Security and Protection in Information Processing Systems (eBook)

Contents 6
General Chair’s Message 10
Program Chair’s Message 13
IFIP/SEC2004 Conference Committees 14
An Abstract Reduction Model for Computer Security Risk 16
1. INTRODUCTION 16
2. THE RISK ANALYSIS SIGNATURE 17
2.1 Related work 17
2.2 A more general framework 18
3. THE REWRITING SYSTEM 19
3.1 Defining the rewriting rules 20
3.2 Termination and confluence of the rewriting system 22
4. TOWARDS RISK ANALYSIS ALGEBRAS 24
4.1 From specification to algebra 24
4.2 Illustrative example 25
5. SOLVING THE RISK ANALYSIS EQUATION 28
6. CONCLUSION 30
References 31
Remediation Graphs for Security Patch Management 32
1. INTRODUCTION 32
2. SECURITY PATCH MANAGEMENT: MODEL 34
2.1 Security Patch Management 35
2.2 Patch Configuration States 35
2.3 Patch State Consistency 36
2.4 Patch State Transitions 37
2.5 Patch Preference Relation 38
2.6 Remediation 38
3. SECURITY PATCH MANAGEMENT: ALGORITHMS 39
4. RELATED WORK 41
5. CONCLUSION 42
References 42
Security Modelling for Risk Analysis 44
1. INTRODUCTION 44
2. SECURITY MODEL 45
2.1 Security Documentation 45
2.2 Classification of Entities 46
2.3 Attributes‚ and Relationships between Entities 47
2.4 Developing the Model 47
3. SECURITY MODELLING 48
3.1 Overview 48
3.2 Threat Propagation 48
4. DEFENCE MEASURES 54
4.1 Overview 54
4.2 Countermeasures 54
4.3 Threat Countermeasure Diagrams ( TCDs) 56
4.4 Design of Defence Systems 56
4.5 Defence Effectiveness 58
5. CONCLUSIONS 59
ACKNOWLEDGMENTS 59
REFERENCES 59
Contrasting Malicious Java Applets by Modifying the Java virtual machine 62
1. INTRODUCTION 62
2. ATTACKS AND DEFENSES 63
2.1 Defensive Approaches 64
2.2 Our Approach 67
3. THE MONITOR IMPLEMENTED IN THE JVM 67
3.1 General Criteria 67
3.2 Which problems does Limiter Contrast? 69
3.3 The Structure of the Original JVM 73
3.4 Implementation 74
3.5 Configuration 76
4. EFFECTIVENESS AND PERFORMANCE 77
5. CONCLUSIONS 78
References 78
Analyzing Network Management Effects with SPIN and cTLA 80
1. INTRODUCTION 80
2. RELATED WORK 82
3. CTLA 83
3.1 TLA 84
3.2 cTLA Simple Process Type 84
3.3 cTLA Process Composition Type 85
4. TRANSLATION TO SPIN/ PROMELA 86
5. GENERIC MODEL STRUCTURE 87
6. EXAMPLE SYSTEM 90
7. ANALYSIS 92
7.1 Example System Optimizations 92
7.2 Checking Assertions & Analyzing Trails
8. CONCLUDING REMARKS 95
REFERENCES 95
Formal Reasoning of Various Categories of Widely Exploited Security Vulnerabilities by Pointer Taintedness Semantics 98
1. INTRODUCTION 99
2. RELATED WORK 100
3. POINTER TAINTEDNESS EXAMPLES 101
4. SEMANTICS FOR POINTER TAINTEDNESS 103
5. FORMAL REASONING ON POINTER TAINTEDNESS VIOLATIONS 106
5.1 Analysis of strcpy() 106
5.2 Analysis of Free() 108
5.3 Analysis of Printf() 109
6. EXAMPLES ILLUSTRATING VIOLATIONS OF LIBRARY FUNCTIONS’ PRECONDITIONS 110
6.1 Example of strcpy() violation – condition 3 110
6.2 Example of strcpy() violation – condition 2 111
6.3 Example of free() violation – condition 2 112
7. CONCLUSIONS AND FUTURE DIRECTIONS 113
ACKNOWLEDGMENTS 114
REFERENCES 114
Meeting the Global Challenges of Security Incident Response 116
1 INTRODUCTION 116
2 CURRENT STATE: SECURITY INCIDENT RESPONSE CAPABILITIES 117
3 FUTURE GLOBAL THREATS AND CHALLENGES 119
4 ADEQUACIES OF LEGISLATIONS & REGULATIONS
5 ORGANIZATIONAL DEFICIENCIES 124
6 TECHNICAL EXPERTISE 125
7 EDUCATION, RESEARCH, ADVANCED TRAINING AND INFORMATION RESOURCES 126
8 PREPARATORY REQUIREMENTS 128
9 CONCLUSION 129
10 ACKNOWLEDGEMENTS 130
REFERENCES 130
Security in Globally Distributed Industrial Information Systems 134
1. INTRODUCTION 134
2. ASSETS AND THREATS IN A GDIIS 135
Confidentiality 136
Integrity 136
Availability 136
3. SECURITY MECHANISMS 137
General security guidelines 137
Authentication and authorization 137
Intrusion detection 138
Encryption 138
4. THREE SECURITY ARCHITECTURES FOR THE GDIIS 139
Centralized connections 139
Layered architecture 141
Integration of centralized and layered architecture 145
5. DISCUSSION 147
6. CONCLUSIONS 148
Acknowledgments 149
References 149
A Case For Information Ownership in ERP Systems 150
1. INTRODUCTION 150
2. STUDY RESULTS 151
3. THE CENTRALIZED APPROACH TO SECURITY 152
3.1 Error- prone configuration of the security subsystem 152
3.2 Time consuming and costly configuration of the security subsystem 153
3.3 Lack of change management and documentation support 154
4. DECENTRALIZING THE APPROACH TO SECURITY 155
4.1 Dealing with complexity 156
4.2 Improving responsibility and accountability 158
4.3 Moving towards information ownership 159
4.4 Decentralizing without the need for more technical knowledge 159
5. INFORMATION OWNERSHIP 159
5.1 Supporting information ownership 160
5.2 Validating information owners 161
5.3 Shared responsibility 162
6. INFORMATION OWNERSHIP 163
7. ERP SYSTEM SUPPORT FOR INFORMATION OWNERSHIP 163
7.1 Corporate governance in support of information ownership 163
8. CONCLUSION 164
REFERENCES 164
Interactive Access Control for Web Services 166
1. INTRODUCTION 166
2. SYSTEM ARCHITECTURE 168
3. THE FORMAL FRAMEWORK 169
4. LOGIC PROGRAMMING BACKGROUND 170
5. THE LOGICAL MODEL 173
6. REASONING 176
7. IMPLEMENTATION OF THE LOGICAL MODEL 178
8. STATEFUL BUSINESS PROCESSES 179
9. CONCLUSIONS 180
References 180
Identity-based Key Infrastructures (IKI) 182
INTRODUCTION 182
1. BACKGROUND AND NOTATION 184
2. THE NEED FOR A BASIC IDENTITY - BASED KEY INFRASTRUCTURE 184
3. THE IMPACT OF REVOCATION AND NON- UNIQUENESS OF THE NATURAL ID 188
4. CONCLUSION 189
Acknowledgments 190
Notes 190
References 190
ModInt: Compact Modular Arithmatic Class Library Available on Cellular Phone and its Application to Secure Electronic 192
1. INTRODUCTION 192
2. PRELIMINARY 196
2.1 Homomorphic Encryption Scheme 196
2.2 Proof of Knowledge 197
2.3 Oblivious LFSR Protocol 198
3. IMPLEMENTATION ON CELLULAR PHONES 199
3.1 System Design 199
3.2 ModInt class 199
4. EVALUATION 201
4.1 Performance in the J2ME Emulator 201
4.2 Performance in the Docomo D503is 202
4.3 Pre- computation to Reduce Processing Time 202
4.4 Scalability of the Proposed System 204
4.5 Comparison to the Conventional System [ 1] 205
4.6 Performance of the ModInt Library 206
5. CONCLUSION 206
References 207
Dependable Security by Twisted Secret Sharing 208
1. INTRODUCTION 208
2. OTHER WORKS 209
3. TWISTED SECRET SHARING 211
3.1 The guiding case 211
3.2 An analogy: the sick old father 213
4. THE PROPOSAL 215
4.1 The pattern 216
4.2 The algorithm in pseudo code 217
5. DISCUSSION 219
REFERENCES 220
A Language Driven IDS for Event and Alert Correlation 224
1. INTRODUCTION 224
2. THE ADeLe LANGUAGE 225
2.1 Introduction 225
2.2 Filtered Events 226
2.3 Correlation Operators 227
2.4 Conclusion on ADeLe 230
3. AN INTRUSION DETECTION SYSTEM 230
3.1 IDS Architecture 230
3.2 Events and Alerts correlation using finite state automata 231
3.3 Automaton merge 232
3.4 Plan recognition 232
3.5 Partial Plan Deletion 234
4. IDS TEST 234
4.1 IDS behaviour test 235
4.2 Advanced Tests 235
5. RELATED WORK 237
6. CONCLUSION 238
References 238
Install-time Vaccination of Windows Executables to Defend 240
1. INTRODUCTION 240
1.1 Background 240
1.2 Classification of Anti- Stack- Smashing Techniques 241
1.3 Contributions 242
2. SOLUTION ARCHITECTURE 243
2.1 Design Choices 243
2.2 The Basic Method 243
2.3 Disassembly 244
2.4 Function Discovery 244
2.5 Function Analysis and Classification 244
3. INSTRUMENTING A SIMPLE WIN32 APPLICATION 245
4. INSTRUMENTING A DLL 246
5. INSTRUMENTING A MULTI-THREADED APPLICATION 247
6. INSTRUMENTING DLLS USED BY MULTITHREADED APPLICATIONS 249
7. EVALUATION 251
7.1 Performance 251
7.2 Limitations of the approach 252
8. ALTERNATIVE APPROACHES AND TOOLS 252
9. CONCLUSIONS 254
Eigenconnections to Intrusion Detection 256
1. Introduction 256
2. Description of KDD 99 intrusion detection datasets 259
3. Nearest neighbor and decision trees 260
3.1 Nearest Neighbor NN 260
3.2 Decision trees 261
4. Eigenconnection approach 263
4.1 Calculating the eigenconnections 264
5. Experimental methodology and results 265
5.1 Nearest neighbor with/ without PCA 266
5.2 Decision trees with/ without PCA 267
6. Conclusion 270
Acknowledgements 271
References 272
Visualising Intrusions: Watching the Webserver 274
1. INTRODUCTION 274
2. THE EXPERIMENTAL SYSTEM 275
3. THE LOG REDUCTION SCHEME 275
4. VISUALISING THE LOWEST SCORING REQUESTS 277
5. DETAILED ANALYSIS OF THE FEATURES FOUND 280
6. EFFECTIVENESS OF THE LOG REDUCTION SCHEME 283
7. DISCUSSION 285
8. FUTURE WORK 286
9. RELATED WORK 287
10. CONCLUSIONS 288
References 289
A Long-term Trial of Keystroke Profiling using Digraph, Trigraph and Keyword Latencies 290
1. INTRODUCTION 290
2. CAPTURING KEYSTROKE DATA IN WINDOWS 291
3. EXPERIMENTAL PROCEDURE 293
4. STATISTICAL ANALYSIS 295
5. DISCUSSION 301
6. CONCLUSIONS 303
7. ACKNOWLEDGMENTS 304
8. REFERENCES 304
Trusted Computing, Trusted Third Parties, and Verified Communications 306
1. INTRODUCTION 306
2. NEW TRUSTED THIRD PARTIES? 307
2.1 The new third party 307
2.2 Applications 308
2.3 Limits on trust 309
3. ASSUMPTIONS 310
4. VERIFIED COMMUNICATIONS WITH AN SCB 311
4.1 Checking inputs 311
4.2 Using an SCB 313
5. EXAMPLES 314
5.1 Typechecking 314
5.2 Proof checking 316
5.3 Certificate checking 317
5.4 Virus confinement and communications censorship? 318
6. ASSESSMENT 318
7. AN EXAMPLE, STEP BY STEP 319
8. EXTENSIONS 321
9. CONCLUSIONS 322
Acknowledgements 322
References 322
Maille Authentication 324
1. INTRODUCTION 324
2. PREVIOUS WORK 326
3. THE MAILLE PROTOCOL 328
3.1 Assumptions 328
3.2 Notations 329
3.3 Node Structures 329
3.4 Messages 329
3.5 Peer Relationships 330
3.6 Obtaining Keys 330
3.7 Picking a Winning Key 332
3.8 Independence Analysis and Penalties 332
3.9 Determining if the Winning Key Should be Trusted 333
3.10 Using Keys 333
3.11 Tunable Parameters 333
4. ANALYSIS 334
4.1 Byzantine Failures and Impersonation 334
4.2 DOS Attacks 335
5. FUTURE WORK 336
6. CONCLUSIONS 336
REFERENCES 337
Supporting End-to-end Security across Proxies with Multiple- Channel SSL 338
1. INTRODUCTION 338
2. PROBLEM MOTIVATION 339
3. HIGH LEVEL DESCRIPTION OF MC-SSL 341
4. RELATED WORK 344
5. PROXY CHANNEL PROTOCOL 345
5.1 Handshake protocol 346
5.2 Application data protocol 348
6. DISCUSSION OF PROXY PROTOCOL 349
7. CONCLUSIONS AND FUTURE WORK 352
A Content-Protection Scheme for Multi-Layered Reselling Structure 354
1. INTRODUCTION 354
2. THE PROPOSED SCHEME 356
2.1 Initialization 358
2.2 Merchandize Preparation 358
2.3 Merchandize Sale 359
2.4 Merchandize Registration 359
2.5 Merchandize Activation 360
2.6 Arbitration 361
3. DISCUSSIONS 361
3.1 Security Analysis 361
3.2 Reusing Anonymous Certificates 362
3.3 Protecting Buyers from Malicious Sellers 363
4. CONCLUSIONS 363
REFERENCES 364
An Asymmetric Cryptography Secure Channel Protocol for Smart Cards 366
1. INTRODUCTION 366
2. PUBLIC KEY SMART CARD SECURE CHANNEL 368
PROTOCOLS AND THE REAL WORLD 368
2.1 Motivation 368
2.2 An Overview of GlobalPlatform Card Specification 369
3. THE PROPOSED PUBLIC KEY ARCHITECTURE 371
4. A PUBLIC KEY SECURE CHANNEL ESTABLISHMENT PROTOCOL 372
5. PROPERTIES AND SECURITY ANALYSIS 375
5.1 Compromise of Cryptographic Keys 375
5.2 Protocol Efficiency 376
6. CONCLUSIONS 378
REFERENCES 378
IPsec Clustering 382
INTRODUCTION 382
1. EXISTING CLUSTERING MODELS 383
2. CLUSTERING ARCHITECTURE 384
Forwarding model 384
Load sharing function 385
Inbound IP traffic processing 386
Outbound IP traffic processing 386
Handling failure situations 386
Changing the mapping functions 387
Replay protection information synchronization 388
3. ANALYSIS 389
Security association lifetimes 389
Security 390
4. IMPLEMENTATION 391
Load sharing function 391
Performance testing 392
Fail-over testing 393
5. CONCLUSIONS 394
References 394
Improving Secure Device Insertion in Home Ad-hoc Networks Keyword Latencies 396
INTRODUCTION 396
High heterogeneity 397
Erratic connectivity 397
Poor administration 397
No central device 397
No central information 397
1. PRELIMINARIES 398
1.1 Notations 398
1.2 Basic operations 399
2. ROBUST INSERTION 400
2.1 Realistic insertion conditions 400
2.2 First stage: gaining trust 401
2.3 Second stage: spreading trust 402
2.4 Related Work 403
3. HANDY INSERTION 404
3.1 State- of- the- art 404
3.2 Free choice of the inserting device 406
3.3 Consequences 407
CONCLUSION 408
Acknowledgments 408
References 408
Spam Filter Analysis 410
1. INTRODUCTION 410
2. SPAM: PRODUCERS AND COUNTERMEASURES 412
2.1 Bulk mailing techniques 412
2.2 Countermeasures 412
3. METHOD OF ANALYSIS 416
3.1 Mechanism of the analysis 416
3.2 Modelling of the normal email traffic 417
3.3 Modelling of the spam traffic 418
3.4 The simulator 419
3.5 The analysed filters 420
4. SPAM FILTER COMPARISON 420
4.1 Mail volume- based filter 423
4.2 Distributed Checksum Clearinghouse 423
4.3 Genetic algorithm based spam filter 423
4.4 Naïve Bayesian Filters 423
5. CONCLUSIONS 424
References 424
Collective Signature for Efficient Authentication of XML Documents 426
1. INTRODUCTION 426
2. BACKGROUND 428
3. RELATED WORK 430
4. OUR APPROACH 432
4.1 Collective Signature Generation 433
5. CONCLUSION AND FUTURE WORK 437
ACKNOWLEDGMENT 437
REFERENCE: 437
Updating Encrypted XML Documents on Untrusted Machines 440
1. INTRODUCTION 440
2. BASIC CONCEPTS OF XML 441
3. OUR SYSTEM MODEL 442
4. ALGORITHMS 442
4.1 Encoding and encrypting the XML 442
4.2 Encoding the Deltas 444
4.3 Applying the Deltas 444
4.4 Document Integrity 445
4.5 Data freshness and conflicts 447
5. OTHER WORK 449
5.1 XML Encryption 449
5.2 Incremental change support for XML 450
5.3 Incremental Cryptography 450
5.4 XOR MACS 451
5.5 Threats 452
6. STATUS AND FUTURE WORK 453
7. CONCLUSIONS 453
8. REFERENCES 454
Efficient Simultaneous Contract Signing 456
1. INTRODUCTION 456
2. OBLIVIOUS TRANSFER 458
2.1 JS protocol 459
2.2 Efficient oblivious transfer 459
3. CONTRACT SIGNING 465
3.1 The protocol 465
3.2 Implementation issues 467
4. BENEFITS AND DRAWBACKS 468
5. CONCLUSION 469
DHCP Authentication Using Certificates 472
1. INTRODUCTION 472
2. BASIC DHCP OPERATIONS 473
3. IMPORTANCE OF DHCP 474
4. DHCP SECURITY 475
4.1 DHCP shortcomings 475
4.2 DHCP vulnerabilities 475
5. EXISTING CONTRIBUTIONS 476
5.1 Delayed Authentication issues 477
6. 477
6.1 E- DHCP Overview 478
6.2 E- DHCP Scenario 481
6.3 Service access scenario 485
6.4 E- DHCP advantages 486
7. CONCLUSION AND FUTURE WORK 486
8. ACKNOWLEDGEMENTS 487
REFERENCES 487
Recursive Sandboxes: Extending Systrace To Empower Applications 488
1. INTRODUCTION 488
2. RELATED WORK 490
3. OVERVIEW OF 491
AND KeyNote 491
3.1 systrace 491
3.2 KeyNote 491
4. EXTENDING systrace 492
4.1 Nested Policies 492
4.2 Run- Time Policy Modification 495
5. PERFORMANCE EVALUATION 498
6. FUTURE WORK 500
7. CONCLUSIONS 500
Acknowledgements 500
Fast Digital Certificate Revocation 504
1. INTRODUCTION 504
2. AVAILABLE REVOCATION TECHNIQUES 505
2.1 Certificate Revocation Lists ( CRLs) 505
2.2 Trusted Dictionaries 506
2.3 Online Revocation Mechanisms 507
3. THE PROPOSED SOLUTION 509
4. CONCLUSION 514
REFERENCES 514
MASKS: Managing Anonymity while Sharing Knowledge to Servers 516
1. INTRODUCTION 516
2. RELATED WORK 518
3. MASKS 520
3.1 Design characteristics 520
3.2 MASKS Architecture 520
4. PRIVACY AND SECURITY AGENT 521
4.1 PSA Architecture 522
4.2 Implementation 523
5. MASKS SERVER 523
5.1 Implementation 524
6. EXPERIMENTAL EVALUATION 525
6.1 Methodology 525
6.2 Results 527
7. CONCLUSIONS AND FUTURE WORK 529
References 530
Security and Differentiated Hotspot Services Through Policy-based Management Architecture 532
1. INTRODUCTION 533
2. HOTSPOTS OVERVIEW 534
3. EXISTING SOLUTIONS 536
3.1 IEEE 802.1x: 536
3.2 PANA ( Protocol for carrying Authentication for Access Networks) 537
3.3 LWAPP ( LightWeight Access Point Protocol) 537
3.4 IPSec VPN Solution 538
3.5 Discussion 538
4. POLICY BASED SOLUTION 539
4.1 Policy Specification 539
4.2 Policy Implementation 541
5. ACCESS CONTROL SCENARIO 543
5.1 Access router Configuration with Policies 543
5.2 Radius Server Configuration 544
5.3 How does it work? 545
6. CONCLUSION AND FUTURE WORKS 546
7. REFERENCES 547
Key Management for Secure Multicast in Hybrid Satellite Networks 548
1. INTRODUCTION 548
2. REVIEW OF KEY MANAGEMENT PROTOCOLS 549
3. NETWORK ARCHITECTURE 551
4. TIERED KEY MANAGEMENT IN SATELLITE ATM NETWORK 551
4.1 Trust Model and Security Assumptions 553
4.2 Key Management in the Overlay: RP Tree 554
4.3 Key Management in the Subnetwork: SN Tree 556
4.4 Secure Data Transmission in a Group 557
5. SECURITY ANALYSIS 558
5.1 Passive Adversary 558
5.2 Active Adversary 559
6. COST ANALYSIS 560
7. SIMULATION 560
8. CONCLUSION 561
9. ACKNOWLEDGMENTS 562
References 562
More eBooks at www.ciando.com 0

2. PREVIOUS WORK (p. 311-312)

Kerberos (Steiner et al., 1988) is a centralized authentication system, designed to allow single-sign-on from trusted workstations. Kerberos based systems rely on a single or a small set of authentication servers. The Kerberos system uses a ticket scheme, which allows clients to authenticate against the Kerberos servers only once. Thereafter, for the lifetime of the ticket, no further authentication is required and services and other individuals can trust the ticket holder without having to know their key.

Kerberos does have several weaknesses. First, it is highly centralized, requiring one master server where all updates occur. Replication of the security information to other server will offload all authentication work, but cannot reduce the total amount of work the master server must do to update security information and to broadcast changes. Further, because Kerberos relies on a single master server for all changes, that server becomes a single point of failure from a hardware, software, security and political standpoint.

The KryptoKnight family of protocols (Bird et al., 1995) is designed for embedded devices and is optimized for speed and efficiency. It relies on a single, possibly replicated, authority to provide trusted keys and act as an intermediary during authentication for all clients. The main focus is on providing several protocols that allow the exchange of keys, challenges and responses to flow as efficiently as possible by allowing the use of information each of the parties may already have. The KryptoKnight protocol family does not address issues of scalability or how credentials are revoked. A Byzantine failure in an authority is catastrophic for all parties using that authority.

Public key infrastructure (PKI) (Adams and Lloyd, 1997) has become very popular for Internet commerce. It is also widely used in grid computing as the basis for the Globus Security Infrastructure (GSI) (Foster et al. 1998). PKI relies on a hierarchy of certificate authorities (CA) for scalability. At the top is the root CA, which signs certificates for servers in the second level and so on, until the lowest-level CAs are used to establish the identity of outside entities such as web servers. Revocations are handled through certificate expiration dates and revocation lists. Replication of CA ensures that most authentications will not be affected by a single failure. However, the higher up the hierarchy an authentication is required to go, the more likely a single failure is to prevent successful authentication. Caching prevents most interactions from requiring the root CA and other high level CA servers. Nevertheless, a Byzantine failure at the root level will lead to a complete loss of security. Failures at lower levels will result in security breach for only part of the system.

Politically, the root CA is a single point of failure. PGP (Zimmermann, 1995) is a system designed to let many individuals authenticate each other without a central authority. It provides a method of creating and distributing keys among small clique of users and for deciding to trust a key acquired from a third party. How much trust can be placed in a public key is directly related to how many intermediaries it went through.