Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588319
Kwang-Hyun Baek, Sean W. Smith
As multiple types of traffic converge onto one network, frequently wireless, enterprises face a tradeoff between effectiveness and security. Some types of traffic, such as voice-over-IP (VoIP), require certain quality of service (QoS) guarantees to be effective. The end client platform is in the best position to know which packets deserve this special handling. In many environments (such as universities), end users relish having control over their own machines. However, if end users administer their own machines, nothing stops dishonest ones from marking undeserving traffic for high QoS. How can an enterprise ensure that only appropriate traffic receives high QoS, while also allowing end users to retain control over their own machines? In this paper, we present the design and prototype of a solution, using SELinux, TCPA/TCG hardware, Diffserv, 802.1x, and EAP-TLS.
{"title":"Preventing theft of quality of service on open platforms","authors":"Kwang-Hyun Baek, Sean W. Smith","doi":"10.1109/SECCMW.2005.1588319","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588319","url":null,"abstract":"As multiple types of traffic converge onto one network, frequently wireless, enterprises face a tradeoff between effectiveness and security. Some types of traffic, such as voice-over-IP (VoIP), require certain quality of service (QoS) guarantees to be effective. The end client platform is in the best position to know which packets deserve this special handling. In many environments (such as universities), end users relish having control over their own machines. However, if end users administer their own machines, nothing stops dishonest ones from marking undeserving traffic for high QoS. How can an enterprise ensure that only appropriate traffic receives high QoS, while also allowing end users to retain control over their own machines? In this paper, we present the design and prototype of a solution, using SELinux, TCPA/TCG hardware, Diffserv, 802.1x, and EAP-TLS.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127441468","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588320
S. Lindskog, A. Brunstrom
To achieve the best possible QoS tradeoff between security and performance for networked applications, a tunable and differential treatment of security is required. In this paper, we present the design and implementation of a tunable encryption service. The proposed service is based on a selective encryption paradigm in which the applications can request a desired encryption level. Encryption levels are selected by the applications at the inception of sessions, but can be changed at any time during their lifetime. A prototype implementation is described along with an initial performance evaluation. The experimental results demonstrate that the proposed service offers a high degree of security adaptiveness at a low cost.
{"title":"Design and implementation of a tunable encryption service for networked applications","authors":"S. Lindskog, A. Brunstrom","doi":"10.1109/SECCMW.2005.1588320","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588320","url":null,"abstract":"To achieve the best possible QoS tradeoff between security and performance for networked applications, a tunable and differential treatment of security is required. In this paper, we present the design and implementation of a tunable encryption service. The proposed service is based on a selective encryption paradigm in which the applications can request a desired encryption level. Encryption levels are selected by the applications at the inception of sessions, but can be changed at any time during their lifetime. A prototype implementation is described along with an initial performance evaluation. The experimental results demonstrate that the proposed service offers a high degree of security adaptiveness at a low cost.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130962958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588304
Ayman Tajeddine, A. Kayssi, A. Chehab, H. Artail
In this paper, we present a general and comprehensive reputation-based trust model for distributed computing. The proposed model is an enhancement over our previous model, TRUMMAR, and aims at achieving a truly unique model that incorporates most concepts that are essential to determining trust-based decisions. Among the concepts upon which the trust model is based are reputation values, direct experiences, trust in the credibility of a host to give recommendations, decay of information with time based on a dynamic decay factor, first impressions, similarity, popularity, activity, cooperation between hosts, in addition to a hierarchy of host systems. The simulations performed on this model confirm its correctness and its adaptability to different environments and situations.
{"title":"A comprehensive reputation-based trust model for distributed systems","authors":"Ayman Tajeddine, A. Kayssi, A. Chehab, H. Artail","doi":"10.1109/SECCMW.2005.1588304","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588304","url":null,"abstract":"In this paper, we present a general and comprehensive reputation-based trust model for distributed computing. The proposed model is an enhancement over our previous model, TRUMMAR, and aims at achieving a truly unique model that incorporates most concepts that are essential to determining trust-based decisions. Among the concepts upon which the trust model is based are reputation values, direct experiences, trust in the credibility of a host to give recommendations, decay of information with time based on a dynamic decay factor, first impressions, similarity, popularity, activity, cooperation between hosts, in addition to a hierarchy of host systems. The simulations performed on this model confirm its correctness and its adaptability to different environments and situations.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131759219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588322
Fernando C Colón Osorio, Kerry Mckay, Emmanuel Agu
As the popularity of wireless networks increases, so does the need to protect them. In recent years, many researchers have studied the limitations of the security mechanisms that protect wireless networks, as well as the effects of network traffic on the battery life. However, there has been less research on the effect of adding security mechanisms to mobile devices and their impact on energy usage. This is a particularly important area when one considers classes of attacks where an attacker can drain a device's battery by simply having it repeatedly execute energy intensive programs. In this manuscript, we examine a method for analyzing trade-offs between energy and security proposed by Colo/spl acute/n Osorio et al. This research describes a method to identify the most appropriate security profile for a given application, given battery constraints. We apply this methodology to the analysis of tradeoffs between energy utilization and security of current and proposed wireless protocols.
{"title":"Comparison of security protocols in mobile wireless environments: tradeoffs between level of security obtained and battery life","authors":"Fernando C Colón Osorio, Kerry Mckay, Emmanuel Agu","doi":"10.1109/SECCMW.2005.1588322","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588322","url":null,"abstract":"As the popularity of wireless networks increases, so does the need to protect them. In recent years, many researchers have studied the limitations of the security mechanisms that protect wireless networks, as well as the effects of network traffic on the battery life. However, there has been less research on the effect of adding security mechanisms to mobile devices and their impact on energy usage. This is a particularly important area when one considers classes of attacks where an attacker can drain a device's battery by simply having it repeatedly execute energy intensive programs. In this manuscript, we examine a method for analyzing trade-offs between energy and security proposed by Colo/spl acute/n Osorio et al. This research describes a method to identify the most appropriate security profile for a given application, given battery constraints. We apply this methodology to the analysis of tradeoffs between energy utilization and security of current and proposed wireless protocols.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123287141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588323
D. Djenouri, N. Badache
A mobile ad hoc network (MANET) is a temporary infrastructureless network, formed by a set of mobile hosts that dynamically establish their own network on the fly without relying on any central administration. Mobile hosts used in MANET have to ensure the services that were ensured by the powerful fixed infrastructure in traditional networks, the packet forwarding is one of these services. The resource limitation of nodes used in MANET, particularly in energy supply, along with the multi-hop nature of this network may cause new phenomena which do not exist in traditional networks. To save its energy a node may behave selfishly and uses the forwarding service of other nodes without correctly forwarding packets for them. This deviation from the correct behavior represents a potential threat against the quality of service (QoS), as well as the service availability, one of the most important security requirements. Some solutions have been recently proposed, but almost all these solutions rely on the watchdog technique as stated in S. Marti et al. (2000) in their monitoring components, which suffers from many problems. In this paper we propose an approach to mitigate some of these problems, and we assess its performance by simulation.
{"title":"New approach for selfish nodes detection in mobile ad hoc networks","authors":"D. Djenouri, N. Badache","doi":"10.1109/SECCMW.2005.1588323","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588323","url":null,"abstract":"A mobile ad hoc network (MANET) is a temporary infrastructureless network, formed by a set of mobile hosts that dynamically establish their own network on the fly without relying on any central administration. Mobile hosts used in MANET have to ensure the services that were ensured by the powerful fixed infrastructure in traditional networks, the packet forwarding is one of these services. The resource limitation of nodes used in MANET, particularly in energy supply, along with the multi-hop nature of this network may cause new phenomena which do not exist in traditional networks. To save its energy a node may behave selfishly and uses the forwarding service of other nodes without correctly forwarding packets for them. This deviation from the correct behavior represents a potential threat against the quality of service (QoS), as well as the service availability, one of the most important security requirements. Some solutions have been recently proposed, but almost all these solutions rely on the watchdog technique as stated in S. Marti et al. (2000) in their monitoring components, which suffers from many problems. In this paper we propose an approach to mitigate some of these problems, and we assess its performance by simulation.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125149023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588310
Wenye Wang, C. Costa
With the ubiquitous reach of the Internet, providing secure services over the communication networks has induced more challenges in addition to the requirements of quality of service (QoS) of a wide variety of applications. More importantly, security mechanisms, such as authentication, trust management, and key distribution are deployed at the expense of QoS because of implementation and communication overhead. Therefore, there exists a need for network designers to integrate security protocols in the Internet, while providing the required QoS in terms of bandwidth, delay, jitter, and reliability. A similar increase in wireless networks spanning from sensor networks to cellular systems has also demanded stringent tradeoff between security services and QoS. Both these factors have resulted in a sharply growing demand by service providers for the development of techniques that will enable them to offer communication services adaptive to voice and data services. Therefore, design and evaluation of security protocols and mechanisms for different network architectures and applications becomes a fundamental issue in providing secure, reliable, and satisfactory communications.
{"title":"Security and quality of service in communication networks","authors":"Wenye Wang, C. Costa","doi":"10.1109/SECCMW.2005.1588310","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588310","url":null,"abstract":"With the ubiquitous reach of the Internet, providing secure services over the communication networks has induced more challenges in addition to the requirements of quality of service (QoS) of a wide variety of applications. More importantly, security mechanisms, such as authentication, trust management, and key distribution are deployed at the expense of QoS because of implementation and communication overhead. Therefore, there exists a need for network designers to integrate security protocols in the Internet, while providing the required QoS in terms of bandwidth, delay, jitter, and reliability. A similar increase in wireless networks spanning from sensor networks to cellular systems has also demanded stringent tradeoff between security services and QoS. Both these factors have resulted in a sharply growing demand by service providers for the development of techniques that will enable them to offer communication services adaptive to voice and data services. Therefore, design and evaluation of security protocols and mechanisms for different network architectures and applications becomes a fundamental issue in providing secure, reliable, and satisfactory communications.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128187190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588318
P. Thermos, G. Hadsall
The technological advancements and equipment cost reductions, aid in the rapid evolution of residential networks, which evolved in to an autonomous ecosystem with more elaborate services and capabilities than previously experienced. The elements in the residential networks are using a combination of hardware, software and communication protocols with inherent security vulnerabilities due to this new configuration. One such component is the voice over IP (VoIP) gateway, which in many cases is replacing the current Internet gateway thus providing network as well as VoIP connectivity. The new VoIP gateways are required to provide greater robustness and security than the current Internet gateways since they need to support critical services such as E911 and real-time multimedia applications. This paper reflects the results of a research study that aimed at identifying security issues associated with residential VoIP gateways, including signaling and media routing, implementation, operation, and network management in order to understand their impact on end users and service providers. The findings suggest that attacks such as message, replay, amplification (i.e. Denial of Service or "DoS" ), annoyance (SPIT), and eavesdropping along with misconfiguration and several other weaknesses can have a severe impact on the subscriber's ability to communicate in an emergency or disclosure of sensitive information.
{"title":"Vulnerabilities in SOHO VoIP gateways","authors":"P. Thermos, G. Hadsall","doi":"10.1109/SECCMW.2005.1588318","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588318","url":null,"abstract":"The technological advancements and equipment cost reductions, aid in the rapid evolution of residential networks, which evolved in to an autonomous ecosystem with more elaborate services and capabilities than previously experienced. The elements in the residential networks are using a combination of hardware, software and communication protocols with inherent security vulnerabilities due to this new configuration. One such component is the voice over IP (VoIP) gateway, which in many cases is replacing the current Internet gateway thus providing network as well as VoIP connectivity. The new VoIP gateways are required to provide greater robustness and security than the current Internet gateways since they need to support critical services such as E911 and real-time multimedia applications. This paper reflects the results of a research study that aimed at identifying security issues associated with residential VoIP gateways, including signaling and media routing, implementation, operation, and network management in order to understand their impact on end users and service providers. The findings suggest that attacks such as message, replay, amplification (i.e. Denial of Service or \"DoS\" ), annoyance (SPIT), and eavesdropping along with misconfiguration and several other weaknesses can have a severe impact on the subscriber's ability to communicate in an emergency or disclosure of sensitive information.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129650453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588311
Feng Cao, S. Malik
Voice over IP (VoIP) is being adopted to replace the traditional circuit switched infrastructure for telephony services. This trend has an enormous impact on the critical infrastructure sectors which will progressively become more dependent in part or as a whole on VoIP services. Phone communications and its security is a relevant concern for most critical infrastructure sector organizations today. With passage of time this concern will morph into a new set of challenges and opportunities brought forward by the deployment of VoIP in these organizations. This study attempts to outline the potential security issues faced by the critical infrastructure sectors as they transform their traditional phone systems into VoIP systems. Security analysis is provided to understand the impact of VoIP security challenges in the new convergent network paradigm. Some recommendations are made on how to address many issues of VoIP security along the process of adopting IP telephony into critical infrastructure.
{"title":"Security analysis and solutions for deploying IP telephony in the critical infrastructure","authors":"Feng Cao, S. Malik","doi":"10.1109/SECCMW.2005.1588311","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588311","url":null,"abstract":"Voice over IP (VoIP) is being adopted to replace the traditional circuit switched infrastructure for telephony services. This trend has an enormous impact on the critical infrastructure sectors which will progressively become more dependent in part or as a whole on VoIP services. Phone communications and its security is a relevant concern for most critical infrastructure sector organizations today. With passage of time this concern will morph into a new set of challenges and opportunities brought forward by the deployment of VoIP in these organizations. This study attempts to outline the potential security issues faced by the critical infrastructure sectors as they transform their traditional phone systems into VoIP systems. Security analysis is provided to understand the impact of VoIP security challenges in the new convergent network paradigm. Some recommendations are made on how to address many issues of VoIP security along the process of adopting IP telephony into critical infrastructure.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128537262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588289
M. T. Pereira
In this paper we report a police operation referring to the leakage of classified information by e-mail, supposedly from inside a federal institution to a company under scrutiny by that institution, describing the investigations from the expert point of view.
{"title":"Leakage of classified information by e-mail: a case study","authors":"M. T. Pereira","doi":"10.1109/SECCMW.2005.1588289","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588289","url":null,"abstract":"In this paper we report a police operation referring to the leakage of classified information by e-mail, supposedly from inside a federal institution to a company under scrutiny by that institution, describing the investigations from the expert point of view.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125927297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588301
P. Robinson
As computer and information systems are now more ubiquitous than humans, so too are the computer-to- computer threats to security and sabotage as compared to purely human-to-human. In everyday life we rely and maintain strong relationships in order to have better guarantees about personal security, as well as to be informed about potentially bad choices for relationships. This paper proposes some logical reasoning, architecture and protocols for providing similar cooperative security infrastructure for ubiquitous computer and information systems.
{"title":"Towards ubiquitous cooperative security","authors":"P. Robinson","doi":"10.1109/SECCMW.2005.1588301","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588301","url":null,"abstract":"As computer and information systems are now more ubiquitous than humans, so too are the computer-to- computer threats to security and sabotage as compared to purely human-to-human. In everyday life we rely and maintain strong relationships in order to have better guarantees about personal security, as well as to be informed about potentially bad choices for relationships. This paper proposes some logical reasoning, architecture and protocols for providing similar cooperative security infrastructure for ubiquitous computer and information systems.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131244190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: