Showing papers presented at "International Conference on Emerging Security Information, Systems and Technologies in 2009"

A Survey of Botnet and Botnet Detection

Abstract: Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base. It summarizes botnet detection techniques in each class and provides a brief comparison of botnet detection techniques.

Fighting Insomnia: A Secure Wake-Up Scheme for Wireless Sensor Networks

Abstract: Sleep deprivation attacks are still an unsolved but critical problem in sensor networks. They aim on quickly exhausting energy reserves of battery-powered sensor nodes by continuously sending messages to the node, preventing the attacked node to switch to an energy-saving sleep state. Sleep deprivation attacks come also in the form of sending traffic that causes a sleeping node to wake-up. Sleep deprivation attacks have the potential to lessen the lifetime of typical sensor nodes from years to days or even hours. One important communication standard for sensor networks is IEEE 802.15.4 that defines cryptographic protection of frames. While many attacks like eavesdropping or modification of frames are covered by the available security mechanisms, these mechanisms do not address sleep deprivation attacks. This paper proposes a secure wake-up scheme that activates a sensor node by a secure wake-up radio from a sleep state only if messages from an authenticated and legitimate node are pending. A lightweight security verification scheme is used that can easily be performed without requiring the node to change to active state.

Social Networks Security

Abstract: Our study analyses possibilities of misusing social network sites due to irresponsible behaviour of users. Recent surveys show that problems of social network are more often to occur, due to openness as one of the key features of these sites. Social engineering can be misused by attackers concerning on social network with the purpose of gaining sensitive information. There is a conflict between users' security awareness and their actual behaviour, so called privacy paradox. We were interested in amount of information people are willing to reveal in their profiles. We have found out users' behaviour which leads to insufficient protection of published information. These sensitive information are suitable for all kinds of phishing and other similar attacks. In our study we compared two groups of fictive profiles (personal profiles of users having no friends and profiles of users with fictive friends) and studied their success in creating new links in social network. We also considered tools for protecting sensitive information in social networks.

A Threat Analysis Methodology for Security Evaluation and Enhancement Planning

Abstract: Threat analysis gives how potential adversaries exploit system weakness to achieve their goals. It identifies threats and defines a risk mitigation policy for a specific architecture, functionality and configuration. In a threat analysis security metrics are a challenging requirement in order to determine the status of network security performance and to further enhance it by minimizing exposure to considerable threats and vulnerabilities. In this paper the authors propose a generic methodology for threat analysis and security metrics in order to prioritize threats and vulnerabilities and proceed with security enhancement planning in Personal Networks (PNs).

Detecting Man-in-the-Middle Attacks by Precise Timing

Abstract: Man-in-the-middle attacks are one of the most popular and fundamental attacks on distributed systems that have evolved with advances in distributed computing technologies and have assumed several shapes ranging from simple IP spoofing to complicated attacks on wireless communications, which have safety-critical applications such as remote wireless passport verification. This paper proposes a static analysis algorithm for the detection of man-in-the-middle attacks in mobile processes using a solution based on precise timing.

Identification of Basic Measurable Security Components for a Distributed Messaging System

Abstract: The lack of appropriate information security solutions in software-intensive systems can have serious consequences for businesses and the stakeholders. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. This study investigates holistic development of security metrics for a distributed messaging system based on threat analysis, security requirements, decomposition and use case information. Our approach is thus requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach.

Comparison of Static Code Analysis Tools

Abstract: In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: Fortify SCA is a non-annotation based heuristic analyzer, Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer. The tools are compared by analysing their performance when checking a demonstration code with intentionally implemented errors.

A PIN Entry Scheme Resistant to Recording-Based Shoulder-Surfing

Abstract: Two-factor authentication techniques using combination of magnetic cards and personal identification numbers (PINs) are widely used in many applications including automatic teller machines and point of sales. Similar to other valuable personal possessions, cards can be easily stolen by pickpockets. Furthermore, recent security reports show that magnetic cards can be easily duplicated using fake card readers and PINs can be obtained by shoulder surfing legitimate users' PIN entry processes. With this combination, criminals can easily break into users' accounts which represents a great threat. In this paper, we propose a new PIN entry scheme which is resistant against shoulder-surfing attacks conducted by shoulder-surfers with normal cognitive capabilities. Additionally, this scheme offers a relatively good level of security when the shoulder-surfer can record the entire login procedure for one or two times with a video device. Mathematical analysis of the proposed scheme is also presented.

Survivability and Business Continuity Management System According to BS 25999

Abstract: In this paper, a new model is presented for evaluating the performance of a Business Continuity Management System according to BS 25999. This model is able to calculate the survivability \emph{ex-ante} if the key performance indicator for the effectiveness exists. Performance is based fundamentally on the system's Business Continuity Plans and Disaster Recovery Plans. Typically, the performance of these plans is evaluated by a number of specific exercises at various intervals and, in many cases, with a variety of targets. Furthermore, these specific exercises are rerun after a longer period ($\ge $ a year) and then often only partially. If a company is interested in taking performance measurements over a shorter period, obstacles and financial restrictions are often encountered. Furthermore, it is difficult for companies to give an \emph{ex-ante} statement of their survival in the case of a disaster.Two key performance indicators are presented that allow the performance of a Business Continuity Management System to be evaluated according to BS 25999. Using these key performance indicators, the probability of survival can be estimated before extreme events occur.

AFMAP: Anonymous Forward-Secure Mutual Authentication Protocols for RFID Systems

Abstract: In this paper we propose two mutual authentication protocols for RFID systems. Generally, in RFID systems, a reader can authenticate tags in the real-time and batch modes. This paper proposes the first authentication protocol for the real-time mode. It also proposes an efficient robust mutual authentication protocol for the batch mode. Some significant characteristics of the protocols are forward security, tag anonymity, location privacy, low complexity on the back-end server, and scalability. To the best of our knowledge, our protocols offer the most enhanced security features in RFID mutual authentication protocols with respect to user privacy. In analyzing the protocols, we show how remarkable properties such as forward security and tag anonymity are guaranteed. It is also illustrated that our protocol is secure against several common attacks that RFID systems confront with.

Criteria for Evaluating the Privacy Protection Level of Identity Management Services

Abstract: Identity Management is the one of web services that manages the digital identity and the personally identifiable information of the user who subscribed for various web services in Internet. It was developed to provide user with an easy way to use and manage various user's digital identities that were provided from each web service. If the user subscribes to an Identity Management service, the user can access the other web sites affiliated with the Identity Management service and use their web services by using the identity issued by the Identity Management service. And the user can manage the user's personally identifiable information distributed among various web sites in an integrated way through this service. However, if the identity provider, which provides this Identity Management service, discloses the user’s identity and personal identifiable information, identity theft can happen throughout the entire affiliated web sites. As a result, the privacy protection level of the Identity provider, that is, the level of protection for personally identifiable information, is the critical factor of successful Identity Management service. Therefore, Identity Provider should provide an easy way to the internal or external auditor of them for assessing the privacy protection level. This paper describes privacy threats for each identity life cycle, such as Identity provision, propagation, use and maintain, and destruction, and proposes the criteria that evaluate the privacy protection level provided by the Identity provider as a countermeasure against these threats. The internal or external auditor can use the criteria described in this paper, as a way of assessing the privacy protection level of Identity Provider

Secure Distributed Multiplication of Two Polynomially Shared Values: Enhancing the Efficiency of the Protocol

Abstract: In view of practical applications, it is a high priority to optimize the efficiency of methods for secure multiparty computations. These techniques enable, for instance, truly practical double auctions and distributed signatures. The multiplication protocol for the secure multiparty multiplication of two polynomially shared values over Z_q with a public prime number q is an important module in these computations. The protocol of Gennaro, Rabin and Rabin (1998) is a well known and efficient protocol for this purpose. It requires one round of communication and O(n^2 k \log n + n k^2) bit-operations per player, where k is the bit size of the prime q and n is the number of players. In a previous paper (2007), the author has presented a modification of this protocol, that reduces its complexity to O(n^2k + nk^2). The present paper reduces this complexity further to O(n^2 k). This reduction is profitable in situations where n is smaller than k. The new protocol requires the same amount of communication as the original one and is unconditionally secure, as well.

True Positive Cost Curve: A Cost-Based Evaluation Method for High-Interaction Client Honeypots

Abstract: Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious web pages by driving a dedicated vulnerable web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious web pages is a crucial task. HICHPs, however, present challenges: They are slow and tend to miss attacks. For researchers to address these shortcomings, they need methods for evaluating HICHPs. This paper (1) presents an evaluation method called the True Positive Cost Curve (TPCC), which makes it possible to evaluate and compare HICHPs in an operating environment, but also allows an operator to tune HICHPs within a specific operating environment; (2) presents improvements on the way HICHPs visit web pages and evaluates them with the TPCC method; and (3) discusses the impact of time bombs on the performance of HICHPs in an operating environment and the ability to tune an HICHP for optimal performance with the help of the TPCC.

Security in Ad Hoc Networks: From Vulnerability to Risk Management

Abstract: Mobile Ad hoc Networks (MANETs) have lots of applications. Due to the features of open medium, absence of infrastructure, dynamic changing network topology, cooperative algorithms, lack of centralized monitoring and management point, resource constraints and lack of a clear line of defense, these networks are vulnerable to attacks. A vital problem that must be solved in order to realize these applications is that concerning the security aspects of such networks. Solving these problems combined with the widespread availability of devices such as PDAs, laptops, small fixtures on buildings and cellular phones will ensure that ad hoc networks will become an indispensable part of our life. In this paper, we discuss the reasons of vulnerability as well as active and passive attacks on such networks. We present the security measures used to secure ad hoc networks such as authentication, threshold cryptography, trust and reputation, and present a risk management scheme. Concluding remarks are presented at the end of this paper, while mentioning the different open research areas and challenges in the discussed security measures.

Replay Attack of Dynamic Rights within an Authorised Domain

Abstract: Digital Rights Management (DRM), unlike access control techniques, associates content with a rights object specifying content usage rules. The rights object is always bound with content and enforced wherever content is transferred and used. Such a rights object, in many cases, contains dynamic rights, which change with usage and time, e.g. play period, print count, and expire after a specific period. Most existing DRM techniques do not address the replay attack problem for dynamic rights. This problem has the greatest impact when the DRM mechanisms get integrated with authorised domains. In this paper we mainly focus on the replay attack for dynamic rights when it is transferred between member devices in an authorised domain, and when it is restored from an old backup enabling the reuse of an expired license. We also propose a novel mechanism for controlling and managing the consumption of dynamic rights between member devices in a domain. This is to provide a controlled environment for a user to transfer dynamic rights back and forth between domain devices in order to use content on any device member in the domain at a chosen time.

A Two-Step Execution Mechanism for Thin Secure Hypervisors

Abstract: Virtual Machine Monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.

Correlation Based Node Behavior Profiling for Enterprise Network Security

Abstract: Node behavior profiling is a promising tool for many aspects in network security. In our research, our goal is to couple node behavior profiles with statistical tests with a focus on enterprise security. Limited work has been done in the literature. In this paper, we first propose a correlation based node behavior profiling approach to study node behaviors in enterprise network environments. We then propose formal statistical test on the most common behavior profiles which is able to detect worm propagation. In our initial studies, we evaluate our profiling and detection schemes using real enterprise data (LBNL traces). The results show that the correlation based node behavior profiling approach can capture normal behaviors of different types. Consequently, the behavior profiles are promising for anomaly detection when coupled with statistical methods.

Enforcement of Security Properties for Dynamic MAC Policies

Abstract: This paper focuses on the enforcement of security properties fitting with dynamic Mandatory Access Control policies. It adds complementary results to previous works of the authors in order to better address dynamic policies. Previous works of the authors provide several advances for enforcing the security of MAC system.An administration language for formalizing a large set of security properties is available to system administrators. That language uses several flow operators and ease the formalization of the required security properties. A solution is also available for computing the possible violations of any security property that can be formalized using our language. That solution computes several flow graphs in order to find all the allowed activities that can violate the requested properties. That paper addresses remaining problems related to the enforcement of the same kind of properties but with dynamic MAC policies. Enforcement is more much complex if we consider dynamic policies since the states of those policies are theoretically infinite. A new approach is proposed for dynamic MAC policies. The major idea is to use a meta-policy language for controlling the allowed evolutions of those dynamic policies. According to those meta-policy constraints, the computation problem becomes easier. The proposed solution adds meta-nodes within the considered flow graphs. A general algorithm is given for computing the required meta-nodes and the associated arcs. The proposed meta-graphs provide an overestimation of the possible flows between the different meta-nodes. The computation of the possible violations within the allowed dynamic policies is thus allowed. Several concrete security properties are considered using regular expressions for identifying the requested meta-contexts. The resulting violations, within the allowed meta-graphs, are computed and real violations are presented.

A Security Pattern for Untraceable Secret Handshakes

Abstract: A security pattern describes a particular recurring security problem that arises in specific contexts and presents a well-proven generic solution for it. This paper describes an Untraceable Secret Handshake, a protocol that allows two users to mutually verify another’s properties without revealing their identity. The complex security solution is split into smaller parts which are described in an abstract way. The identified security problems and their solutions are captured as SERENITY security patterns. The structured description together with motivating scenarios makes the security solution better understandable for non-security experts and helps to disseminate the security knowledge to application developers.

Phishing and Countermeasures in Spanish Online Banking

Abstract: This paper surveys the current situation of phishing attacks in Spain and discuss some of the currently used countermeasures. Based on specialist interviews we estimate the costs of phishing to both individual clients and the banks. The focus of this paper is on authentication and transaction signing methods. We give examples of ”two-factor”and ”two-factor, two-channel” authentication and transaction signing methods that are more resistant to phishing than the currently used username/password + coordinates card method. We consider the costs usability and security of these more robust methods.

Quantification of the Effect of Security on Performance in Wireless LANs

Abstract: This paper investigates and quantifies the effect of different security protocols on the performance of a wireless LAN. Experiments were performed on a wireless test-bed and the data obtained was analyzed for throughput, delay and packet loss under different security scenarios. Both TCP and UDP traffic streams were analyzed at three different data rates. The effect of congestion is also quantified. The results reveal that no significant degradation in performance occurs by enabling security protocols in a wireless LAN.

Secure Routing Approach for Unstructured P2P Systems

Abstract: Although P2P systems have found its way into almost every field of application, the lack of adequate security concepts, research for specific security algorithms and implementations of suitable security mechanisms are still limiting their full potential. We are focusing on getting an overall view on the security of heterogeneous unstructured P2P systems and finding solutions to this challenging task. This work tries to make the first step towards secure unstructured P2P systems by applying security to routing. Existing secure routing protocols are either intended for structured P2P systems or use mechanisms not adequate for heterogeneous P2P system. We used the dynamic source routing protocol and proposed security extensions as foundation, adapted and modified the inherent principles to comply with the P2P concept and verified the applicability in a real world system.

A Credit-Based Incentive Mechanism for Recommendation Acquisition in Multihop Mobile Ad Hoc Networks

Abstract: Trust and reputation systems play an important role in collaborative operations in mobile ad hoc networks. However, the security of trust and reputation system itself is threatened by the existence of selfish nodes. Selfish nodes can make passive attacks on the foundational process of trust and reputation system, the recommendation acquisition, through non cooperation of packet forwarding and recommendation rendering. Existing trust and reputation systems commonly suffer from vulnerability caused by the failure of recommendation acquisition which refers to the unsuccessful recommendation information obtaining from one node to another node. A credit-based mechanism is proposed to address this problem by offering credits as incentives to both intermediate nodes and recommendation render nodes. Furthermore, competition between selfish nodes is explored to prevent selfish nodes being paid excessive credits. Simulation results show that the proposed mechanism can effectively improve the success rate of recommendation acquisition and lower the total paid payoffs.

Modeling Role-Based Privacy in Social Networking Services

Abstract: As social networking services are getting more and more common, the need for privacy enhancing options, sophisticated identity management and anonymity emerges. In this paper the authors propose using Role-Based Privacy as a response for these needs and introduce a novel model called Nexus-Identity Network that is capable of describing services extended with such functionality. The concerned principles of Role-Based Privacy are conferred in the paper and criteria are presented for anonymity. Conforming to the criteria the authors suggest storing the profiles of different identities in a tree hierarchy in a user-friendly manner. The analysis of anonymity shows that the network has a structure that can be easily interpreted similarly to graphs representing connections in regular social networks. The ease of profile management and network visualization are advantages of the Nexus-Identity Model which can make a social networking service privacy- and user-friendly as well.

Runtime Protection via Dataflow Flattening

Abstract: Software running on an open architecture, such as the PC, is vulnerable to inspection and modification. Since software may process valuable or sensitive information, many defenses against data analysis and modification have been proposed. This paper complements existing work and focuses on hiding data location throughout program execution. To achieve this, we combine three techniques: (i) periodic reordering of the heap, (ii) migrating local variables from the stack to the heap and (iii) pointer scrambling. By essentially flattening the dataflow graph of the program, the techniques serve to complicate static dataflow analysis and dynamic data tracking. Our methodology can be viewed as a data-oriented analogue of control-flow flattening techniques.Dataflow flattening is useful in practical scenarios like DRM, information-flow protection, and exploit resistance. Our prototype implementation compiles C programs into a binary for which every access to the heap is redirected through a memory management unit. Stack-based variables may be migrated to the heap, while pointer accesses and arithmetic may be scrambled and redirected. We evaluate our approach experimentally on the SPEC CPU2006 benchmark suite.

Fingerprint Texture Feature for Discrimination and Personal Verification

Abstract: Fingerprint is a reliable biometric which is used for personal verification. Current fingerprint verification techniques can be broadly classified as Minutiae-based, ridge feature-based and correlation-based each having its own merits and demerits. In this paper, we propose use of the statistical texture analysis of a fingerprint using spatial grey level dependence method (SGLDM) for discrimination and personal verification. This method extracts texture features by an algorithm based on the spatial grey level dependence method.The fingerprint images were randomly chosen from the fingerprint databases of FVC 2000 and FVC2002. Results show that fingerprint texture feature can be reasonably used for discrimination and for personal verification.

A Formal IT-Security Model for a Weak Fair-Exchange Cooperation with Non-repudiation Proofs

Abstract: This article presents a formal IT-security model for the step-by-step exchange of digital items. Following the taxonomy of Asokan the model presented here addresses the security requirements for a so-called “weak” fair exchange. “Weak” refers to the fact, that third parties are used to dissolve disputes. In this model, non-repudiation proofs are used in an external dispute to establish weak fairness. It shows how many unproved steps can be tolerated by one party without loss of fairness. The model is based on the idea of a “continuous balance of obligations and their proofs”. This idea was proposed 1993 by Grimm, but never since formalized properly.

The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes

Abstract: Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define Engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of Security know-how into UML profiles, we focus this work on the presentation of the Process of Engineering of Security into the formalism of Business Processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of Security of Information Systems into the formalism of business process, and presents the concepts of engineering of Security of Information Systems using the foundations and models of Information Systems Engineering.

List of Criteria for a Secure Computer Architecture

Abstract: The security of a digital system depends directly onthe security of the hardware platform the system is based on.The analysis of currently available computer architectures hasshown that such systems offer a lot of security gaps. This is dueto the fact that in the past hardware has only been optimizedfor speed - never for security. In this paper we propose a set ofhardware features to support system security.

Forward Secure ID-Based Group Key Agreement Protocol with Anonymity

Abstract: ID-based group key agreement (GKA) has been increasingly researched with the advantage of simple public key management. However, identities of group members can be exposed in the ID-based GKA protocol, so eavesdroppers can easily learn who belongs to the specific group. Recently, Wan et al. proposed a solution for this problem, an anonymous ID-based GKA protocol, which can keep group members’ anonymity to outside eavesdroppers; nevertheless, the protocol has some security flaws. This paper shows that Wan et al.’s GKA is insecure against colluding attack and their joining/leaving protocols do not guarantee forward and backward secrecy. We also propose a new forward secure ID-based GKA with anonymity from enhancing Wan et al.’s joining/leaving protocols. Our scheme provides forward and backward secrecy and is essentially just efficient as Wan et al.’s scheme.