Showing papers in "Journal of Information Security in 2010"
TL;DR: A Fictitious Play approach along a special game tree when the attacker is the leader and the administrator is the follower, which leads to a new, fast, adaptive learning algorithm.
Abstract: The interactions between attackers and network administrator are modeled as a non-cooperative non-zero-sum dynamic game with incomplete information, which considers the uncertainty and the special properties of multi-stage attacks. The model is a Fictitious Play approach along a special game tree when the attacker is the leader and the administrator is the follower. Multi-objective optimization methodology is used to predict the attacker’s best actions at each decision node. The administrator also keeps tracking the attacker’s actions and updates his knowledge on the attacker’s behavior and objectives after each detected attack, and uses it to update the prediction of the attacker’s future actions. Instead of searching the entire game tree, appropriate time horizons are dynamically determined to reduce the size of the game tree, leading to a new, fast, adaptive learning algorithm. Numerical experiments show that our algorithm has a significant reduction in the damage of the network and it is also more efficient than other existing algorithms.
43 citations
TL;DR: This paper examines some of the attacks developed for the iPhone as a way of investigating the iPhone’s security structure and analyzes the security holes that have been discovered and makes suggestions for improving iPhone security.
Abstract: The release of Apple’s iPhone was one of the most intensively publicized product releases in the history of mobile devices. While the iPhone wowed users with its exciting design and features, it also angered many for not allowing installation of third party applications and for working exclusively with AT & T wireless services (in the US). Besides the US, iPhone was only sold only in a few other selected countries. Software attacks were developed to overcome both limitations. The development of those attacks and further evaluation revealed several vulnerabilities in iPhone security. In this paper, we examine some of the attacks developed for the iPhone as a way of investigating the iPhone’s security structure. We also analyze the security holes that have been discovered and make suggestions for improving iPhone security.
28 citations
TL;DR: Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the victim computer but also significantly exhausts processing resource of other non-victim computers, which happen to be located on the same local area network as the victimComputer.
Abstract: ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to a victim computer within the same sub-network, and tie up the resource of attacked gateway or host. In this paper, we set to measure the impact of ARP-attack on resource exhaustion of computers in a local area network. Based on attack experiments, we measure the exhaustion of processing and memory resources of a victim computer and also other computers, which are located on the same network as the victim computer. Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the victim computer but also significantly exhausts processing resource of other non-victim computers, which happen to be located on the same local area network as the victim computer.
15 citations
TL;DR: This work proposes a novel method based on the intrinsic properties of resampling scheme to detect the tampered regions with the pre-calculated resampled weighting table and the periodic properties of prediction error distribution and shows that the proposed method outperforms the conventional methods in terms of efficiency and accuracy.
Abstract: With the rapid progress of the image processing software, the image forgery can leave no visual clues on the tampered regions and make us unable to authenticate the image. In general, the image forgery technologies often utilizes the scaling, rotation or skewing operations to tamper some regions in the image, in which the resampling and interpolation processes are often demanded. By observing the detectable periodic distribution properties generated from the resampling and interpolation processes, we propose a novel method based on the intrinsic properties of resampling scheme to detect the tampered regions. The proposed method applies the pre-calculated resampling weighting table to detect the periodic properties of prediction error distribution. The experimental results show that the proposed method outperforms the conventional methods in terms of efficiency and accuracy.
10 citations
TL;DR: The novel reinforcement to the data glove based dynamic signature verification system, using the Photometric measurement values collected simultaneously from photo plethysmography (PPG) during the signing process is the emerging technology and it is essential to look for other reinforcements such the variability factor considerations.
Abstract: The novel reinforcement to the data glove based dynamic signature verification system, using the Photometric measurement values collected simultaneously from photo plethysmography (PPG) during the signing process is the emerging technology. Skilled forgers try to attempt the genuine signatures in many numbers of trials. The wide gap in the Euclidian distances between forgers and the genuine template features prohibits them from successful forging. This has been proved by our repeated experiments on various subjects using the above combinational features. In addition the intra trial features captured during the forge attempts also differs widely in the case of forgers and are not consistent that of a genuine signature. This is caused by the pulse characteristics and degree of bilateral hand dimensional similarity, and the degrees of pulse delay. Since this economical and simple optical-based technology is offering an improved biometric security, it is essential to look for other reinforcements such the variability factor considerations which we proved of worth considering.
9 citations
Abstract: Trusted computing allows attesting remote system’s trustworthiness based on the software stack whose integrity has been measured. However, attacker can corrupt system as well as measurement operation. As a result, nearly all integrity measurement mechanism suffers from the fact that what is measured may not be same as what is executed. To solve this problem, a novel integrity measurement called dynamic instruction trace measurement (DiT) is proposed. For DiT, processor’s instruction cache is modified to stores back instructions to memory. Consequently, it is designed as a assistance to existing integrity measurement by including dynamic instructions trace. We have simulated DiT in a full-fledged system emulator with level-1 cache modified. It can successfully update records at the moment the attestation is required. Overhead in terms of circuit area, power consumption, and access time, is less than 3% for most criterions. And system only introduces less than 2% performance overhead in average.
8 citations
TL;DR: High density installation of the security cameras with very low cost can be realized in encryption with image encryption privacy protection function, and the privacy of the tourists is protected.
Abstract: For sustainable tourism, a novel method of security camera operation is proposed. In the method, security cameras, which encrypt the taken images and store them into the memory card inside, are used. Only when crimes occur, the memory cards are taken out from the cameras and the images are decrypted with the key and viewed by the city government and/or the police. When no crimes occur, images are overwritten by the new ones after a week automatically without being viewed by anyone. By using the stand-alone cameras without wiring to the control center, the installation cost and the operation cost are much lower than CCTV cameras. By using image encryption, the privacy of the tourists is protected. Using this system, high density installation of the security cameras with very low cost can be realized in encryption with image encryption privacy protection function
4 citations
TL;DR: A Multilevel Access control in Synchronized audio steganography is proposed, so that Audio files which are meant for the users of low level class can be listened by higher level users, whereas the vice-versa is not allowed.
Abstract: Steganography techniques are used in Multimedia data transfer to prevent adversaries from eaves dropping. Synchronized audio to audio steganography deals with recording the secret audio, hiding it in another audio file and subsequently sending to multiple receivers. This paper proposes a Multilevel Access control in Synchronized audio steganography, so that Audio files which are meant for the users of low level class can be listened by higher level users, whereas the vice-versa is not allowed. To provide multilevel access control, symmetric polynomial based scheme is used. The steganography scheme makes it possible to hide the audio in different bit locations of host media without inviting suspicion. The Secret file is embedded in a cover media with a key. At the receiving end the key can be derived by all the classes which are higher in the hierarchy using symmetric polynomial and the audio file is played. The system is implemented and found to be secure, fast and scalable. Simulation results show that the system is dynamic in nature and allows any type of hierarchy. The proposed approach is better even during frequent member joins and leaves. The computation cost is reduced as the same algorithm is used for key computation and descendant key derivation. Steganography technique used in this paper does not use the conventional LSB’s and uses two bit positions and the hidden data occurs only from a frame which is dictated by the key that is used. Hence the quality of stego data is improved.
4 citations
TL;DR: Two extensions of the strand space method to model Kerberos V are presented, including time and timestamps to model security protocols with timestamp and the definition of unsolicited authentication test is extended.
Abstract: In this paper, we present two extensions of the strand space method to model Kerberos V. First, we include time and timestamps to model security protocols with timestamps: we relate a key to a crack time and combine it with timestamps in order to define a notion of recency. Therefore, we can check replay attacks in this new framework. Second, we extend the classic strand space theory to model protocol mixture. The main idea is to introduce a new relation to model the causal relation between one primary protocol session and one of its following secondary protocol session. Accordingly, we also extend the definition of unsolicited authentication test.
3 citations
TL;DR: This paper formally model novel semantical features in Kerberos V such as timestamps and protocol mixture in this new framework and applies unsolicited authentication test to prove its secrecy and authentication goals of Kerbero V.
Abstract: In this paper, we show how to use the novel extended strand space method to verify Kerberos V. First, we formally model novel semantical features in Kerberos V such as timestamps and protocol mixture in this new framework. Second, we apply unsolicited authentication test to prove its secrecy and authentication goals of Kerberos V. Our formalization and proof in this case study have been mechanized using Isabelle/HOL.
3 citations
Journal Article•
TL;DR: The general usage of the User Agent in the HTTP Header is investigated, the Malware production techniques by transformation of the user-Agent information is studied and the technical and political counterplan against them is suggested.
Abstract: 최근 새로운 유형의 악성코드 발생이 꾸준히 증가하고 있으며 점점 지능화, 고도화되면서 그 형태 또한 다양한 형태로 변화하고 있다. 정보화산업의 발달로 정보의 경제적, 금전적 가치가 높아지면서 정보유출 악성코드로 인한 그 피해 또한 점점 더 증가하고 있다. 본 논문은 HTTP Header 정보 중 User-Agent의 일반적인 사용기법에 대해 알아본다. 또한, User-Agent 정보의 변조를 통한 다양한 악성코드 제작기법을 연구하고 이에 대한 기술적 정책적 대응방안을 제안한다. 【Nowadays, the occurrence of Malware is steadily increasing. The Malware is also becoming more intelligent, advanced and changing into various types. With the development of the information industry, the economic and monetary value of the information is going up and the damage due to the leaked information by the Malware is also increasing. This paper investigates the general usage of the User Agent in the HTTP Header, studies the Malware production techniques by transformation of the User-Agent information and suggests the technical and political counterplan against them.】
Journal Article•
TL;DR: It’s time to get used to the idea that TV isn’t as important as you might think when it comes to deciding who to trust.
Abstract: 스마트TV는 인터넷 콘텐츠와 양방향 서비스를 이용할 수 있으며, 운영체제를 탑재해 웹서핑, 앱스토어, 다양한 콘텐츠 등을 즐길 수 있다. 스마트TV 시장은 긴 TV교체주기, 시청방식 변화에 대한 적응기간 및 저작권 등의 문제로 스마트폰의 경우와는 다르게 단기간에 TV 시장을 점유해 나가지는 못할 것으로 예상되나, IPTV, 위성, 케이블 등의 실시간 방송 사업자가 스마트TV 플랫폼을 채택할 경우 스마트TV 시장은 예상보다 빠르게 확산될 수도 있다. 장기적으로는 구글, 애플, TV가전사 및 방송사 등 다양한 업체들이 경쟁하는 과정을 통해 스마트TV 시장이 확대되며, 미디어 시장을 장악할 것으로 예상된다. 최신 기술인 스마트TV를 연구하기 위해 스마트TV에 대하여 살펴보고 스마트TV 상에서 동작하는 위젯을 설계한다. 위젯은 데스크톱, 모 바일, IPTV 등 다양한 환경에서 구현가능하며 사용자들은 이미 다양한 기능과 종류의 위젯을 사용하고 있다. 특히 위젯의 장점의 사용자의 요구에 맞게 구현 가능하기 때문에 사용자들은 보다 효율적이고 자신에게 맞는 위젯을 원한다. 따라서 본 논문에서는 스마트TV 기반의 유아 관리 위젯을 제안한다. 【Smart TV, Internet content and interactive services are available, the operating system to mount the Web, App Store, you can enjoy a variety of content. Smart TV market, TV replacement cycle is long, watching for changes in the way copyright issues such as adaptation period and, unlike the case of a smart phone TV market in the short term are expected to occupy will not find, if IPTV, satellite, cable and real-time TV platform for broadcasters to adopt a smart, smart TV market could spread more quickly than expected. Long term, Google, Apple, TV gajeonsa and broadcasters to compete with various companies through the process of expanding the TV market is smart, the media are expected to dominate the market. Smart TV with the latest technology-related research and to investigate the Smart TV, Smart TV is designed based widgets. Widgets on the desktop, mobile, IPTV, etc. can be implemented in various environments and various features and types of users already are using the widget. In particular the advantages of the widget can be implemented to meet the needs of the users, because users to more efficiently and meet their desired widget. In this paper, propose Smart-TV-based Baby management widget.】
Journal Article•
TL;DR: “ 국가 간의 기술 경쟁 시대에 돌입한 현 효과적”.
Abstract: 정보통신의 눈부신 발전은 생활의 편리함과 더불어 산업기술 발전을 도모하였다. 국가 간의 기술 경쟁 시대에 돌입한 현 시점에 국가 뿐만 아니라 기업 간의 기술 확보와 기술 경쟁이 치 열하게 이루어지고 있다. 이렇게 산업기밀의 유출로 인한 피해는 그 회사나 국가의 존폐를 위협 할 정도로 위협적이기 때문에 이를 효과적으로 예방하고 관리하는 기술이 국내․외적으로 이루 어지고 있다. 현재 산업기밀 유출을 방지하기 위한 연구는 크게 물리적 보안 기술과 정보보호 보안 기술로 구분되어 연구되고 있다. 산업기밀 보호에서의 물리적 보안 기술은 출입통제시스 템, 접근권한시스템, 도난방지 시스템과 같은 물리적 공간이나 물리적 장치의 접근과 사용을 보 안 관리하는 것이며, 정보보호 보안 기술은 네트워크 트래픽 모니터링, 이메일 모니터링, USB 사용 모니터링, 기밀 파일 접근 통제 모니터링 등의 통신이나 소프트웨어 및 전자문서의 접근과 사용을 보안 관리하는 기술이다. 본 논문은 산업기밀 보호 체계에 있어서 물리적 보안과 정보보 호의 이런 이분화 된 보안 체계의 문제점을 도출하고 이를 효과적으로 해결하고 융합할 수 있 는 방안을 제시한다.
Journal Article•
TL;DR: This paper analyzes the current status and problems of the existing malware evidence collection tools and suggests new ways to improve those problems.
Abstract: 최근 경제적 이득을 얻기 위한 목적으로 개인정보 신용정보 금융정보 등을 외부로 유출하는 악성코드가 증가하고 있으며 명의도용, 금융사기 등 2차 피해 또한 급증하고 있다. 그런데 정보유출형 악성코드에 감염되었을 경우 이를 탐지하고 대응할 수 있는 악성코드 증거 수집 도구가 증거를 수집하지 못하기 때문에 보안담당자가 침해사고를 처리하는데 많은 어려움을 겪고 있다. 본 논문은 기존 윈도우 기반 악성코드 증거 수집 도구의 현황과 문제점을 분석하고 이를 개선 할 수 있는 새로운 모듈을 제시한다. 【Recently a malware is increasing for leaking personal data, credit information, financial information, etc. The secondary damage is also rapidly increasing such as the illegal use of stolen name, financial fraud, etc. But when a system is infected by a malware of leaking information, the existing malware evidence collection tools do not provide evidences conveniently or sometimes cannot provide necessary evidences. So security officials have much difficulty in responding to malwares. This paper analyzes the current status and problems of the existing malware evidence collection tools and suggests new ways to improve those problems.】