this paper, we present a model of intrusion detection based on the classification of network connections. Our approach is based on the principle of an intelligent loss. We propose a classification model based on the principle that a connection is either malicious or not. In the first case, the connection must be handled by the IDS; otherwise we can ignore it. This method reduces significantly the network flow sent to the IDS with a tolerance of an error threshold. This threshold can be adjusted by the updating process of the classification model.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126222427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Timo Seppälä, Teemu Alapaholuoma, Olli Knuuti, J. Ylinen, P. Loula, Kimmo Hätönen
Large-scale IP networks present special challenges to security. Such networks consist of a large number of devices with a vast variety of traffic behavior. Finding a suitable line-up for the intrusion detection and monitoring mechanism is challenging. In this paper, we study the Snort and Bro-IDS systems. We have built a test platform, where we put those two detection systems side by side and compare them in a real IP network. All the results presented in this paper are under protection of end user privacy and anonymity.
{"title":"Implicit Malpractice and Suspicious Traffic Detection in Large Scale IP Networks","authors":"Timo Seppälä, Teemu Alapaholuoma, Olli Knuuti, J. Ylinen, P. Loula, Kimmo Hätönen","doi":"10.1109/ICIMP.2010.26","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.26","url":null,"abstract":"Large-scale IP networks present special challenges to security. Such networks consist of a large number of devices with a vast variety of traffic behavior. Finding a suitable line-up for the intrusion detection and monitoring mechanism is challenging. In this paper, we study the Snort and Bro-IDS systems. We have built a test platform, where we put those two detection systems side by side and compare them in a real IP network. All the results presented in this paper are under protection of end user privacy and anonymity.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131515202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper describes a comparative study of the use of Shannon, Renyi and Tsallis entropies for designing Decision Tree, with goal to find more efficient alternatives applied to Intrusion Tolerant Systems. Decision Tree has been used in classification model problems related to intrusion detection in networks, presenting good results. A very used decision tree is the C4.5 one that applies the Shannon entropy in order to choose the attributes that better divide data intoclasses. However, other ways to measure entropy, e.g., Tsallis and Renyi entropy, may be applied aiming at guaranteeing better generalization related to split criteria. Experimental results demonstrate that Tsallis and Renyi entropy can be used to construct more compact and efficient decision trees compared with Shannon entropy and these models can to provide more accurate intrusion tolerante systems.
{"title":"Decision Tree Based on Shannon, Rényi and Tsallis Entropies for Intrusion Tolerant Systems","authors":"C. F. L. Lima, F. M. Assis, C. P. Souza","doi":"10.1109/ICIMP.2010.23","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.23","url":null,"abstract":"This paper describes a comparative study of the use of Shannon, Renyi and Tsallis entropies for designing Decision Tree, with goal to find more efficient alternatives applied to Intrusion Tolerant Systems. Decision Tree has been used in classification model problems related to intrusion detection in networks, presenting good results. A very used decision tree is the C4.5 one that applies the Shannon entropy in order to choose the attributes that better divide data intoclasses. However, other ways to measure entropy, e.g., Tsallis and Renyi entropy, may be applied aiming at guaranteeing better generalization related to split criteria. Experimental results demonstrate that Tsallis and Renyi entropy can be used to construct more compact and efficient decision trees compared with Shannon entropy and these models can to provide more accurate intrusion tolerante systems.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131867806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Merkle, M. Niesing, M. Schwaiger, Heinrich Ihmor, U. Korte
We investigate the security of privacy enhancing techniques for biometric applications. The fuzzy vault of Jules and Sudan is a technique that allows error tolerant authentication, while preserving the privacy of the reference data. Several publications have proposed its application to fingerprints in order to implement privacy-enhanced biometric authentication. While the heuristic security estimates given are promising, no rigid security analysis has been presented so far. We explore if and under what circumstances a provably secure fuzzy fingerprint vault can be implemented. Based on bounds on the loss of entropy for the general fuzzy vault and realistic models for minutiae distributions, we deduce lower bounds for attacks that attempt to recover the template. Furthermore, we show how to select optimal parameters and evaluate both, minimum minutiae match rates and minimum number of minutiae needed to obtain an appropriate security level. Our results indicate that a provable secure scheme is hard to achieve with current fingerprint technology.
{"title":"Provable Security for the Fuzzy Fingerprint Vault","authors":"J. Merkle, M. Niesing, M. Schwaiger, Heinrich Ihmor, U. Korte","doi":"10.1109/ICIMP.2010.17","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.17","url":null,"abstract":"We investigate the security of privacy enhancing techniques for biometric applications. The fuzzy vault of Jules and Sudan is a technique that allows error tolerant authentication, while preserving the privacy of the reference data. Several publications have proposed its application to fingerprints in order to implement privacy-enhanced biometric authentication. While the heuristic security estimates given are promising, no rigid security analysis has been presented so far. We explore if and under what circumstances a provably secure fuzzy fingerprint vault can be implemented. Based on bounds on the loss of entropy for the general fuzzy vault and realistic models for minutiae distributions, we deduce lower bounds for attacks that attempt to recover the template. Furthermore, we show how to select optimal parameters and evaluate both, minimum minutiae match rates and minimum number of minutiae needed to obtain an appropriate security level. Our results indicate that a provable secure scheme is hard to achieve with current fingerprint technology.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122087932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Functional active objects are a new paradigm for the implementation of services. They offer safe distributed evaluation with futures and immutable objects guaranteeing efficient implementation of privacy while offering verified quality assurance based on the functional paradigm and a development in an interactive theorem prover. In this paper, we present a novel and highly performant implementation of functional active objects in Erlang. Besides outlining the guiding principles of the interpreter, we show by concrete examples how secure services can be realized.
{"title":"Implementing Privacy with Erlang Active Objects","authors":"Andreas Fleck, F. Kammüller","doi":"10.1109/ICIMP.2010.27","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.27","url":null,"abstract":"Functional active objects are a new paradigm for the implementation of services. They offer safe distributed evaluation with futures and immutable objects guaranteeing efficient implementation of privacy while offering verified quality assurance based on the functional paradigm and a development in an interactive theorem prover. In this paper, we present a novel and highly performant implementation of functional active objects in Erlang. Besides outlining the guiding principles of the interpreter, we show by concrete examples how secure services can be realized.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123244567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This work in progress outlines a comparison of anomaly detection methods that we are undertaking. We are comparing different types of anomaly detection methods with the purpose of achieving results covering a broad spectrum of anomalies. We also outline the datasets that we will be using and the metrics that we will use for our evaluation.
{"title":"Comparing Anomaly Detection Methods in Computer Networks","authors":"Andreas Löf, R. Nelson","doi":"10.1109/ICIMP.2010.9","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.9","url":null,"abstract":"This work in progress outlines a comparison of anomaly detection methods that we are undertaking. We are comparing different types of anomaly detection methods with the purpose of achieving results covering a broad spectrum of anomalies. We also outline the datasets that we will be using and the metrics that we will use for our evaluation.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"261 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116235939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Person identification as a security means has a variety of important applications. Many techniques and automated systems have been developed over the past few decades; each has its own advantages and limitations. There are often trade-offs amongst reliability, the ease of use, ethical/human rights issues, and acceptability in a particular application. Multimodal identification and authentication can, to some extent, alleviate the dilemmas and improve the overall performance. This paper proposes a new method of the combined use of signatures and utterances of pronounced names to identify or authenticate persons. Unlike typical signature verification methods, the dynamic features of signatures are captured as sound in this paper. The multimodal approach shows increased reliability, providing a relatively simple and potentially useful method for person identification and authentication.
{"title":"Sound-Based Multimodal Person Identification from Signature and Voice","authors":"Francis F. Li","doi":"10.1109/ICIMP.2010.18","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.18","url":null,"abstract":"Person identification as a security means has a variety of important applications. Many techniques and automated systems have been developed over the past few decades; each has its own advantages and limitations. There are often trade-offs amongst reliability, the ease of use, ethical/human rights issues, and acceptability in a particular application. Multimodal identification and authentication can, to some extent, alleviate the dilemmas and improve the overall performance. This paper proposes a new method of the combined use of signatures and utterances of pronounced names to identify or authenticate persons. Unlike typical signature verification methods, the dynamic features of signatures are captured as sound in this paper. The multimodal approach shows increased reliability, providing a relatively simple and potentially useful method for person identification and authentication.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127547331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper considers the Fractal Market Hypothesis (FMH) for assessing the risk(s) in developing a financial portfolio based on data that is available through the Internet from an increasing number of sources. Most financial risk management systems are still based on the Efficient Market Hypothesis which often fails due to the inaccuracies of the statistical models that underpin the hypothesis, in particular, that financial data are based on stationary Gaussian processes. The FMH considered in this paper assumes that financial data are non-stationary and statistically self-affine so that a risk analysis can, in principal, be applied at any time scale provided there is sufficient data to make the output of a FMH analysis statistically significant.
{"title":"Economic Risk Assessment Using the Fractal Market Hypothesis","authors":"J. Blackledge, M. Rebow","doi":"10.1109/ICIMP.2010.28","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.28","url":null,"abstract":"This paper considers the Fractal Market Hypothesis (FMH) for assessing the risk(s) in developing a financial portfolio based on data that is available through the Internet from an increasing number of sources. Most financial risk management systems are still based on the Efficient Market Hypothesis which often fails due to the inaccuracies of the statistical models that underpin the hypothesis, in particular, that financial data are based on stationary Gaussian processes. The FMH considered in this paper assumes that financial data are non-stationary and statistically self-affine so that a risk analysis can, in principal, be applied at any time scale provided there is sufficient data to make the output of a FMH analysis statistically significant.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129841049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alireza Shameli Sendi, Masoume Jabbarifar, M. Shajari, M. Dagenais
Risk assessment is a major part of the ISMS Process. The Information Security Management System standards specify guidelines and a general framework for risk assessment. In many existing standards, such as NIST and ISO27001, risk assessment is described however, while these standards present some guidelines, there are no details on how to implement it in an organization. In a complex organization, risk assessment is a complicated process and involves a lot of assets. In this paper, we present the FEMRA model, which uses fuzzy expert systems to assess risk in organizations. The risk assessment varies considerably with the context, the metrics used as dependent variables, and the opinions of the persons involved. Fuzzy logic thus represents an excellent model for this application. Organizations can use FEMRA as a tool to improve the ISMS implementation. One of the interesting characteristics of FEMRA is that it can represent each risk with a numerical value. The managers can detect higher risks by comparing these values and develop a good strategy to reduce them
{"title":"FEMRA: Fuzzy Expert Model for Risk Assessment","authors":"Alireza Shameli Sendi, Masoume Jabbarifar, M. Shajari, M. Dagenais","doi":"10.1109/ICIMP.2010.15","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.15","url":null,"abstract":"Risk assessment is a major part of the ISMS Process. The Information Security Management System standards specify guidelines and a general framework for risk assessment. In many existing standards, such as NIST and ISO27001, risk assessment is described however, while these standards present some guidelines, there are no details on how to implement it in an organization. In a complex organization, risk assessment is a complicated process and involves a lot of assets. In this paper, we present the FEMRA model, which uses fuzzy expert systems to assess risk in organizations. The risk assessment varies considerably with the context, the metrics used as dependent variables, and the opinions of the persons involved. Fuzzy logic thus represents an excellent model for this application. Organizations can use FEMRA as a tool to improve the ISMS implementation. One of the interesting characteristics of FEMRA is that it can represent each risk with a numerical value. The managers can detect higher risks by comparing these values and develop a good strategy to reduce them","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114724611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: