E-Book, Englisch, Band 147, 563 Seiten
Reihe: IFIP Advances in Information and Communication Technology
Deswarte / Cuppens / Jajodia Security and Protection in Information Processing Systems
1. Auflage 2006
ISBN: 978-1-4020-8143-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
IFIP 18th World Computer Congress TC11 19th International Information Security Conference 22-27 August 2004 Toulouse, France
E-Book, Englisch, Band 147, 563 Seiten
Reihe: IFIP Advances in Information and Communication Technology
ISBN: 978-1-4020-8143-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Security is probably the most critical factor for the development of the "Information Society". E-government, e-commerce, e-healthcare and all other e-activities present challenging security requirements that cannot be satisfied with current technology, except maybe if the citizens accept to waive their privacy, which is unacceptable ethically and socially.
New progress is needed in security and privacy-preserving technologies. On these foundations, the IFIP/SEC conference has been established from the eighties as one of the most important forums for presenting new scientific research results as well as best professional practice to improve the security of information systems.
This balance between future technology improvements and day-to-day security management has contributed to better understanding between researchers, solution providers and practitioners, making this forum lively and fruitful. "Security and Protection in Information Processing Systems" contains the papers selected for presentation at the 19th IFIP International Conference on Information Security (SEC2004), which was held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France.
The conference was sponsored by the International Federation for Information Processing (IFIP).This volume is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.
Autoren/Hrsg.
Weitere Infos & Material
1;Contents;6
2;General Chair’s Message;10
3;Program Chair’s Message;13
4;IFIP/SEC2004 Conference Committees;14
5;An Abstract Reduction Model for Computer Security Risk;16
5.1;1. INTRODUCTION;16
5.2;2. THE RISK ANALYSIS SIGNATURE;17
5.2.1;2.1 Related work;17
5.2.2;2.2 A more general framework;18
5.3;3. THE REWRITING SYSTEM;19
5.3.1;3.1 Defining the rewriting rules;20
5.3.2;3.2 Termination and confluence of the rewriting system;22
5.4;4. TOWARDS RISK ANALYSIS ALGEBRAS;24
5.4.1;4.1 From specification to algebra;24
5.4.2;4.2 Illustrative example;25
5.5;5. SOLVING THE RISK ANALYSIS EQUATION;28
5.6;6. CONCLUSION;30
5.6.1;References;31
6;Remediation Graphs for Security Patch Management;32
6.1;1. INTRODUCTION;32
6.2;2. SECURITY PATCH MANAGEMENT: MODEL;34
6.2.1;2.1 Security Patch Management;35
6.2.2;2.2 Patch Configuration States;35
6.2.3;2.3 Patch State Consistency;36
6.2.4;2.4 Patch State Transitions;37
6.2.5;2.5 Patch Preference Relation;38
6.2.6;2.6 Remediation;38
6.3;3. SECURITY PATCH MANAGEMENT: ALGORITHMS;39
6.4;4. RELATED WORK;41
6.5;5. CONCLUSION;42
6.5.1;References;42
7;Security Modelling for Risk Analysis;44
7.1;1. INTRODUCTION;44
7.2;2. SECURITY MODEL;45
7.2.1;2.1 Security Documentation;45
7.2.2;2.2 Classification of Entities;46
7.2.3;2.3 Attributes‚ and Relationships between Entities;47
7.2.4;2.4 Developing the Model;47
7.3;3. SECURITY MODELLING;48
7.3.1;3.1 Overview;48
7.3.2;3.2 Threat Propagation;48
7.4;4. DEFENCE MEASURES;54
7.4.1;4.1 Overview;54
7.4.2;4.2 Countermeasures;54
7.4.3;4.3 Threat Countermeasure Diagrams ( TCDs);56
7.4.4;4.4 Design of Defence Systems;56
7.4.5;4.5 Defence Effectiveness;58
7.5;5. CONCLUSIONS;59
7.6;ACKNOWLEDGMENTS;59
7.7;REFERENCES;59
8;Contrasting Malicious Java Applets by Modifying the Java virtual machine;62
8.1;1. INTRODUCTION;62
8.2;2. ATTACKS AND DEFENSES;63
8.2.1;2.1 Defensive Approaches;64
8.2.2;2.2 Our Approach;67
8.3;3. THE MONITOR IMPLEMENTED IN THE JVM;67
8.3.1;3.1 General Criteria;67
8.3.2;3.2 Which problems does Limiter Contrast?;69
8.3.3;3.3 The Structure of the Original JVM;73
8.3.4;3.4 Implementation;74
8.3.5;3.5 Configuration;76
8.3.6;4. EFFECTIVENESS AND PERFORMANCE;77
8.4;5. CONCLUSIONS;78
8.4.1;References;78
9;Analyzing Network Management Effects with SPIN and cTLA;80
9.1;1. INTRODUCTION;80
9.2;2. RELATED WORK;82
9.3;3. CTLA;83
9.4;3.1 TLA;84
9.4.1;3.2 cTLA Simple Process Type;84
9.4.2;3.3 cTLA Process Composition Type;85
9.5;4. TRANSLATION TO SPIN/ PROMELA;86
9.6;5. GENERIC MODEL STRUCTURE;87
9.7;6. EXAMPLE SYSTEM;90
9.8;7. ANALYSIS;92
9.8.1;7.1 Example System Optimizations;92
9.8.2;7.2 Checking Assertions & Analyzing Trails;93
9.9;8. CONCLUDING REMARKS;95
9.10;REFERENCES;95
10;Formal Reasoning of Various Categories of Widely Exploited Security Vulnerabilities by Pointer Taintedness Semantics;98
10.1;1. INTRODUCTION;99
10.2;2. RELATED WORK;100
10.3;3. POINTER TAINTEDNESS EXAMPLES;101
10.4;4. SEMANTICS FOR POINTER TAINTEDNESS;103
10.5;5. FORMAL REASONING ON POINTER TAINTEDNESS VIOLATIONS;106
10.5.1;5.1 Analysis of strcpy();106
10.5.2;5.2 Analysis of Free();108
10.5.3;5.3 Analysis of Printf();109
10.6;6. EXAMPLES ILLUSTRATING VIOLATIONS OF LIBRARY FUNCTIONS’ PRECONDITIONS;110
10.6.1;6.1 Example of strcpy() violation – condition 3;110
10.6.2;6.2 Example of strcpy() violation – condition 2;111
10.6.3;6.3 Example of free() violation – condition 2;112
10.7;7. CONCLUSIONS AND FUTURE DIRECTIONS;113
10.8;ACKNOWLEDGMENTS;114
10.9;REFERENCES;114
11;Meeting the Global Challenges of Security Incident Response;116
11.1;1 INTRODUCTION;116
11.2;2 CURRENT STATE: SECURITY INCIDENT RESPONSE CAPABILITIES;117
11.3;3 FUTURE GLOBAL THREATS AND CHALLENGES;119
11.4;4 ADEQUACIES OF LEGISLATIONS & REGULATIONS;121
11.5;5 ORGANIZATIONAL DEFICIENCIES;124
11.6;6 TECHNICAL EXPERTISE;125
11.7;7 EDUCATION, RESEARCH, ADVANCED TRAINING AND INFORMATION RESOURCES;126
11.8;8 PREPARATORY REQUIREMENTS;128
11.9;9 CONCLUSION;129
11.10;10 ACKNOWLEDGEMENTS;130
11.10.1;REFERENCES;130
12;Security in Globally Distributed Industrial Information Systems;134
12.1;1. INTRODUCTION;134
12.2;2. ASSETS AND THREATS IN A GDIIS;135
12.2.1;Confidentiality;136
12.2.2;Integrity;136
12.2.3;Availability;136
12.3;3. SECURITY MECHANISMS;137
12.3.1;General security guidelines;137
12.3.2;Authentication and authorization;137
12.3.3;Intrusion detection;138
12.3.4;Encryption;138
12.4;4. THREE SECURITY ARCHITECTURES FOR THE GDIIS;139
12.4.1;Centralized connections;139
12.4.2;Layered architecture;141
12.4.3;Integration of centralized and layered architecture;145
12.5;5. DISCUSSION;147
12.6;6. CONCLUSIONS;148
12.7;Acknowledgments;149
12.8;References;149
13;A Case For Information Ownership in ERP Systems;150
13.1;1. INTRODUCTION;150
13.2;2. STUDY RESULTS;151
13.3;3. THE CENTRALIZED APPROACH TO SECURITY;152
13.3.1;3.1 Error- prone configuration of the security subsystem;152
13.3.2;3.2 Time consuming and costly configuration of the security subsystem;153
13.3.3;3.3 Lack of change management and documentation support;154
13.4;4. DECENTRALIZING THE APPROACH TO SECURITY;155
13.4.1;4.1 Dealing with complexity;156
13.4.2;4.2 Improving responsibility and accountability;158
13.4.3;4.3 Moving towards information ownership;159
13.4.4;4.4 Decentralizing without the need for more technical knowledge;159
13.5;5. INFORMATION OWNERSHIP;159
13.5.1;5.1 Supporting information ownership;160
13.5.2;5.2 Validating information owners;161
13.5.3;5.3 Shared responsibility;162
13.6;6. INFORMATION OWNERSHIP;163
13.7;7. ERP SYSTEM SUPPORT FOR INFORMATION OWNERSHIP;163
13.7.1;7.1 Corporate governance in support of information ownership;163
13.8;8. CONCLUSION;164
13.9;REFERENCES;164
14;Interactive Access Control for Web Services;166
14.1;1. INTRODUCTION;166
14.2;2. SYSTEM ARCHITECTURE;168
14.3;3. THE FORMAL FRAMEWORK;169
14.4;4. LOGIC PROGRAMMING BACKGROUND;170
14.5;5. THE LOGICAL MODEL;173
14.6;6. REASONING;176
14.7;7. IMPLEMENTATION OF THE LOGICAL MODEL;178
14.8;8. STATEFUL BUSINESS PROCESSES;179
14.9;9. CONCLUSIONS;180
14.9.1;References;180
15;Identity-based Key Infrastructures (IKI);182
15.1;INTRODUCTION;182
15.2;1. BACKGROUND AND NOTATION;184
15.3;2. THE NEED FOR A BASIC IDENTITY - BASED KEY INFRASTRUCTURE;184
15.4;3. THE IMPACT OF REVOCATION AND NON- UNIQUENESS OF THE NATURAL ID;188
15.5;4. CONCLUSION;189
15.6;Acknowledgments;190
15.7;Notes;190
15.8;References;190
16;ModInt: Compact Modular Arithmatic Class Library Available on Cellular Phone and its Application to Secure Electronic;192
16.1;1. INTRODUCTION;192
16.2;2. PRELIMINARY;196
16.2.1;2.1 Homomorphic Encryption Scheme;196
16.2.2;2.2 Proof of Knowledge;197
16.2.3;2.3 Oblivious LFSR Protocol;198
16.3;3. IMPLEMENTATION ON CELLULAR PHONES;199
16.3.1;3.1 System Design;199
16.3.2;3.2 ModInt class;199
16.4;4. EVALUATION;201
16.4.1;4.1 Performance in the J2ME Emulator;201
16.4.2;4.2 Performance in the Docomo D503is;202
16.4.3;4.3 Pre- computation to Reduce Processing Time;202
16.4.4;4.4 Scalability of the Proposed System;204
16.4.5;4.5 Comparison to the Conventional System [ 1];205
16.4.6;4.6 Performance of the ModInt Library;206
16.5;5. CONCLUSION;206
16.5.1;References;207
17;Dependable Security by Twisted Secret Sharing;208
17.1;1. INTRODUCTION;208
17.2;2. OTHER WORKS;209
17.3;3. TWISTED SECRET SHARING;211
17.3.1;3.1 The guiding case;211
17.3.2;3.2 An analogy: the sick old father;213
17.4;4. THE PROPOSAL;215
17.4.1;4.1 The pattern;216
17.4.2;4.2 The algorithm in pseudo code;217
17.5;5. DISCUSSION;219
17.5.1;REFERENCES;220
18;A Language Driven IDS for Event and Alert Correlation;224
18.1;1. INTRODUCTION;224
18.2;2. THE ADeLe LANGUAGE;225
18.2.1;2.1 Introduction;225
18.2.2;2.2 Filtered Events;226
18.2.3;2.3 Correlation Operators;227
18.2.4;2.4 Conclusion on ADeLe;230
18.3;3. AN INTRUSION DETECTION SYSTEM;230
18.3.1;3.1 IDS Architecture;230
18.3.2;3.2 Events and Alerts correlation using finite state automata;231
18.3.3;3.3 Automaton merge;232
18.3.4;3.4 Plan recognition;232
18.3.5;3.5 Partial Plan Deletion;234
18.4;4. IDS TEST;234
18.4.1;4.1 IDS behaviour test;235
18.4.2;4.2 Advanced Tests;235
18.5;5. RELATED WORK;237
18.6;6. CONCLUSION;238
18.6.1;References;238
19;Install-time Vaccination of Windows Executables to Defend;240
19.1;1. INTRODUCTION;240
19.1.1;1.1 Background;240
19.1.2;1.2 Classification of Anti- Stack- Smashing Techniques;241
19.1.3;1.3 Contributions;242
19.2;2. SOLUTION ARCHITECTURE;243
19.2.1;2.1 Design Choices;243
19.2.2;2.2 The Basic Method;243
19.2.3;2.3 Disassembly;244
19.2.4;2.4 Function Discovery;244
19.2.5;2.5 Function Analysis and Classification;244
19.3;3. INSTRUMENTING A SIMPLE WIN32 APPLICATION;245
19.4;4. INSTRUMENTING A DLL;246
19.5;5. INSTRUMENTING A MULTI-THREADED APPLICATION;247
19.6;6. INSTRUMENTING DLLS USED BY MULTITHREADED APPLICATIONS;249
19.7;7. EVALUATION;251
19.7.1;7.1 Performance;251
19.7.2;7.2 Limitations of the approach;252
19.8;8. ALTERNATIVE APPROACHES AND TOOLS;252
19.9;9. CONCLUSIONS;254
20;Eigenconnections to Intrusion Detection;256
20.1;1. Introduction;256
20.2;2. Description of KDD 99 intrusion detection datasets;259
20.3;3. Nearest neighbor and decision trees;260
20.3.1;3.1 Nearest Neighbor NN;260
20.3.2;3.2 Decision trees;261
20.4;4. Eigenconnection approach;263
20.4.1;4.1 Calculating the eigenconnections;264
20.5;5. Experimental methodology and results;265
20.5.1;5.1 Nearest neighbor with/ without PCA;266
20.5.2;5.2 Decision trees with/ without PCA;267
20.6;6. Conclusion;270
20.7;Acknowledgements;271
20.7.1;References;272
21;Visualising Intrusions: Watching the Webserver;274
21.1;1. INTRODUCTION;274
21.2;2. THE EXPERIMENTAL SYSTEM;275
21.3;3. THE LOG REDUCTION SCHEME;275
21.4;4. VISUALISING THE LOWEST SCORING REQUESTS;277
21.5;5. DETAILED ANALYSIS OF THE FEATURES FOUND;280
21.6;6. EFFECTIVENESS OF THE LOG REDUCTION SCHEME;283
21.7;7. DISCUSSION;285
21.8;8. FUTURE WORK;286
21.9;9. RELATED WORK;287
21.10;10. CONCLUSIONS;288
21.10.1;References;289
22;A Long-term Trial of Keystroke Profiling using Digraph, Trigraph and Keyword Latencies;290
22.1;1. INTRODUCTION;290
22.2;2. CAPTURING KEYSTROKE DATA IN WINDOWS;291
22.3;3. EXPERIMENTAL PROCEDURE;293
22.4;4. STATISTICAL ANALYSIS;295
22.5;5. DISCUSSION;301
22.6;6. CONCLUSIONS;303
22.7;7. ACKNOWLEDGMENTS;304
22.7.1;8. REFERENCES;304
23;Trusted Computing, Trusted Third Parties, and Verified Communications;306
23.1;1. INTRODUCTION;306
23.2;2. NEW TRUSTED THIRD PARTIES?;307
23.2.1;2.1 The new third party;307
23.2.2;2.2 Applications;308
23.2.3;2.3 Limits on trust;309
23.3;3. ASSUMPTIONS;310
23.4;4. VERIFIED COMMUNICATIONS WITH AN SCB;311
23.4.1;4.1 Checking inputs;311
23.4.2;4.2 Using an SCB;313
23.5;5. EXAMPLES;314
23.5.1;5.1 Typechecking;314
23.5.2;5.2 Proof checking;316
23.5.3;5.3 Certificate checking;317
23.5.4;5.4 Virus confinement and communications censorship?;318
23.6;6. ASSESSMENT;318
23.7;7. AN EXAMPLE, STEP BY STEP;319
23.8;8. EXTENSIONS;321
23.9;9. CONCLUSIONS;322
23.10;Acknowledgements;322
23.10.1;References;322
24;Maille Authentication;324
24.1;1. INTRODUCTION;324
24.2;2. PREVIOUS WORK;326
24.3;3. THE MAILLE PROTOCOL;328
24.3.1;3.1 Assumptions;328
24.3.2;3.2 Notations;329
24.3.3;3.3 Node Structures;329
24.3.4;3.4 Messages;329
24.3.5;3.5 Peer Relationships;330
24.3.6;3.6 Obtaining Keys;330
24.3.7;3.7 Picking a Winning Key;332
24.3.8;3.8 Independence Analysis and Penalties;332
24.3.9;3.9 Determining if the Winning Key Should be Trusted;333
24.3.10;3.10 Using Keys;333
24.3.11;3.11 Tunable Parameters;333
24.4;4. ANALYSIS;334
24.4.1;4.1 Byzantine Failures and Impersonation;334
24.4.2;4.2 DOS Attacks;335
24.5;5. FUTURE WORK;336
24.6;6. CONCLUSIONS;336
24.6.1;REFERENCES;337
25;Supporting End-to-end Security across Proxies with Multiple- Channel SSL;338
25.1;1. INTRODUCTION;338
25.2;2. PROBLEM MOTIVATION;339
25.3;3. HIGH LEVEL DESCRIPTION OF MC-SSL;341
25.4;4. RELATED WORK;344
25.5;5. PROXY CHANNEL PROTOCOL;345
25.5.1;5.1 Handshake protocol;346
25.5.2;5.2 Application data protocol;348
25.6;6. DISCUSSION OF PROXY PROTOCOL;349
25.7;7. CONCLUSIONS AND FUTURE WORK;352
26;A Content-Protection Scheme for Multi-Layered Reselling Structure;354
26.1;1. INTRODUCTION;354
26.2;2. THE PROPOSED SCHEME;356
26.2.1;2.1 Initialization;358
26.2.2;2.2 Merchandize Preparation;358
26.2.3;2.3 Merchandize Sale;359
26.2.4;2.4 Merchandize Registration;359
26.2.5;2.5 Merchandize Activation;360
26.2.6;2.6 Arbitration;361
26.3;3. DISCUSSIONS;361
26.3.1;3.1 Security Analysis;361
26.3.2;3.2 Reusing Anonymous Certificates;362
26.3.3;3.3 Protecting Buyers from Malicious Sellers;363
26.4;4. CONCLUSIONS;363
26.4.1;REFERENCES;364
27;An Asymmetric Cryptography Secure Channel Protocol for Smart Cards;366
27.1;1. INTRODUCTION;366
27.2;2. PUBLIC KEY SMART CARD SECURE CHANNEL;368
27.3;PROTOCOLS AND THE REAL WORLD;368
27.3.1;2.1 Motivation;368
27.3.2;2.2 An Overview of GlobalPlatform Card Specification;369
27.4;3. THE PROPOSED PUBLIC KEY ARCHITECTURE;371
27.5;4. A PUBLIC KEY SECURE CHANNEL ESTABLISHMENT PROTOCOL;372
27.6;5. PROPERTIES AND SECURITY ANALYSIS;375
27.6.1;5.1 Compromise of Cryptographic Keys;375
27.6.2;5.2 Protocol Efficiency;376
27.7;6. CONCLUSIONS;378
27.7.1;REFERENCES;378
28;IPsec Clustering;382
28.1;INTRODUCTION;382
28.2;1. EXISTING CLUSTERING MODELS;383
28.3;2. CLUSTERING ARCHITECTURE;384
28.3.1;Forwarding model;384
28.3.2;Load sharing function;385
28.3.3;Inbound IP traffic processing;386
28.3.4;Outbound IP traffic processing;386
28.3.5;Handling failure situations;386
28.3.6;Changing the mapping functions;387
28.3.7;Replay protection information synchronization;388
28.4;3. ANALYSIS;389
28.4.1;Security association lifetimes;389
28.4.2;Security;390
28.5;4. IMPLEMENTATION;391
28.5.1;Load sharing function;391
28.5.2;Performance testing;392
28.5.3;Fail-over testing;393
28.6;5. CONCLUSIONS;394
28.6.1;References;394
29;Improving Secure Device Insertion in Home Ad-hoc Networks Keyword Latencies;396
29.1;INTRODUCTION;396
29.1.1;High heterogeneity;397
29.1.2;Erratic connectivity;397
29.1.3;Poor administration;397
29.1.4;No central device;397
29.1.5;No central information;397
29.2;1. PRELIMINARIES;398
29.2.1;1.1 Notations;398
29.2.2;1.2 Basic operations;399
29.3;2. ROBUST INSERTION;400
29.3.1;2.1 Realistic insertion conditions;400
29.3.2;2.2 First stage: gaining trust;401
29.3.3;2.3 Second stage: spreading trust;402
29.3.4;2.4 Related Work;403
29.4;3. HANDY INSERTION;404
29.4.1;3.1 State- of- the- art;404
29.4.2;3.2 Free choice of the inserting device;406
29.4.3;3.3 Consequences;407
29.5;CONCLUSION;408
29.6;Acknowledgments;408
29.7;References;408
30;Spam Filter Analysis;410
30.1;1. INTRODUCTION;410
30.2;2. SPAM: PRODUCERS AND COUNTERMEASURES;412
30.2.1;2.1 Bulk mailing techniques;412
30.2.2;2.2 Countermeasures;412
30.3;3. METHOD OF ANALYSIS;416
30.3.1;3.1 Mechanism of the analysis;416
30.3.2;3.2 Modelling of the normal email traffic;417
30.3.3;3.3 Modelling of the spam traffic;418
30.3.4;3.4 The simulator;419
30.3.5;3.5 The analysed filters;420
30.4;4. SPAM FILTER COMPARISON;420
30.4.1;4.1 Mail volume- based filter;423
30.4.2;4.2 Distributed Checksum Clearinghouse;423
30.4.3;4.3 Genetic algorithm based spam filter;423
30.4.4;4.4 Naïve Bayesian Filters;423
30.5;5. CONCLUSIONS;424
30.5.1;References;424
31;Collective Signature for Efficient Authentication of XML Documents;426
31.1;1. INTRODUCTION;426
31.2;2. BACKGROUND;428
31.3;3. RELATED WORK;430
31.4;4. OUR APPROACH;432
31.4.1;4.1 Collective Signature Generation;433
31.5;5. CONCLUSION AND FUTURE WORK;437
31.5.1;ACKNOWLEDGMENT;437
31.5.2;REFERENCE:;437
32;Updating Encrypted XML Documents on Untrusted Machines;440
32.1;1. INTRODUCTION;440
32.2;2. BASIC CONCEPTS OF XML;441
32.3;3. OUR SYSTEM MODEL;442
32.4;4. ALGORITHMS;442
32.4.1;4.1 Encoding and encrypting the XML;442
32.4.2;4.2 Encoding the Deltas;444
32.4.3;4.3 Applying the Deltas;444
32.4.4;4.4 Document Integrity;445
32.4.5;4.5 Data freshness and conflicts;447
32.5;5. OTHER WORK;449
32.5.1;5.1 XML Encryption;449
32.5.2;5.2 Incremental change support for XML;450
32.5.3;5.3 Incremental Cryptography;450
32.5.4;5.4 XOR MACS;451
32.5.5;5.5 Threats;452
32.6;6. STATUS AND FUTURE WORK;453
32.7;7. CONCLUSIONS;453
32.8;8. REFERENCES;454
33;Efficient Simultaneous Contract Signing;456
33.1;1. INTRODUCTION;456
33.2;2. OBLIVIOUS TRANSFER;458
33.2.1;2.1 JS protocol;459
33.2.2;2.2 Efficient oblivious transfer;459
33.3;3. CONTRACT SIGNING;465
33.3.1;3.1 The protocol;465
33.3.2;3.2 Implementation issues;467
33.4;4. BENEFITS AND DRAWBACKS;468
33.5;5. CONCLUSION;469
34;DHCP Authentication Using Certificates;472
34.1;1. INTRODUCTION;472
34.2;2. BASIC DHCP OPERATIONS;473
34.3;3. IMPORTANCE OF DHCP;474
34.4;4. DHCP SECURITY;475
34.4.1;4.1 DHCP shortcomings;475
34.4.2;4.2 DHCP vulnerabilities;475
34.5;5. EXISTING CONTRIBUTIONS;476
34.5.1;5.1 Delayed Authentication issues;477
34.6;6.;477
34.6.1;6.1 E- DHCP Overview;478
34.6.2;6.2 E- DHCP Scenario;481
34.6.3;6.3 Service access scenario;485
34.6.4;6.4 E- DHCP advantages;486
34.7;7. CONCLUSION AND FUTURE WORK;486
34.8;8. ACKNOWLEDGEMENTS;487
34.8.1;REFERENCES;487
35;Recursive Sandboxes: Extending Systrace To Empower Applications;488
35.1;1. INTRODUCTION;488
35.2;2. RELATED WORK;490
35.3;3. OVERVIEW OF;491
35.4;AND KeyNote;491
35.4.1;3.1 systrace;491
35.4.2;3.2 KeyNote;491
35.5;4. EXTENDING systrace;492
35.5.1;4.1 Nested Policies;492
35.5.2;4.2 Run- Time Policy Modification;495
35.6;5. PERFORMANCE EVALUATION;498
35.7;6. FUTURE WORK;500
35.8;7. CONCLUSIONS;500
35.9;Acknowledgements;500
36;Fast Digital Certificate Revocation;504
36.1;1. INTRODUCTION;504
36.2;2. AVAILABLE REVOCATION TECHNIQUES;505
36.2.1;2.1 Certificate Revocation Lists ( CRLs);505
36.2.2;2.2 Trusted Dictionaries;506
36.2.3;2.3 Online Revocation Mechanisms;507
36.3;3. THE PROPOSED SOLUTION;509
36.4;4. CONCLUSION;514
36.5;REFERENCES;514
37;MASKS: Managing Anonymity while Sharing Knowledge to Servers;516
37.1;1. INTRODUCTION;516
37.2;2. RELATED WORK;518
37.3;3. MASKS;520
37.3.1;3.1 Design characteristics;520
37.3.2;3.2 MASKS Architecture;520
37.4;4. PRIVACY AND SECURITY AGENT;521
37.4.1;4.1 PSA Architecture;522
37.4.2;4.2 Implementation;523
37.5;5. MASKS SERVER;523
37.5.1;5.1 Implementation;524
37.6;6. EXPERIMENTAL EVALUATION;525
37.6.1;6.1 Methodology;525
37.6.2;6.2 Results;527
37.7;7. CONCLUSIONS AND FUTURE WORK;529
37.7.1;References;530
38;Security and Differentiated Hotspot Services Through Policy-based Management Architecture;532
38.1;1. INTRODUCTION;533
38.2;2. HOTSPOTS OVERVIEW;534
38.3;3. EXISTING SOLUTIONS;536
38.3.1;3.1 IEEE 802.1x:;536
38.3.2;3.2 PANA ( Protocol for carrying Authentication for Access Networks);537
38.3.3;3.3 LWAPP ( LightWeight Access Point Protocol);537
38.3.4;3.4 IPSec VPN Solution;538
38.3.5;3.5 Discussion;538
38.4;4. POLICY BASED SOLUTION;539
38.4.1;4.1 Policy Specification;539
38.4.2;4.2 Policy Implementation;541
38.5;5. ACCESS CONTROL SCENARIO;543
38.5.1;5.1 Access router Configuration with Policies;543
38.5.2;5.2 Radius Server Configuration;544
38.5.3;5.3 How does it work?;545
38.6;6. CONCLUSION AND FUTURE WORKS;546
38.7;7. REFERENCES;547
39;Key Management for Secure Multicast in Hybrid Satellite Networks;548
39.1;1. INTRODUCTION;548
39.2;2. REVIEW OF KEY MANAGEMENT PROTOCOLS;549
39.3;3. NETWORK ARCHITECTURE;551
39.4;4. TIERED KEY MANAGEMENT IN SATELLITE ATM NETWORK;551
39.4.1;4.1 Trust Model and Security Assumptions;553
39.4.2;4.2 Key Management in the Overlay: RP Tree;554
39.4.3;4.3 Key Management in the Subnetwork: SN Tree;556
39.4.4;4.4 Secure Data Transmission in a Group;557
39.5;5. SECURITY ANALYSIS;558
39.5.1;5.1 Passive Adversary;558
39.5.2;5.2 Active Adversary;559
39.6;6. COST ANALYSIS;560
39.7;7. SIMULATION;560
39.8;8. CONCLUSION;561
39.9;9. ACKNOWLEDGMENTS;562
39.9.1;References;562
40;More eBooks at www.ciando.com;0
2. PREVIOUS WORK (p. 311-312)
Kerberos (Steiner et al., 1988) is a centralized authentication system, designed to allow single-sign-on from trusted workstations. Kerberos based systems rely on a single or a small set of authentication servers. The Kerberos system uses a ticket scheme, which allows clients to authenticate against the Kerberos servers only once. Thereafter, for the lifetime of the ticket, no further authentication is required and services and other individuals can trust the ticket holder without having to know their key.
Kerberos does have several weaknesses. First, it is highly centralized, requiring one master server where all updates occur. Replication of the security information to other server will offload all authentication work, but cannot reduce the total amount of work the master server must do to update security information and to broadcast changes. Further, because Kerberos relies on a single master server for all changes, that server becomes a single point of failure from a hardware, software, security and political standpoint.
The KryptoKnight family of protocols (Bird et al., 1995) is designed for embedded devices and is optimized for speed and efficiency. It relies on a single, possibly replicated, authority to provide trusted keys and act as an intermediary during authentication for all clients. The main focus is on providing several protocols that allow the exchange of keys, challenges and responses to flow as efficiently as possible by allowing the use of information each of the parties may already have. The KryptoKnight protocol family does not address issues of scalability or how credentials are revoked. A Byzantine failure in an authority is catastrophic for all parties using that authority.
Public key infrastructure (PKI) (Adams and Lloyd, 1997) has become very popular for Internet commerce. It is also widely used in grid computing as the basis for the Globus Security Infrastructure (GSI) (Foster et al. 1998). PKI relies on a hierarchy of certificate authorities (CA) for scalability. At the top is the root CA, which signs certificates for servers in the second level and so on, until the lowest-level CAs are used to establish the identity of outside entities such as web servers. Revocations are handled through certificate expiration dates and revocation lists. Replication of CA ensures that most authentications will not be affected by a single failure. However, the higher up the hierarchy an authentication is required to go, the more likely a single failure is to prevent successful authentication. Caching prevents most interactions from requiring the root CA and other high level CA servers. Nevertheless, a Byzantine failure at the root level will lead to a complete loss of security. Failures at lower levels will result in security breach for only part of the system.
Politically, the root CA is a single point of failure. PGP (Zimmermann, 1995) is a system designed to let many individuals authenticate each other without a central authority. It provides a method of creating and distributing keys among small clique of users and for deciding to trust a key acquired from a third party. How much trust can be placed in a public key is directly related to how many intermediaries it went through.
