Showing papers in "Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications in 2011"

Insiders and Insider Threats: An Overview of Definitions and Mitigation Techniques

Abstract: Threats from the inside of an organization’s perimeters are a significant problem, since it is difficult to distinguish them from benign activity. In this overview article we discuss defining properties of insiders and insider threats. After presenting definitions of these terms, we go on to discuss a number of approaches from the technological, the sociological, and the socio-technical domain. We draw two main conclusions. Tackling insider threats requires a combination of techniques from the technical, the sociological, and the socio-technical domain, to enable qualified detection of threats, and their mitigation. Another important observation is that the distinction between insiders and outsiders seems to loose significance as IT infrastructure is used in performing insider attacks. Little real-world data is available about the insider threat [1], yet recognizing when insiders are attempting to do something they should not on a corporate or organizational (computer) system is an important problem in cyber and organizational security in general. This “insider threat” has received considerable attention, and is cited as one of the most serious security problems [2]1. It is also considered the most difficult problem to deal with because insiders often have information and capabilities not known to external attackers, and as a consequence can cause serious harm. Yet, little real-world data is available about the insider threat. Especially in the US, there has been substantial research to better understand insider threats and develop more effective approaches. Starting in 1999, RAND conducted a series of workshops to elucidate the necessary research agenda to address this problem [3, 4, 5]. In parallel, the Defense Department produced its own report [6], outlining both a set of policy changes and research directions aimed at addressing the insider threat. Since then, a rich literature studying various aspects of the insider threat problem has emerged. However, the motivation for work on insider threats appears to differ among countries. Much of the interest in the US seems arguably derives from highly public and damaging national security incidents; Robert Hanssen (arrested in 2001) was an FBI insider who stole and sold secrets to the Russians, and most recently Bradley Manning, a US Army soldier and insider, provided Wiki Leaks with numerous sensitive US government documents. European interest on the other hand appears mostly driven from criminal acts committed by privately employed insiders, as in the $7 billion dollar fraud committed against the French bank Societe Generale by one of its traders, Jerome Kerviel. Several issues make attacks performed by insiders especially difficult to deal with both from a research and practitioners perspective. There is no uniform or widely accepted definition of either the “insider” or the “insider threat”. Indeed, we are forced to conclude that the definition chosen depends on the threat of concern to the specific audience; unfortunately sometimes terminology is used without the precise definition being made clear. Real-world data sets are almost completely missing, a problem shared across cyber security [7], but particularly acute for insider threats. Because by definition the insider is already within at least some element of the organization’s security perimeter, security approaches applicable to the “outsider” may not be equally effective for insiders. As a consequence, the insider poses unique security threats arising from his privileged status. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, volume: 2, number: 1, pp. 4-27 1The 2008 CSI Computer Crime and Security Survey ranks “insider abuse” second only to viruses in terms of attack types experienced by respondents.

Representing humans in system security models: An actor-network approach

Abstract: System models to assess the vulnerability of information systems to security threats typically represent a physical infrastructure (buildings) and a digital infrastructure (computers and networks), in combination with an attacker traversing the system while acquiring credentials. Other humans are generally not included, as their behaviour is considered more difficult to express. We propose a graph-based reference model for reasoning about access in system models including human actions, inspired by the sociological actor-network theory, treating humans and non-humans symmetrically. This means that humans can employ things to gain access (an attacker gains access to a room by means of a key), but things can also employ humans to gain access (a USB stick gains access to a computer by means of an employee), leading to a simple but expressive model. The model has the additional advantage that it is not based on containment, an increasingly problematic notion in the age of disappearing boundaries between systems. Based on the reference model, we discuss algorithms for finding attacks, as well as examples. The reference model can serve as a starting point for discussing representations of human behaviour in system models, and for including human behaviour in other than graph-based approaches.

A lightweight security framework for wireless sensor networks

Abstract: Wireless sensor networks are a promising future of many commercial and military applications. However, these networks pose unique security challenges. While the deployment of sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks, the inherent power and memory limitations of sensor nodes makes conventional security solutions unfeasible. Though there has been some development in the field of sensor network security, the solutions presented thus far address only some of security problems faced. The deployment of sensor networks in many sensitive applications requires an ample solution. This paper presents a computationally lightweight security framework to provide a comprehensive security solution against the known attacks in sensor networks. The proposed framework consists of four interacting components: a secure triple-key scheme (STKS), secure routing algorithms (SRAs), a secure localization technique (SLT) and a malicious node detection mechanism. Singly, each of these components can achieve certain level of security. However, when deployed as a framework, a high degree of security is achievable. The framework takes into consideration the communication and computation limitations of sensor networks. While there is always a tradeoff between security and performance, experimental results prove that the proposed framework can achieve high degree of security with negligible overheads.

Enhancing SVO logic for mobile IPv6 security protocols

Abstract: In order to protect Mobile Internet Protocol Version 6 (MIPv6), considerable researches have been made, consequently followed by various security protocols, which are based on public key cryptography. Especially, depending on a proper address based public key method, these protocols use each node’s address as a public key certificate to authenticate its public key because no global public key infrastructure is available in MIPv6 environments. In addition, they execute an appropriate address test to check if a node exists at its claimed address. With such security features, the protocols prevent critical attacks including redirect, man-in-the middle, and denial of service ones. On the other hand, it is clearly of paramount importance to formally evaluate the MIPv6 security protocols to design them without flaws. Unfortunately, there is lack of the formal verification method to precisely reason about their correctness while considering their unique security properties to our best knowledge. In this paper, we propose an extended SVO logic for the thorough verification of the MIPv6 security protocols. Then, we show its effectiveness by applying the proposed logic to four security protocols.

A server-aided computation protocol revisited for confidentiality of cloud service

Abstract: In cloud-computing services, using the SSL/TLS protocol is not enough to ensure data confidentiality. For instance, cloud service providers can see the plaintext after the decryption at the end point of a secure channel. It is wise to introduce an encryption layer between the service client and the communication channel so the data will not be seen by the cloud service provider. The encryption/decryption process should be light for cases where a cloud-service user has a low-power device such as a smart phone. We pay attention to server-aided computation as an approach of speeding up cryptographic processing. On the other hand, for future cloud services, homomorphic encryption is a useful primitive for cryptographic protocols. In this paper, we propose a server-aided computation protocol using ElGamal encryption, which is homomorphic. The proposed protocol is secure under the discrete logarithm assumption for passive and active attacks. Furthermore, we present experimental results suggesting that the processing time of the proposed protocol is shorter than the original ElGamal encryption.

Direction-based wireless remote controller: A smartphone application

Abstract: Recently, smartphones have been used as remote controllers for home appliances through connectivity of mobile telecom network or Wi-Fi. To control several home appliances in a room, a mechanism is required for a smartphone to correctly select the target appliance. Through the built-in electronic compass function in the smartphone, we propose a scheme called Point-and-Control (PnC) that allows a user to select a home appliance by pointing the smartphone to that home appliance. In this paper, we design the PnC and show the performance of this solution. Our study indicates that the PnC can effectively achieve the remote control function.

Efficient and Low-Cost RFID Authentication Schemes

Abstract: Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Supply-chain, inventory management are the areas where low-cost and secure batchmode authentication of RFID tags is required. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also necessary to thwart any illegal attempt to read the tags. With an objective to design a tracking, cloning, and replay attack resistant low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based protocol using symmetric keys, named YA-TRAP∗. However, resistance against timing attack is very important for timestamp-based schemes, and the timestamps should be renewed in regular intervals to keep the tags operative. Although YA-TRAP∗ achieves its target security properties, it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can be freely selected by an adversary. Moreover, in YA-TRAP∗, reader authentication is not provided, and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP∗ by preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding the threshold. Our protocols also achieve other security properties like forward security, resistance against cloning, replay, and tracking attacks. Moreover, the computation and communication costs are kept as low as possible for the tags. It is important to keep the communication cost as low as possible when many tags are authenticated in batch-mode. By introducing aggregate function for the reader-to-server communication, the communication cost is reduced. We also discuss different possible applications of our protocols. Our protocols thus capture more security properties and more efficiency than YA-TRAP∗. Finally, we show that our protocols can be implemented using the current standard low-cost RFID infrastructures.