scispace - formally typeset
Search or ask a question
Author

Jussipekka Leiwo

Bio: Jussipekka Leiwo is an academic researcher from Monash University. The author has contributed to research in topics: Information security & Security information and event management. The author has an hindex of 7, co-authored 22 publications receiving 303 citations. Previous affiliations of Jussipekka Leiwo include Nanyang Technological University & VU University Amsterdam.

Papers
More filters
Book ChapterDOI
01 Mar 1999
TL;DR: A scheme shall be proposed for enabling signature verification without disclosing the content of messages based on digital signcryption to provide maximum efficiency.
Abstract: Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The major obstacle for efficient verification of authenticity of messages at application layer is the difficulty of verifying digital signatures without disclosure of content protected by encryption. This is due to a traditional paradigm of generating a digital signature of a message and then encrypting the signature together with the message to preserve confidentiality, integrity, non-repudiation and authenticity. To overcome this limitation, a scheme shall be proposed for enabling signature verification without disclosing the content of messages. To provide maximum efficiency, the scheme is based on digital signcryption.

104 citations

01 Jan 1999
TL;DR: This proxy-signcryption scheme is useful for applications that are based on unreliable datagram style network communication model where messages are individually signed and not serially linked via a session key to provide authenticity and integrity.
Abstract: Previous proxy signature schemes enable a principal to have a trusted proxy agent sign messages on its behalf. We present a proxy signature scheme that combines the functionality of proxy signing and en-cryption. This proxy-signcryption scheme is useful for applications that are based on unreliable datagram style network communication model where messages are individually signed and not serially linked via a session key to provide authenticity and integrity. Use of a proxy agent to perform signature function is desirable for applications that are expected to support computing devices with low computational power and storage capacities. Integration of encryption functionality to provide secrecy at no additional cost to the proxy signature generation is an eecient means by which to support the class of applications targeted by this research work such as e-commerce using mobile computing and communication devices.

74 citations

Book ChapterDOI
07 Jul 1997
TL;DR: A method will be presented to specify and enforce a resource allocation policy to prevent denial of service attacks.
Abstract: Denial of service attack is an attempt from any authorized or unauthorized entity to allocate resources excessively to prevent normal operation of the system. A method will be presented to specify and enforce a resource allocation policy to prevent denial of service attacks. Resource allocation policy can be formally derived from a waiting time policy where maximum acceptable response times for different processes are specified.

29 citations

Journal Article
TL;DR: It is shown how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent denial of service by server resource exhaustion.
Abstract: Denial of service by server resource exhaustion has become a major security threat in open communications networks. Public-key authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a server's memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks.

26 citations

Book ChapterDOI
13 Sep 1999
TL;DR: This paper establishes one such model and demonstrates how the above difficulties can be overcome through extensive application of organizational modeling of information security.
Abstract: Functional security requirements of information systems can roughly be classified into two: computer security requirements and communications security requirements. Challenges for developing notations for expressing these requirements are numerous, most importantly the difficulty of dealing with layers of abstraction, flexibility to adapt into many types of requirements, groupings of requirements, and requirement dependencies. Many frameworks for dealing with information security highlight the importance of a properly defined organization of security but fail to establish models to support the specification. This paper establishes one such model and demonstrates how the above difficulties can be overcome through extensive application of organizational modeling of information security.

18 citations


Cited by
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

2,188 citations

Journal ArticleDOI
01 Apr 2004
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Abstract: Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.

1,866 citations

Journal ArticleDOI
TL;DR: The goal of the paper is to place some order into the existing attack and defense mechanisms, so that a better understanding of DDoS attacks can be achieved and subsequently more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.

641 citations

Posted Content
TL;DR: In this paper, a new identity-based scheme based on pairings over elliptic curves was proposed, which combines the functionalities of signature and encryption and is provably secure in the random oracle model.
Abstract: We present a new identity based scheme based on pairings over elliptic curves. It combines the functionalities of signature and encryption and is provably secure in the random oracle model. We compare it with Malone-Lee’s one from security and efficiency points of view. We give a formal proof of semantical security under the Decisional Bilinear Diffie-Hellman assumption for this new scheme and we show how to devise other provably secure schemes that produce even shorter ciphertexts.

306 citations

01 Jun 1999
TL;DR: Because partitioning shares some concerns with computer security, security models are reviewed and compared with the concerns of partitioning to restore strong fault containment to integrated architectures.
Abstract: Automated aircraft control has traditionally been divided into distinct "functions" that are implemented separately (eg, autopilot, autothrottle, flight management); each function has its own fault-tolerant computer system, and dependencies among different functions are generally limited to the exchange of sensor and control data A by-product of this "federated" architecture is that faults are strongly contained within the computer system of the function where they occur and cannot readily propagate to affect the operation of other functions More modern avionics architectures contemplate supporting multiple functions on a single, shared, fault-tolerant computer system where natural fault containment boundaries are less sharply defined Partitioning uses appropriate hardware and software mechanisms to restore strong fault containment to such integrated architectures This report examines the requirements for partitioning, mechanisms for their realization, and issues in providing assurance for partitioning Because partitioning shares some concerns with computer security, security models are reviewed and compared with the concerns of partitioning

293 citations