Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588292
D. Bruschi, M. Monga, E. Rosti
With the spreading of cyber-crime, computer forensics has emerged as a new discipline in the system security arena. Some work is being done towards the definition of methodologies for the collection of digital evidences from storage devices that can withstand legal analysis in court. On the contrary, the collection of network evidences that allows for a selection of the traffic and guarantees legal admissibility is still an open field. In this paper we present the architecture of TIF, trusted Internet forensics, a network appliance that collects data from the network for forensics purposes. Such an appliance relies on a trusted computing platform in order to allow for the verification of the computational chain so that the data collected could be used as evidence in court.
{"title":"Trusted Internet forensics: design of a network forensics appliance","authors":"D. Bruschi, M. Monga, E. Rosti","doi":"10.1109/SECCMW.2005.1588292","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588292","url":null,"abstract":"With the spreading of cyber-crime, computer forensics has emerged as a new discipline in the system security arena. Some work is being done towards the definition of methodologies for the collection of digital evidences from storage devices that can withstand legal analysis in court. On the contrary, the collection of network evidences that allows for a selection of the traffic and guarantees legal admissibility is still an open field. In this paper we present the architecture of TIF, trusted Internet forensics, a network appliance that collects data from the network for forensics purposes. Such an appliance relies on a trusted computing platform in order to allow for the verification of the computational chain so that the data collected could be used as evidence in court.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115407050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1504/IJITST.2007.014836
K. Ylitalo, S. Holtmanns
In peer-to-peer (P2P) communities, users make personal trust evaluations of each other based on their experiences and observations. The available information of the peer's past behavior, i.e. reputation, is often incomplete, the credibility of evaluations is a concern and the relevance of the available information varies. In this paper, we propose functions for producing tailored trustworthiness estimations in P2P communities based on the peers past behavior. The presented mechanism provides some flexibility on applying it in different kinds of P2P networks.
{"title":"Tailored trustworthiness estimations in peer-to-peer networks","authors":"K. Ylitalo, S. Holtmanns","doi":"10.1504/IJITST.2007.014836","DOIUrl":"https://doi.org/10.1504/IJITST.2007.014836","url":null,"abstract":"In peer-to-peer (P2P) communities, users make personal trust evaluations of each other based on their experiences and observations. The available information of the peer's past behavior, i.e. reputation, is often incomplete, the credibility of evaluations is a concern and the relevance of the available information varies. In this paper, we propose functions for producing tailored trustworthiness estimations in P2P communities based on the peers past behavior. The presented mechanism provides some flexibility on applying it in different kinds of P2P networks.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127986473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588297
K. Ylitalo, Yki Kortesniemi
In online communities, the users typically do not meet personally, and, thus, they have to estimate the trustwor- thiness of the other parties using other means. To assist these estimations, various reputation systems have been developed. But collecting the required reputation information, which, essentially, is information about the user's past, also creates privacy con- cerns. In this paper, we examine how the distribution of reputation management using P2P networks deals with the privacy concerns of processing reputation information. We analyze the distributed reputation management from three angles: how the requirements of fair use practices should be reflected on the system design, what classes of information is leaked and, finally, how to manage the risks related to the social and technical issues. I. INTRODUCTION In online communities, people are typically strangers to each other and do not meet face to face. Consequently, estimating the trustworthiness of the other parties is more difficult than in every day life. To assist users in their trust decisions and to reduce the related risks, various reputation systems are being developed. These systems collect reputation information about the the users' past behavior, and have a mechanism to provide trustworthiness estimates based on the information. Characteristically, many of the current online communities manage the reputation information in a centralized manner. One of the most analyzed examples is the eBay's feedback forum (12). In this type of a centralized solution, one benefit is that the trusted third party (in this case: eBay) can play an important role in trust evaluations. In contrast, fully distributed peer-to-peer (P2P) networks have no centralized trusted third parties and the actual interactions happen directly between the peers. The peers, e.g., provide storage capacity to the community and they have to be able to evaluate other peers' trustworthiness on their own. Although the reputation information is useful in trustwor- thiness estimation (33), (23), collecting this information also presents privacy problems. In reputation management, the privacy problems arise when large amounts of the information is easily available and the user can be identified. In particu- lar, the identifiable information enables undesired tracing of the user's past behavior and preferences. And these threats increase along with the current trend of boosting data storage and processing capacity, which allows the possible malicious peers more capacity for monitoring others. In this paper, we examine how the decentralization of reputation management in P2P networks deals with the privacy concerns of processing reputation information. Fundamentally, the reputation information itself has to be public at least within the target community to be of any use. This means that the users, who have agreed to being evaluated by the reputation system, have also willingly given up some of their privacy. However, this
{"title":"Privacy in distributed reputation management","authors":"K. Ylitalo, Yki Kortesniemi","doi":"10.1109/SECCMW.2005.1588297","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588297","url":null,"abstract":"In online communities, the users typically do not meet personally, and, thus, they have to estimate the trustwor- thiness of the other parties using other means. To assist these estimations, various reputation systems have been developed. But collecting the required reputation information, which, essentially, is information about the user's past, also creates privacy con- cerns. In this paper, we examine how the distribution of reputation management using P2P networks deals with the privacy concerns of processing reputation information. We analyze the distributed reputation management from three angles: how the requirements of fair use practices should be reflected on the system design, what classes of information is leaked and, finally, how to manage the risks related to the social and technical issues. I. INTRODUCTION In online communities, people are typically strangers to each other and do not meet face to face. Consequently, estimating the trustworthiness of the other parties is more difficult than in every day life. To assist users in their trust decisions and to reduce the related risks, various reputation systems are being developed. These systems collect reputation information about the the users' past behavior, and have a mechanism to provide trustworthiness estimates based on the information. Characteristically, many of the current online communities manage the reputation information in a centralized manner. One of the most analyzed examples is the eBay's feedback forum (12). In this type of a centralized solution, one benefit is that the trusted third party (in this case: eBay) can play an important role in trust evaluations. In contrast, fully distributed peer-to-peer (P2P) networks have no centralized trusted third parties and the actual interactions happen directly between the peers. The peers, e.g., provide storage capacity to the community and they have to be able to evaluate other peers' trustworthiness on their own. Although the reputation information is useful in trustwor- thiness estimation (33), (23), collecting this information also presents privacy problems. In reputation management, the privacy problems arise when large amounts of the information is easily available and the user can be identified. In particu- lar, the identifiable information enables undesired tracing of the user's past behavior and preferences. And these threats increase along with the current trend of boosting data storage and processing capacity, which allows the possible malicious peers more capacity for monitoring others. In this paper, we examine how the decentralization of reputation management in P2P networks deals with the privacy concerns of processing reputation information. Fundamentally, the reputation information itself has to be public at least within the target community to be of any use. This means that the users, who have agreed to being evaluated by the reputation system, have also willingly given up some of their privacy. However, this","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114142130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588300
T. Ryutov, C. Neuman, Li Zhou, N. Foukia
We present a framework that introduces key concepts relevant to agreement negotiation in virtual organizations (VO). The framework serves as a foundation for implementing an automated system that facilitates the establishment of VO agreements, considerably reduces the effort for setting up a VO and consequently reduces the VO's time for operation. The framework captures the relationship between the initial participants' behaviors, expectations, obligations and agreements, making sure that in implementing a system, one does not overlook the important aspects of the agreement structure and negotiation. The framework can be used to validate a negotiation, ensure validity of the achieved agreement and form strategies for future negotiations. A novel aspect of the initial trust establishment described in this paper is the consideration of the effects of the participants' behaviors during the negotiation process on mutual trust. We use the concepts to describe our work-in-progress for specification and negotiation of the agreements that govern the behavior of VO entities.
{"title":"Establishing agreements in dynamic virtual organizations","authors":"T. Ryutov, C. Neuman, Li Zhou, N. Foukia","doi":"10.1109/SECCMW.2005.1588300","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588300","url":null,"abstract":"We present a framework that introduces key concepts relevant to agreement negotiation in virtual organizations (VO). The framework serves as a foundation for implementing an automated system that facilitates the establishment of VO agreements, considerably reduces the effort for setting up a VO and consequently reduces the VO's time for operation. The framework captures the relationship between the initial participants' behaviors, expectations, obligations and agreements, making sure that in implementing a system, one does not overlook the important aspects of the agreement structure and negotiation. The framework can be used to validate a negotiation, ensure validity of the achieved agreement and form strategies for future negotiations. A novel aspect of the initial trust establishment described in this paper is the consideration of the effects of the participants' behaviors during the negotiation process on mutual trust. We use the concepts to describe our work-in-progress for specification and negotiation of the agreements that govern the behavior of VO entities.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124802799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588296
F. Ulivieri
Trust is one of the most important elements in agents' relations: there is no cooperation (and ultimately no society) without this original core of trustworthiness towards a partner. In this article we focus on trust within technology-based environments, a subject which has been addressed by several disciplines and from several perspectives. Classical approaches to trust-building are presented here briefly: trust nourished by technological security; trust based on a rigid organization of cooperation; trust provided by a trusted third party and so on. We show that online trust or, more generally, trust in a technical environment, can only be nourished by approaches that are able to integrate cognitive and social elements in a strong way. More precisely, we propose a "paradigm shift" based on an extensive use of communality, reputation and over-help. We also suggest that it is important to study the role of familiarity and habit as one of the factors that could facilitate the presence of trust in a community of users.
{"title":"Social approaches to trust-building in Web technologies","authors":"F. Ulivieri","doi":"10.1109/SECCMW.2005.1588296","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588296","url":null,"abstract":"Trust is one of the most important elements in agents' relations: there is no cooperation (and ultimately no society) without this original core of trustworthiness towards a partner. In this article we focus on trust within technology-based environments, a subject which has been addressed by several disciplines and from several perspectives. Classical approaches to trust-building are presented here briefly: trust nourished by technological security; trust based on a rigid organization of cooperation; trust provided by a trusted third party and so on. We show that online trust or, more generally, trust in a technical environment, can only be nourished by approaches that are able to integrate cognitive and social elements in a strong way. More precisely, we propose a \"paradigm shift\" based on an extensive use of communality, reputation and over-help. We also suggest that it is important to study the role of familiarity and habit as one of the factors that could facilitate the presence of trust in a community of users.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121317852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588288
S. Mitropoulos, Dimitrios Patsos, Christos Douligeris
The traceback problem is one of the hardest in information security and has always been the utmost solution to holding attackers accountable for their actions. This paper presents a brief overview of the traceback problem, while discussing the features of software, network and computer forensics. In the rest of this paper, various traceback mechanisms are examined while categorized according to their features and modes of operation. Finally, we propose a classification schema for all traceback methods in order to assess and combine their benefits so as to provide enough information for digital forensics analyses, thus getting -the right way- one step closer to the actual attacker.
{"title":"Network forensics: towards a classification of traceback mechanisms","authors":"S. Mitropoulos, Dimitrios Patsos, Christos Douligeris","doi":"10.1109/SECCMW.2005.1588288","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588288","url":null,"abstract":"The traceback problem is one of the hardest in information security and has always been the utmost solution to holding attackers accountable for their actions. This paper presents a brief overview of the traceback problem, while discussing the features of software, network and computer forensics. In the rest of this paper, various traceback mechanisms are examined while categorized according to their features and modes of operation. Finally, we propose a classification schema for all traceback methods in order to assess and combine their benefits so as to provide enough information for digital forensics analyses, thus getting -the right way- one step closer to the actual attacker.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126131592","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588321
A. Prasad, A. Zugenmaier, P. Schoo
The next generation communications system will constitute of a heterogeneous access network technologies under a common IP layer. This next generation is often called beyond third generation, B3G. The heterogeneity present in these networks leads to security challenges not present in homogeneous networks. Besides the security issues there is also the issue of providing fast handover such that the user does not perceive any change in service quality or in other words seamless handover. In this paper, we will first define B3G systems and present some of the issues related to it. Next, we will propose approaches to secure and seamless handover in a B3G system.
{"title":"Next generation communications and secure seamless handover","authors":"A. Prasad, A. Zugenmaier, P. Schoo","doi":"10.1109/SECCMW.2005.1588321","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588321","url":null,"abstract":"The next generation communications system will constitute of a heterogeneous access network technologies under a common IP layer. This next generation is often called beyond third generation, B3G. The heterogeneity present in these networks leads to security challenges not present in homogeneous networks. Besides the security issues there is also the issue of providing fast handover such that the user does not perceive any change in service quality or in other words seamless handover. In this paper, we will first define B3G systems and present some of the issues related to it. Next, we will propose approaches to secure and seamless handover in a B3G system.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125571085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588316
Aybek Mukhamedov
The paper analyzes BAN Kerberos - a timestamp based key distribution protocol with mutual agent authentication. The protocol is formalized in the strand spaces model and it is shown that BAN Kerberos guarantees the strongest form of authentication in Lowe's hierarchy of authentication specifications [Lowe, 1997] - full agreement on all data items.
{"title":"Full agreement in BAN kerberos","authors":"Aybek Mukhamedov","doi":"10.1109/SECCMW.2005.1588316","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588316","url":null,"abstract":"The paper analyzes BAN Kerberos - a timestamp based key distribution protocol with mutual agent authentication. The protocol is formalized in the strand spaces model and it is shown that BAN Kerberos guarantees the strongest form of authentication in Lowe's hierarchy of authentication specifications [Lowe, 1997] - full agreement on all data items.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"665 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114140958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588312
G. Lapiotis, Byungsuk Kim, S. Das, F. Anjum
Wireless Ethernet (or Wi-Fi) security management is a challenging area of increased interest due to the widespread deployment of Wireless LANs (WLANs) and their well-known vulnerabilities to various types of attacks, as well as stringent scalability requirements in the dynamic wireless domain. Until the adoption of the latest security standards is complete, users and network assets on deployed WLANs, such as 802.11a/b/g networks, need to be protected from existing security threats without depending on the latest features. In addition, while new standards can protect the unauthorized use of network resource for outsiders, they do not deal with the misuse or misbehaviors by insiders. In this paper we present a hierarchically distributed policy-based system architecture and prototype implementation for WLAN security management. The architecture includes a central policy engine that validates policies and computes new configuration settings for network elements when access policies are violated, distributed wireless domain policy managers with consistent local policy autonomy that coordinate dedicated local monitors so as to monitor and control multi-vendor WLAN access points (APs). The local monitors include wireless intrusion detection modules and wireless AP interface adaptors. Although in this paper we focus on wireless security aspects, the overall architecture can be applied to end-to-end security management of wireline and wireless networks.
{"title":"A policy-based approach to wireless LAN security management","authors":"G. Lapiotis, Byungsuk Kim, S. Das, F. Anjum","doi":"10.1109/SECCMW.2005.1588312","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588312","url":null,"abstract":"Wireless Ethernet (or Wi-Fi) security management is a challenging area of increased interest due to the widespread deployment of Wireless LANs (WLANs) and their well-known vulnerabilities to various types of attacks, as well as stringent scalability requirements in the dynamic wireless domain. Until the adoption of the latest security standards is complete, users and network assets on deployed WLANs, such as 802.11a/b/g networks, need to be protected from existing security threats without depending on the latest features. In addition, while new standards can protect the unauthorized use of network resource for outsiders, they do not deal with the misuse or misbehaviors by insiders. In this paper we present a hierarchically distributed policy-based system architecture and prototype implementation for WLAN security management. The architecture includes a central policy engine that validates policies and computes new configuration settings for network elements when access policies are violated, distributed wireless domain policy managers with consistent local policy autonomy that coordinate dedicated local monitors so as to monitor and control multi-vendor WLAN access points (APs). The local monitors include wireless intrusion detection modules and wireless AP interface adaptors. Although in this paper we focus on wireless security aspects, the overall architecture can be applied to end-to-end security management of wireline and wireless networks.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114447154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588313
Zhiying Yao, Daeyoung Kim, Insun Lee, Kiyoung Kim, Jong-Su Jang
Wireless sensor networks are prone to security attacks, which are either common to conventional networks or unique for themselves due to the resource-constraint, susceptibility to physical capture, and wireless nature. Security solutions using crypto schemes are not enough, and sometimes not efficient. In this paper, we develop a security framework with trust management, i.e. establishment of trustworthy network environment, to secure sensor networks. For trust management, we explore a distributed trust model, enabling recommendation-based trust and trust-based recommendation, to build reasonable trust relationship among network entities, represented by numerical values, i.e. trust values. And our security framework fully relies on the values to execute security-related actions aiming at the tradeoff between security and network performance.
{"title":"A security framework with trust management for sensor networks","authors":"Zhiying Yao, Daeyoung Kim, Insun Lee, Kiyoung Kim, Jong-Su Jang","doi":"10.1109/SECCMW.2005.1588313","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588313","url":null,"abstract":"Wireless sensor networks are prone to security attacks, which are either common to conventional networks or unique for themselves due to the resource-constraint, susceptibility to physical capture, and wireless nature. Security solutions using crypto schemes are not enough, and sometimes not efficient. In this paper, we develop a security framework with trust management, i.e. establishment of trustworthy network environment, to secure sensor networks. For trust management, we explore a distributed trust model, enabling recommendation-based trust and trust-based recommendation, to build reasonable trust relationship among network entities, represented by numerical values, i.e. trust values. And our security framework fully relies on the values to execute security-related actions aiming at the tradeoff between security and network performance.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115579630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: