Reputation systems aim to reduce the risk of loss due to untrustworthy peers. This loss is aggravated by dishonest recommenders trying to pollute the recommendation network. The objective of an honesty checking mechanism is to detect dishonest recommenders. Existing honesty checking mechanisms assume that contradicting recommendations are due to the dishonesty of the recommenders. However, such difference may be also due to the behavior change of the target peer. This paper shows the effect of such behavior change on the performance of existing honesty checking mechanisms. To the best of our knowledge, this is the first attempt at linking the behavior change to honesty checking.
{"title":"The Effect of Behavior Change on Honesty Checking in Peer-to-Peer Systems","authors":"Farag Azzedin, Ahmad Ridha","doi":"10.1109/PST.2008.34","DOIUrl":"https://doi.org/10.1109/PST.2008.34","url":null,"abstract":"Reputation systems aim to reduce the risk of loss due to untrustworthy peers. This loss is aggravated by dishonest recommenders trying to pollute the recommendation network. The objective of an honesty checking mechanism is to detect dishonest recommenders. Existing honesty checking mechanisms assume that contradicting recommendations are due to the dishonesty of the recommenders. However, such difference may be also due to the behavior change of the target peer. This paper shows the effect of such behavior change on the performance of existing honesty checking mechanisms. To the best of our knowledge, this is the first attempt at linking the behavior change to honesty checking.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131719661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce multiple-control fuzzy vaults allowing generalized threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences between their vault and secret sharing schemes which influence how best to obtain working generalizations. We design multiple-control fuzzy vaults suggesting applications using biometric credentials as locking and unlocking values. Furthermore we assess the security of our obtained generalizations for insider/ outsider attacks and examine the access-complexity for legitimate vault owners.
{"title":"A Multiple-Control Fuzzy Vault","authors":"Marianne Hirschbichler, C. Boyd, W. Boles","doi":"10.1109/PST.2008.23","DOIUrl":"https://doi.org/10.1109/PST.2008.23","url":null,"abstract":"We introduce multiple-control fuzzy vaults allowing generalized threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences between their vault and secret sharing schemes which influence how best to obtain working generalizations. We design multiple-control fuzzy vaults suggesting applications using biometric credentials as locking and unlocking values. Furthermore we assess the security of our obtained generalizations for insider/ outsider attacks and examine the access-complexity for legitimate vault owners.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"18 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131437536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attackerpsilas goals. If such an attack can be found, it implies that the target detector is vulnerable against mimicry attacks. In this work, we emphasize that there are two components of a buffer overflow attack: the preamble and the exploit. Although the attacker can modify the exploit component easily, the attacker may not be able to prevent preamble from generating anomalous behavior since during preamble stage, the attacker does not have full control. Previous work on mimicry attacks considered an attack to completely evade detection, if the exploit raises no alarms. On the other hand, in this work, we investigate the source of anomalies in both the preamble and the exploit components against two anomaly detectors that monitor four vulnerable UNIX applications. Our experiment results show that preamble can be a source of anomalies, particularly if it is lengthy and anomalous.
{"title":"Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?","authors":"H. G. Kayacik, A. N. Zincir-Heywood","doi":"10.1109/PST.2008.25","DOIUrl":"https://doi.org/10.1109/PST.2008.25","url":null,"abstract":"Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attackerpsilas goals. If such an attack can be found, it implies that the target detector is vulnerable against mimicry attacks. In this work, we emphasize that there are two components of a buffer overflow attack: the preamble and the exploit. Although the attacker can modify the exploit component easily, the attacker may not be able to prevent preamble from generating anomalous behavior since during preamble stage, the attacker does not have full control. Previous work on mimicry attacks considered an attack to completely evade detection, if the exploit raises no alarms. On the other hand, in this work, we investigate the source of anomalies in both the preamble and the exploit components against two anomaly detectors that monitor four vulnerable UNIX applications. Our experiment results show that preamble can be a source of anomalies, particularly if it is lengthy and anomalous.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133537948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to Internet and ad hoc communication.
{"title":"Unlinkable Communication","authors":"Volker Fusenig, Eugen Staab, U. Sorger, T. Engel","doi":"10.1109/PST.2008.8","DOIUrl":"https://doi.org/10.1109/PST.2008.8","url":null,"abstract":"In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to Internet and ad hoc communication.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115613082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Financial services institutions (FSIs) around the globe know they must proactively work toward protecting customer data and thwarting emerging security threats. Deloitte Touche Tohmatsu (DTT), an international firm that provides audit, consulting, and financial advisory services has used its networks and reach to investigate security and privacy issues in FSIs around the world. DTTpsilas first survey appeared in 2003 and four others have followed since then. This present article draws from last survey. Given that the literature has shown that socio-economic and cultural factors are important considerations for organizations when accepting innovations and new practices. This study was designed to provide a layer of understanding not seen in the DTTpsilas study by examining whether socio-economic and cultural indicators matter in how IT security and privacy issues are being perceived in global FSIs. Two relevant hypotheses were developed to test our assertions. The main finding of the study was that such contextual factors may not be sufficient in differentiating how global FISs view or respond to key IT security and privacy issues. However, our study found one item related to security awareness training for FISspsila employees to vary significantly across the surveyed regions when the gross domestic product (GDP per capita) variable was used in the analysis. It is hoped that our studypsilas findings and conclusion will be beneficial to practitioners and researchers.
{"title":"IT Security and Privacy Issues in Global Financial Services Institutions: Do Socio-Economic and Cultural Factors Matter?","authors":"P. Ifinedo","doi":"10.1109/PST.2008.24","DOIUrl":"https://doi.org/10.1109/PST.2008.24","url":null,"abstract":"Financial services institutions (FSIs) around the globe know they must proactively work toward protecting customer data and thwarting emerging security threats. Deloitte Touche Tohmatsu (DTT), an international firm that provides audit, consulting, and financial advisory services has used its networks and reach to investigate security and privacy issues in FSIs around the world. DTTpsilas first survey appeared in 2003 and four others have followed since then. This present article draws from last survey. Given that the literature has shown that socio-economic and cultural factors are important considerations for organizations when accepting innovations and new practices. This study was designed to provide a layer of understanding not seen in the DTTpsilas study by examining whether socio-economic and cultural indicators matter in how IT security and privacy issues are being perceived in global FSIs. Two relevant hypotheses were developed to test our assertions. The main finding of the study was that such contextual factors may not be sufficient in differentiating how global FISs view or respond to key IT security and privacy issues. However, our study found one item related to security awareness training for FISspsila employees to vary significantly across the surveyed regions when the gross domestic product (GDP per capita) variable was used in the analysis. It is hoped that our studypsilas findings and conclusion will be beneficial to practitioners and researchers.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122559838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi
In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.
{"title":"Model-Checking for Software Vulnerabilities Detection with Multi-Language Support","authors":"Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi","doi":"10.1109/PST.2008.21","DOIUrl":"https://doi.org/10.1109/PST.2008.21","url":null,"abstract":"In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116449154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The unfair rating problem exists when a buying agent models the trustworthiness of selling agents by also relying on ratings of the sellers from other buyers. Different probabilistic approaches have been proposed to cope with this issue. In this paper, we first summarize these approaches and provide a detailed categorization of them. This includes our own "personalized" approach for addressing this problem. Based on the implication of such analysis, we then focus on experimental comparison of our approach with two key models in a framework that simulates a dynamic electronic marketplace environment. We specifically examine different scenarios, including ones where the majority of buyers are dishonest, buyers lack personal experience with sellers, sellers may vary their behavior, and buyers may provide a large number of ratings. Our study provides the basis for deciding which approach is most appropriate to employ, in which scenario.
{"title":"A Detailed Comparison of Probabilistic Approaches for Coping with Unfair Ratings in Trust and Reputation Systems","authors":"Jie Zhang, M. Sensoy, R. Cohen","doi":"10.1109/PST.2008.16","DOIUrl":"https://doi.org/10.1109/PST.2008.16","url":null,"abstract":"The unfair rating problem exists when a buying agent models the trustworthiness of selling agents by also relying on ratings of the sellers from other buyers. Different probabilistic approaches have been proposed to cope with this issue. In this paper, we first summarize these approaches and provide a detailed categorization of them. This includes our own \"personalized\" approach for addressing this problem. Based on the implication of such analysis, we then focus on experimental comparison of our approach with two key models in a framework that simulates a dynamic electronic marketplace environment. We specifically examine different scenarios, including ones where the majority of buyers are dishonest, buyers lack personal experience with sellers, sellers may vary their behavior, and buyers may provide a large number of ratings. Our study provides the basis for deciding which approach is most appropriate to employ, in which scenario.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130933520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a secure and lightweight protocol for reliable data transfer through moderate bandwidth covert channels. Though data transfer through covert channels is not unprecedented, existing covert channels have been restricted to covert transmission of only small amounts of data. This paper demonstrates that it is possible to transmit large amounts of data covertly with sophisticated support such as security and reliability. The proposed protocol exploits ICMP echo request as covert medium, and uses OS finger-printing techniques to simulate real TCP/IP stack behavior for further security enhancements.
{"title":"A Protocol for Building Secure and Reliable Covert Channel","authors":"B. Ray, Shivakant Mishra","doi":"10.1109/PST.2008.26","DOIUrl":"https://doi.org/10.1109/PST.2008.26","url":null,"abstract":"This paper presents a secure and lightweight protocol for reliable data transfer through moderate bandwidth covert channels. Though data transfer through covert channels is not unprecedented, existing covert channels have been restricted to covert transmission of only small amounts of data. This paper demonstrates that it is possible to transmit large amounts of data covertly with sophisticated support such as security and reliability. The proposed protocol exploits ICMP echo request as covert medium, and uses OS finger-printing techniques to simulate real TCP/IP stack behavior for further security enhancements.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128537139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. S. D. Selvi, S. Vivek, Naga Naresh Karuturi, R. Gopalakrishnan, C. Rangan
Broadcast signcryption enables the broadcaster to simultaneously encrypt and sign the content meant for a specific set of users in a single logical step. It provides a very efficient solution to the dual problem of achieving confidentiality and authentication during content distribution. Among other alternatives, ID-based schemes are arguably the best suited for its implementation in wireless ad-hoc networks because of the unique advantage that they provide - any unique, publicly available parameter of a user can be his public key, which eliminates the need for a complex public key infrastructure. In 2004, Bohio et al. proposed an ID-based broadcast signcryption (IBBSC) scheme which achieves constant ciphertext size. They claim that their scheme provides both message authentication and confidentiality, but do not give formal proofs. In this paper, we demonstrate how a legitimate user of the scheme can forge a valid signcrypted ciphertext, as if generated by the broadcaster. Moreover, we show that their scheme is not IND-CCA secure. Following this, we propose a fix for Bohio et al.'s scheme, and formally prove its security under the strongest existing security models for broadcast signcryption (IND-CCA2 and EUF-CMA). While fixing the scheme, we also improve its efficiency by reducing the ciphertext size to two elements compared to three.
{"title":"Cryptanalysis of Bohio et al.'s ID-Based Broadcast Signcryption (IBBSC) Scheme for Wireless Ad-Hoc Networks","authors":"S. S. D. Selvi, S. Vivek, Naga Naresh Karuturi, R. Gopalakrishnan, C. Rangan","doi":"10.1109/PST.2008.29","DOIUrl":"https://doi.org/10.1109/PST.2008.29","url":null,"abstract":"Broadcast signcryption enables the broadcaster to simultaneously encrypt and sign the content meant for a specific set of users in a single logical step. It provides a very efficient solution to the dual problem of achieving confidentiality and authentication during content distribution. Among other alternatives, ID-based schemes are arguably the best suited for its implementation in wireless ad-hoc networks because of the unique advantage that they provide - any unique, publicly available parameter of a user can be his public key, which eliminates the need for a complex public key infrastructure. In 2004, Bohio et al. proposed an ID-based broadcast signcryption (IBBSC) scheme which achieves constant ciphertext size. They claim that their scheme provides both message authentication and confidentiality, but do not give formal proofs. In this paper, we demonstrate how a legitimate user of the scheme can forge a valid signcrypted ciphertext, as if generated by the broadcaster. Moreover, we show that their scheme is not IND-CCA secure. Following this, we propose a fix for Bohio et al.'s scheme, and formally prove its security under the strongest existing security models for broadcast signcryption (IND-CCA2 and EUF-CMA). While fixing the scheme, we also improve its efficiency by reducing the ciphertext size to two elements compared to three.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133889932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a personal data access control (PDAC) scheme inspired by protection schemes used in communities for sharing valuable commodities. We assume PDAC users are members of an online social network such as facebook.com. PDAC computes a ldquotrusted distancerdquo measure between users that is composed of the hop distance on the social network and an affine distance derived from experiential data. The trusted distance classifies users into three zones: acceptance, attestation, and rejection. User requests falling in the acceptance zone are accepted immediately while the requests in the rejection zone are rejected outright. Requests in the attestation zone need additional authorization to gain access. PDAC also tracks reposts to minimize the spread of data beyond the limits set by the data originator. PDAC was implemented on a social network emulator to demonstrate its viability. The performance of certain PDAC functions were examined using simulations driven by portions of social graphs obtained from myspace.com.
{"title":"An Access Control Scheme for Protecting Personal Data","authors":"Wilfred Villegas, B. Ali, Muthucumaru Maheswaran","doi":"10.1109/PST.2008.14","DOIUrl":"https://doi.org/10.1109/PST.2008.14","url":null,"abstract":"We present a personal data access control (PDAC) scheme inspired by protection schemes used in communities for sharing valuable commodities. We assume PDAC users are members of an online social network such as facebook.com. PDAC computes a ldquotrusted distancerdquo measure between users that is composed of the hop distance on the social network and an affine distance derived from experiential data. The trusted distance classifies users into three zones: acceptance, attestation, and rejection. User requests falling in the acceptance zone are accepted immediately while the requests in the rejection zone are rejected outright. Requests in the attestation zone need additional authorization to gain access. PDAC also tracks reposts to minimize the spread of data beyond the limits set by the data originator. PDAC was implemented on a social network emulator to demonstrate its viability. The performance of certain PDAC functions were examined using simulations driven by portions of social graphs obtained from myspace.com.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"365 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121408322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: