This paper presents a secure and lightweight protocol for reliable data transfer through moderate bandwidth covert channels. Though data transfer through covert channels is not unprecedented, existing covert channels have been restricted to covert transmission of only small amounts of data. This paper demonstrates that it is possible to transmit large amounts of data covertly with sophisticated support such as security and reliability. The proposed protocol exploits ICMP echo request as covert medium, and uses OS finger-printing techniques to simulate real TCP/IP stack behavior for further security enhancements.
{"title":"A Protocol for Building Secure and Reliable Covert Channel","authors":"B. Ray, Shivakant Mishra","doi":"10.1109/PST.2008.26","DOIUrl":"https://doi.org/10.1109/PST.2008.26","url":null,"abstract":"This paper presents a secure and lightweight protocol for reliable data transfer through moderate bandwidth covert channels. Though data transfer through covert channels is not unprecedented, existing covert channels have been restricted to covert transmission of only small amounts of data. This paper demonstrates that it is possible to transmit large amounts of data covertly with sophisticated support such as security and reliability. The proposed protocol exploits ICMP echo request as covert medium, and uses OS finger-printing techniques to simulate real TCP/IP stack behavior for further security enhancements.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128537139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. S. D. Selvi, S. Vivek, Naga Naresh Karuturi, R. Gopalakrishnan, C. Rangan
Broadcast signcryption enables the broadcaster to simultaneously encrypt and sign the content meant for a specific set of users in a single logical step. It provides a very efficient solution to the dual problem of achieving confidentiality and authentication during content distribution. Among other alternatives, ID-based schemes are arguably the best suited for its implementation in wireless ad-hoc networks because of the unique advantage that they provide - any unique, publicly available parameter of a user can be his public key, which eliminates the need for a complex public key infrastructure. In 2004, Bohio et al. proposed an ID-based broadcast signcryption (IBBSC) scheme which achieves constant ciphertext size. They claim that their scheme provides both message authentication and confidentiality, but do not give formal proofs. In this paper, we demonstrate how a legitimate user of the scheme can forge a valid signcrypted ciphertext, as if generated by the broadcaster. Moreover, we show that their scheme is not IND-CCA secure. Following this, we propose a fix for Bohio et al.'s scheme, and formally prove its security under the strongest existing security models for broadcast signcryption (IND-CCA2 and EUF-CMA). While fixing the scheme, we also improve its efficiency by reducing the ciphertext size to two elements compared to three.
{"title":"Cryptanalysis of Bohio et al.'s ID-Based Broadcast Signcryption (IBBSC) Scheme for Wireless Ad-Hoc Networks","authors":"S. S. D. Selvi, S. Vivek, Naga Naresh Karuturi, R. Gopalakrishnan, C. Rangan","doi":"10.1109/PST.2008.29","DOIUrl":"https://doi.org/10.1109/PST.2008.29","url":null,"abstract":"Broadcast signcryption enables the broadcaster to simultaneously encrypt and sign the content meant for a specific set of users in a single logical step. It provides a very efficient solution to the dual problem of achieving confidentiality and authentication during content distribution. Among other alternatives, ID-based schemes are arguably the best suited for its implementation in wireless ad-hoc networks because of the unique advantage that they provide - any unique, publicly available parameter of a user can be his public key, which eliminates the need for a complex public key infrastructure. In 2004, Bohio et al. proposed an ID-based broadcast signcryption (IBBSC) scheme which achieves constant ciphertext size. They claim that their scheme provides both message authentication and confidentiality, but do not give formal proofs. In this paper, we demonstrate how a legitimate user of the scheme can forge a valid signcrypted ciphertext, as if generated by the broadcaster. Moreover, we show that their scheme is not IND-CCA secure. Following this, we propose a fix for Bohio et al.'s scheme, and formally prove its security under the strongest existing security models for broadcast signcryption (IND-CCA2 and EUF-CMA). While fixing the scheme, we also improve its efficiency by reducing the ciphertext size to two elements compared to three.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133889932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a personal data access control (PDAC) scheme inspired by protection schemes used in communities for sharing valuable commodities. We assume PDAC users are members of an online social network such as facebook.com. PDAC computes a ldquotrusted distancerdquo measure between users that is composed of the hop distance on the social network and an affine distance derived from experiential data. The trusted distance classifies users into three zones: acceptance, attestation, and rejection. User requests falling in the acceptance zone are accepted immediately while the requests in the rejection zone are rejected outright. Requests in the attestation zone need additional authorization to gain access. PDAC also tracks reposts to minimize the spread of data beyond the limits set by the data originator. PDAC was implemented on a social network emulator to demonstrate its viability. The performance of certain PDAC functions were examined using simulations driven by portions of social graphs obtained from myspace.com.
{"title":"An Access Control Scheme for Protecting Personal Data","authors":"Wilfred Villegas, B. Ali, Muthucumaru Maheswaran","doi":"10.1109/PST.2008.14","DOIUrl":"https://doi.org/10.1109/PST.2008.14","url":null,"abstract":"We present a personal data access control (PDAC) scheme inspired by protection schemes used in communities for sharing valuable commodities. We assume PDAC users are members of an online social network such as facebook.com. PDAC computes a ldquotrusted distancerdquo measure between users that is composed of the hop distance on the social network and an affine distance derived from experiential data. The trusted distance classifies users into three zones: acceptance, attestation, and rejection. User requests falling in the acceptance zone are accepted immediately while the requests in the rejection zone are rejected outright. Requests in the attestation zone need additional authorization to gain access. PDAC also tracks reposts to minimize the spread of data beyond the limits set by the data originator. PDAC was implemented on a social network emulator to demonstrate its viability. The performance of certain PDAC functions were examined using simulations driven by portions of social graphs obtained from myspace.com.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"365 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121408322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Makanju, Stephen Brooks, A. N. Zincir-Heywood, E. Milios
Event logs or log files form an essential part of any network management and administration setup. While log files are invaluable to a network administrator, the vast amount of data they sometimes contain can be overwhelming and can sometimes hinder rather than facilitate the tasks of a network administrator. For this reason several event clustering algorithms for log files have been proposed, one of which is the event clustering algorithm proposed by Risto Vaarandi, on which his simple log file clustering tool (SLCT) is based. The aim of this work is to develop a visualization tool that can be used to view log files based on the clusters produced by SLCT. The proposed visualization tool, which is called LogView, utilizes treemaps to visualize the hierarchical structure of the clusters produced by SLCT. Our results based on different application log files show that LogView can ease the summarization of vast amount of data contained in the log files. This in turn can help to speed up the analysis of event data in order to detect any security issues on a given application.
{"title":"LogView: Visualizing Event Log Clusters","authors":"A. Makanju, Stephen Brooks, A. N. Zincir-Heywood, E. Milios","doi":"10.1109/PST.2008.17","DOIUrl":"https://doi.org/10.1109/PST.2008.17","url":null,"abstract":"Event logs or log files form an essential part of any network management and administration setup. While log files are invaluable to a network administrator, the vast amount of data they sometimes contain can be overwhelming and can sometimes hinder rather than facilitate the tasks of a network administrator. For this reason several event clustering algorithms for log files have been proposed, one of which is the event clustering algorithm proposed by Risto Vaarandi, on which his simple log file clustering tool (SLCT) is based. The aim of this work is to develop a visualization tool that can be used to view log files based on the clusters produced by SLCT. The proposed visualization tool, which is called LogView, utilizes treemaps to visualize the hierarchical structure of the clusters produced by SLCT. Our results based on different application log files show that LogView can ease the summarization of vast amount of data contained in the log files. This in turn can help to speed up the analysis of event data in order to detect any security issues on a given application.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"176 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115268513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The basic objective of this work is to compare the utility of an expert driven system and a data driven system for classifying encrypted network traffic, specifically SSH traffic from traffic log files. Pre-processing is applied to the traffic data to represent as traffic flows. Results show that the data driven system approach outperforms the expert driven system approach in terms of high detection and low false positive rates.
{"title":"Investigating Two Different Approaches for Encrypted Traffic Classification","authors":"Riyad Alshammari, A. Zincir-Heywood","doi":"10.1109/PST.2008.15","DOIUrl":"https://doi.org/10.1109/PST.2008.15","url":null,"abstract":"The basic objective of this work is to compare the utility of an expert driven system and a data driven system for classifying encrypted network traffic, specifically SSH traffic from traffic log files. Pre-processing is applied to the traffic data to represent as traffic flows. Results show that the data driven system approach outperforms the expert driven system approach in terms of high detection and low false positive rates.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122674322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Intrusive Web advertising such as pop-ups and animated layer ads, which distract the user from reading or navigating through the main content of Web pages, is being perceived as annoying by an increasing number of users. As a response to the growing amount of extraneous content on today's Web and due to the lack of regulations imposed on abusive advertisers the author discusses the pros and cons of ad blocking, explores the different types of Web advertisements currently available and presents Quero, a novel Web browser-based content filter which implements a rule-based classifier that exploits, for example, hints present in the URL in order to classify objects as ads. Additionally, the author conducts a Web study to characterize online ads and measure the effectiveness of his solution against a manual classification. As a result, it is shown that a surprisingly small number of rules is sufficient to block almost all ads on the Web.
{"title":"An Effective Defense against Intrusive Web Advertising","authors":"V. Krammer","doi":"10.1109/PST.2008.10","DOIUrl":"https://doi.org/10.1109/PST.2008.10","url":null,"abstract":"Intrusive Web advertising such as pop-ups and animated layer ads, which distract the user from reading or navigating through the main content of Web pages, is being perceived as annoying by an increasing number of users. As a response to the growing amount of extraneous content on today's Web and due to the lack of regulations imposed on abusive advertisers the author discusses the pros and cons of ad blocking, explores the different types of Web advertisements currently available and presents Quero, a novel Web browser-based content filter which implements a rule-based classifier that exploits, for example, hints present in the URL in order to classify objects as ads. Additionally, the author conducts a Web study to characterize online ads and measure the effectiveness of his solution against a manual classification. As a result, it is shown that a surprisingly small number of rules is sufficient to block almost all ads on the Web.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129037102","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michal Sramka, R. Safavi-Naini, J. Denzinger, Mina Askari, Jie Gao
Knowledge discovery systems extract knowledge from data that can be used for making prediction about incomplete data items. Utility is a measure of the usefulness of the discovered knowledge and satisfaction of the user with that knowledge. We motivate and address the question of usefulness of sanitized data using the notion of utility in data mining systems. For this we measure the success of patterns and rules discovered from the original data to make predictions about the sanitized data using a previously developed framework. Using experimental results on a set of medical data we demonstrate that it is possible to make useful predictions about the sanitized medical data when rules discovered from the original unsanitized medical data are used. We explain our results and compare it with the case where no sanitization is involved.
{"title":"Utility of Knowledge Extracted from Unsanitized Data when Applied to Sanitized Data","authors":"Michal Sramka, R. Safavi-Naini, J. Denzinger, Mina Askari, Jie Gao","doi":"10.1109/PST.2008.30","DOIUrl":"https://doi.org/10.1109/PST.2008.30","url":null,"abstract":"Knowledge discovery systems extract knowledge from data that can be used for making prediction about incomplete data items. Utility is a measure of the usefulness of the discovered knowledge and satisfaction of the user with that knowledge. We motivate and address the question of usefulness of sanitized data using the notion of utility in data mining systems. For this we measure the success of patterns and rules discovered from the original data to make predictions about the sanitized data using a previously developed framework. Using experimental results on a set of medical data we demonstrate that it is possible to make useful predictions about the sanitized medical data when rules discovered from the original unsanitized medical data are used. We explain our results and compare it with the case where no sanitization is involved.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126137624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jani Suomalainen, Seamus Moloney, J. Koivisto, Kari Keinänen
A large amount of versatile services are emerging as home networks and devices are opened for different manufacturers and service developers. With this complexity comes a need to make these services more personalized and secure. However, at the same time, the home network should be easy to manage for non-expert users. In this paper, we propose OpenHouse, a TLS based distributed security architecture for use in home networks. We have adopted a fine-grained role and domain based authorization model and studied how the configuration burden for end users can be minimized by classifying services in a security relevant manner and providing homes with default security policies. We evaluated the feasibility of the proposal by implementing a secured UPnP based platform on Nokia N800 Internet tablet and Gumstix low-end Linux devices. We report the implications the approach has for developers and for end user experience as well as the challenges it still faces.
{"title":"OpenHouse: A Secure Platform for Distributed Home Services","authors":"Jani Suomalainen, Seamus Moloney, J. Koivisto, Kari Keinänen","doi":"10.1109/PST.2008.11","DOIUrl":"https://doi.org/10.1109/PST.2008.11","url":null,"abstract":"A large amount of versatile services are emerging as home networks and devices are opened for different manufacturers and service developers. With this complexity comes a need to make these services more personalized and secure. However, at the same time, the home network should be easy to manage for non-expert users. In this paper, we propose OpenHouse, a TLS based distributed security architecture for use in home networks. We have adopted a fine-grained role and domain based authorization model and studied how the configuration burden for end users can be minimized by classifying services in a security relevant manner and providing homes with default security policies. We evaluated the feasibility of the proposal by implementing a secured UPnP based platform on Nokia N800 Internet tablet and Gumstix low-end Linux devices. We report the implications the approach has for developers and for end user experience as well as the challenges it still faces.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132021434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
How to trust without knowing the truth? This is probably the key question that arises while designing applications using virtual tags. A virtual tag is a geo-referenced note that is visible for all the people that are in a specific place. But what if you see a tag about an event or an object that is not here? How to know if you are facing a spam attack, or if the tag is simply outdated? And, how to update the trust values of the author and the other people that confirmed the tag, since you do not know if they are honest? To answer these questions, we designed and implemented FoxyTag, a free and collaborative system which consist in posting virtual tags over speed cameras in order to warn the other drivers. We used it to test our new generic trust engine and got very promising results.
{"title":"The Uncertainty of the Truth","authors":"Michel Deriaz","doi":"10.1109/PST.2008.13","DOIUrl":"https://doi.org/10.1109/PST.2008.13","url":null,"abstract":"How to trust without knowing the truth? This is probably the key question that arises while designing applications using virtual tags. A virtual tag is a geo-referenced note that is visible for all the people that are in a specific place. But what if you see a tag about an event or an object that is not here? How to know if you are facing a spam attack, or if the tag is simply outdated? And, how to update the trust values of the author and the other people that confirmed the tag, since you do not know if they are honest? To answer these questions, we designed and implemented FoxyTag, a free and collaborative system which consist in posting virtual tags over speed cameras in order to warn the other drivers. We used it to test our new generic trust engine and got very promising results.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115742312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The particularly acute problem in privacy protection is to provide such a protection beyond the original disclosure of personal information. There, the need for privacy is strongly related to the confidence in the goodwill of the party that receives such information. In the absence of such a confidence, the disclosure should be limited. However, putting excessive constrains on the disclosure itself can have a damaging effect on the relationship. In order to minimize the potential damage, limitations to the extent of a disclosure should be deployed sparsely, with its strength and direction adjusted to the extent of actual lack of confidence. This paper proposes the flexible strategy for privacy protection that takes into account the lack of perceived confidence. The strategy determines three orthogonal dimensions that can be used to classify various privacy-enhancing tools and links those dimensions with individualpsilas structure of beliefs regarding confidence. This allows to provide the simple decision-making tools that allows to determine the best minimum privacy protection for a given case.
{"title":"Confidence-Compensating Privacy Protection","authors":"P. Cofta","doi":"10.1109/PST.2008.9","DOIUrl":"https://doi.org/10.1109/PST.2008.9","url":null,"abstract":"The particularly acute problem in privacy protection is to provide such a protection beyond the original disclosure of personal information. There, the need for privacy is strongly related to the confidence in the goodwill of the party that receives such information. In the absence of such a confidence, the disclosure should be limited. However, putting excessive constrains on the disclosure itself can have a damaging effect on the relationship. In order to minimize the potential damage, limitations to the extent of a disclosure should be deployed sparsely, with its strength and direction adjusted to the extent of actual lack of confidence. This paper proposes the flexible strategy for privacy protection that takes into account the lack of perceived confidence. The strategy determines three orthogonal dimensions that can be used to classify various privacy-enhancing tools and links those dimensions with individualpsilas structure of beliefs regarding confidence. This allows to provide the simple decision-making tools that allows to determine the best minimum privacy protection for a given case.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125162539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: