Showing papers in "Operating Systems Review in 2004"
TL;DR: Kim et al. as discussed by the authors showed how a passive eavesdropper, without access to any smart card, password or fingerprint, and after passively eavesdropping only one legitimate log-on, can subsequently log on to the server claiming any identity.
Abstract: In a paper recently published in the ACM Operating Systems Review, Kim, Lee and Yoo [1] describe two ID-based password authentication schemes for logging onto a remote network server using smart cards, passwords and fingerprints. Various claims are made regarding the security of the schemes, but no proof is offered. Here we show how a passive eavesdropper, without access to any smart card, password or fingerprint, and after passively eavesdropping only one legitimate log-on, can subsequently log-on to the server claiming any identity.
57 citations
TL;DR: A security flaw is pointed out in a fingerprint-based remote user authentication scheme using smart cards, that is, legitimate users can conspire to forge 2-1 valid IDs and PWs for successfully passing the system authentication.
Abstract: In 2002, Lee, Ryu, and Yoo proposed a fingerprint-based remote user authentication scheme using smart cards. The scheme makes it possible for authenticating the legitimacy of each login user without any password table. In addition, the authors claimed that the scheme can withstand message replay attack and impersonation. In this paper, we shall point out a security flaw in this scheme, that is, n legitimate users can conspire to forge 2n-n-1 valid IDs and PWs for successfully passing the system authentication. Furthermore, we also show that the authentication equation is incorrect. Thus, the scheme is unworkable.
56 citations
TL;DR: This paper reviews the distributed mutual exclusion algorithms developed for mobile environments and principally for ad hoc networks and discusses some issues.
Abstract: The problem of mutual exclusion has been extensively studied in distributed systems. The proposed solutions can be mainly classified in consensus based and token based protocols. Some of the proposed solutions consider the physical topology of the networks and try to provide optimal message exchange and minimal synchronisation delays. Others, impose a logical structure on the network like a ring or a tree. Recently, the mutual exclusion problem received an interest for mobile ad hoc networks. These networks are known as a challenging domain. To our knowledge, few algorithms have been proposed in the literature and all of them are token based approach. In this paper, we review the distributed mutual exclusion algorithms developed for mobile environments and principally for ad hoc networks and discuss some issues.
42 citations
TL;DR: This paper proposes a more secure hash-based strong-password authentication scheme without using smart cards, and shows that Lin-Shen-Hwang's scheme suffers from a replay attack and a denial-of-service attack.
Abstract: So far, many strong-password authentication schemes have been proposed, however, none is secure enough. In 2003, Lin, Shen, and Hwang proposed a strong-password authentication scheme using smart cards, and claimed that their scheme can resist the guessing attack, the replay attack, the impersonation attack, and the stolen-verifier attack. Later, Ku, Tsai, and Chen showed that Lin-Shen-Hwang's scheme suffers from a replay attack and a denial-of-service attack. Herein, we propose a more secure hash-based strong-password authentication scheme without using smart cards.
32 citations
TL;DR: A one-time password authentication scheme that uses lighter computation and considers the limitations of mobile devices is proposed in this paper and is free from replay attacks, server spoofing attacks, off-line dictionary attacks, active attacks, and revelation of message contents.
Abstract: In recent years, m-commerce technology has been maturing. Various mobile devices are now designed to help users reach the servers of service providers and to process tasks such as stock trading, product purchasing, product information collecting, and so on. Once the services are only available to the members, authentication is applied to verify the identities of users. However, most current authentication methods used in m-commerce are designed for wired networks and require high computation costs, making them unsuitable for wireless environments.A one-time password authentication scheme that uses lighter computation and considers the limitations of mobile devices is proposed in this paper. Meanwhile, the proposed scheme is free from replay attacks, server spoofing attacks, off-line dictionary attacks, active attacks, and revelation of message contents.
24 citations
TL;DR: It is shown that an attacker can easily prevent the normal use of communication facilities by performing the attack and an enhancement of the scheme is proposed to isolate such a problem.
Abstract: Recently, Lee et al. proposed an improvement on Peyravian and Zunic scheme to make the protocol withstand the guessing attack. However, their scheme suffers from a denial of service attack. In this paper, we show that an attacker can easily prevent the normal use of communication facilities by performing the attack. We also propose an enhancement of the scheme to isolate such a problem.
23 citations
TL;DR: The paper evaluates the efficiency of FSRM by experimental result and shows the performance enhancement, which makes FDRM more sensitive to the change of system behavior.
Abstract: This paper presents a novel decentralized dynamic replication management mechanism based on accessing frequency detecting (FDRM).In FDRM, in order to provide better system performance and reduce network traffic, system node scans the local replica of a certain file to detect its access pattern, and makes decision independently to add, delete or migrate a replica for that file. In addition, the scanning interval of a replica is variable according to the accessing frequency to that replica, which makes FDRM more sensitive to the change of system behavior, and we can get better performance with less system overhead. In the end, the paper evaluates the efficiency of FSRM by experimental result and shows the performance enhancement.
22 citations
TL;DR: Memory can be efficiently utilized if the dynamic memory demands of applications can be determined and analyzed at run-time and the page miss ratio curve, i.e. page miss rate vs. memory size curv...
Abstract: Memory can be efficiently utilized if the dynamic memory demands of applications can be determined and analyzed at run-time. The page miss ratio curve(MRC), i.e. page miss rate vs. memory size curv...
20 citations
TL;DR: Hints are provided to help DIMA designers to choose appropriate consistency models by first presenting meaningful psycho-perceptive characteristics of the real-world interactions and then discussing various consistency models according to them.
Abstract: Distributed Interactive Multimedia Applications (DIMA) are "human in the loop" applications. Their aim is to support real-world like interactions through a virtual world in a broader sense. However, propagation delays, jitter and losses due to network communications naturally lead to inconsistencies, when local and remote actions performed by users/clients are played out. This constraint makes the management of replicated multimedia shared data a real challenge. In the literature, various consistency models are proposed and each of them brings their own complexity and distortion among interactions. In this paper, we provide hints to help DIMA designers to choose appropriate consistency models by first presenting meaningful psycho-perceptive characteristics of the real-world interactions and then discussing various consistency models according to them.
17 citations
TL;DR: The device driver architectures currently used by two of the most popular operating systems, Linux and Microsoft's Windows, are examined and driver components required when implementing device drivers for each operating system are presented and compared.
Abstract: In this paper the device driver architectures currently used by two of the most popular operating systems, Linux and Microsoft's Windows, are examined. Driver components required when implementing device drivers for each operating system are presented and compared. The process of implementing a driver, for each operating system, that performs I/O to a kernel buffer is also presented. The paper concludes by examining the device driver development environments and facilities provided to developers by each operating system.
16 citations
TL;DR: The improved protocol is able to defeat the modification attack and is as efficient as the Hwang-Shiau-Lai protocol and provides the perfect forward secrecy.
Abstract: Recently, Hwang, Shiau and Lai proposed an efficient authentication key exchange protocol to decrease the computation cost of the Harn-Lin improved protocol. However, the Hawang-Shiau-Lai protocol cannot withstand the modification attack. Therefore, this paper will propose an improved protocol to enhance the security of the Hwang-Shiau-Lai protocol. The improved protocol is able to defeat the modification attack and is as efficient as the Hwang-Shiau-Lai protocol. Moreover, the improved protocol also provides the perfect forward secrecy.
TL;DR: This paper is a survey of the works of root kits from an operating systems point of view.
Abstract: Root Kits are tool boxes containing a collection of highly skilled tools for attacking computer systems. Their algorithms and databases contain professional knowledge about methods and mechanisms for completely automated attacks both over a network as well as from within a system. Root kits attack by maneuvering a system into executing a script with supervisor privileges. Once having gained full control, such scripts begin to install several software packages, including backdoors for easy future access, deception packages and modified versions of administration utilities that conceal system modifications and refuse to counterattack any future infiltration.The security threat imposed by root kits is quite serious. A root kit attack is swift, fully automatic, and has long-lasting effects. An attack has a high success probability, and it requires only a very small amount of knowledge. Last not least, root kits axe easily available in the Internet.This paper is a survey of the works of root kits from an operating systems point of view. Keywords: error exploitation, error proliferation, privilege proliferation, kernel abstractions, trusted computing base, reference monitor, security domains, mandatory and discretionary access control, secure booting, secure program execution
TL;DR: The most commonly used approach is checkpoint and restart (CPR) as discussed by the authors, which is the state-of-the-art approach for long-running applications to tolerate hardware faults.
Abstract: Trends in high-performance computing are making it necessary for long-running applications to tolerate hardware faults. The most commonly used approach is checkpoint and restart (CPR) - the state o...
[...]
TL;DR: Power density in high-performance processors continues to increase with technology generations as scaling of current, clock speed, and device density outpaces the downscaling of supply voltage and....
Abstract: Power density in high-performance processors continues to increase with technology generations as scaling of current, clock speed, and device density outpaces the downscaling of supply voltage and ...
TL;DR: In this article, a low-power wireless sensor network asynchronous processor (SNAP/LE) is proposed for low power wireless sensor-network nodes, which is based on an asynchronous DNN.
Abstract: We present a novel processor architecture designed specifically for use in low-power wireless sensor-network nodes. Our sensor network asynchronous processor (SNAP/LE) is based on an asynchronous d...
TL;DR: A secure strong-password authentication protocol is presented to overcome the disadvantages of the OSPA protocol and the denial-of-service attack.
Abstract: Password authentication protocols are divided into two types. One employs the easy-to-remember password while the other requires the strong password. In 2001, Lin et al. proposed an optimal strong-password authentication protocol (OSPA) to resist the replay attack and the denial-of-service attack. However, Chen and Ku pointed out that the OSPA protocol is vulnerable to the stolen-verifier attack. Hence, Lin et al. presented an enhancement in 2003. Nevertheless, mutual authentication is not ensured in Lin et al.'s protocol such that it suffers from the server spoofing attack. Moreover, Lin et al.'s protocol is also vulnerable to the denial-of-service attack. As a result, we present a secure strong-password authentication protocol in this paper to overcome their disadvantages.
TL;DR: This paper presents the incorporation of the Public Key Infrastructure (PKI) security model for S IBBS, a prototype system with the security elements as well as the implementation of the SIBBS was successfully developed and tested.
Abstract: In the Differentiated Services (DiffServ) architecture, each domain has a Bandwidth Broker to provide the resources management, primarily bandwidth reservation. In a multi-domain environment, Simple Inter-domain Bandwidth Broker Signaling (SIBBS) protocol is proposed for the inter-domain communication protocol proposed for bandwidth broker communication. Since the information exchanged between BBs are sensitive in sense of Service Level Agreement (SLA), the communications between the inter-domain bandwidth brokers should be protected from attacks. This paper presents the incorporation of the Public Key Infrastructure (PKI) security model for SIBBS. A prototype system with the security elements as well as the implementation of the SIBBS was successfully developed and tested.
TL;DR: This work proposes a improved version of the S/Key scheme, preserving the same properties and withstanding the stolen-verifier attack, without limiting the login times.
Abstract: With the one-time password concept, the S/Key scheme is widely utilized by the protocols with limited login times to defend against replay attack. By employing the simple and unidirectional hash function, the improved version of the S/Key scheme is proposed to withstand spoofing attack, pre-play attack and off-line dictionary attack. However, the schemes limit login times. Hence, we propose a scheme, preserving the same properties and withstanding the stolen-verifier attack, without limiting the login times.
TL;DR: Some of the issues that have kept the Exokernel design from being the main-stream approach are explored and solutions to these issues are proposed, trying to motivate the reader to embrace theExokernel approach.
Abstract: The modern operating system is currently caught in a tug-of-war between two forces. At one end, there is a force that is demanding that the operating system become more flexible to handle the needs of evolving hardware and evolving user applications. At the other end, there is a force that is demanding that the operating system become more efficient to meet the needs of faster hardware. If the modern operating system does not keep pace with these two forces, it could cause the progress in computer design to become stagnant.One possible solution to this problem is the Exokernel Operating System - an extensible (or easily modifiable) operating system developed at the Massachusetts Institute of Technology. Extensibility allows the operating system to be flexible to change and also open to optimization.Extensibility within an operating system has resulted in several new issues. For example, extensibility seems to make customer-support harder to provide. Furthermore, some multithreaded applications perform worse in an extensible environment. Lastly, some have argued that it is optimization, not extensibility, that should be credited for the enhanced operating system speeds.In this paper, we discuss the Exokernel Operating System with some detail. We explore some of the issues that have kept the Exokernel design from being the main-stream approach. We propose solutions to these issues and we conclude by trying to motivate the reader to embrace the Exokernel approach.
TL;DR: This short paper briefly reviews the key elements of Cho and Garcia-Molina's work and simplifies their derivation by using renewal reward theory, with a focus on formulation of the notion of additive age.
Abstract: Motivated by the work of cache freshness by Cho and Garcia-Molina [2], we present a new metric called additive age as an extension of existing freshness metrics. The additive age, being formulated somewhat differently, deviates from existing freshness metrics in its ability to better quantify the impact of frequently updated content on cache freshness. Mathematical result shows that the long-run average additive age is proportional to λT2, where λ is the change rate of source content, and T the refresh interval. This short paper briefly reviews the key elements of Cho and Garcia-Molina's work and simplifies their derivation by using renewal reward theory, with a focus on formulation of the notion of additive age.
TL;DR: It is concluded that Running-Mode Analysis of three-principal cryptographic protocol is available and the Davis Swick protocol is analyzed and successfully proved to prove the security of this protocol.
Abstract: Based on the model checking theory, we derive the Running-Mode Analysis of three-principal cryptographic protocols from the Running-Mode Analysis of two-principal cryptographic protocols. To test this method, we analyze the Davis Swick protocol and successfully prove the security this protocol. Therefore, we can draw a conclusion that Running-Mode Analysis of three-principal cryptographic protocol is available.
TL;DR: This article will show that Shi's group signature scheme, based on the discrete logarithm problem, will be subjected forgery attack.
Abstract: Group signature has been proposed for many years, those schemes are still not efficient. In 2002, Shi proposed a group signature scheme based on the discrete logarithm problem. In Shi's scheme, he claims that his scheme is efficient compared to previous proposed schemes. Although his scheme is better than others, the scheme is not secure. In this article, we will show that Shi's scheme will be subjected forgery attack.
TL;DR: This paper presents a method that predicts the locality phases of a dynamic program locality using a convolutional neural network and shows promise in understanding how the memory hierarchy becomes adaptive.
Abstract: As computer memory hierarchy becomes adaptive, its performance increasingly depends on forecasting the dynamic program locality. This paper presents a method that predicts the locality phases of a ...
TL;DR: This document shows the basic internals of the networking code of Linux kernel and discusses the efficiency of the existing implementation in the 2.6 version.
Abstract: The fast evolution and increase in use of nowadays networks forces researchers to look for efficient ways of managing all the information that travels through those networks. Added to that, the growing use of Linux as main operating system for servers and big grid computing farms, has developed many research lines for increasing the networking capabilities and efficiency of the kernel code.Having that in mind, this document shows the basic internals of the networking code of Linux kernel and discusses the efficiency of the existing implementation in the 2.6 version. Besides, various tests are done for detecting existing bottlenecks in the networking core. Finally are also exposed guidelines for improving certain aspects of the kernel networking behaviour.
TL;DR: Tracing garbage collectors traverse references from live program variables, transitively tracing out the closure of live objects.
Abstract: Tracing garbage collectors traverse references from live program variables, transitively tracing out the closure of live objects. Memory accesses incurred during tracing are essentially random: a g...
TL;DR: The problem with typical protecting method using hash functions is discussed and a scheme that protects the rule in firewall using cryptographic algorithm is proposed.
Abstract: This paper discusses the problem of protecting security policies and other related information in security mechanisms, such as the filtering policy of a firewall in distributed or ubiquitous environment. Unauthorized disclosure of such information might reveal the fundamental principles and methods for the protection of the whole network. We discuss the problem with typical protecting method using hash functions and we propose a scheme that protects the rule in firewall using cryptographic algorithm.
TL;DR: This paper shall point out that Shen et al.'s improvement is vulnerable to the forgery attack and find their scheme still cannot resist Sun and Yeh's attack, and propose a solution to resist the above attacks.
Abstract: Recently, Yang and Shieh proposed a timestamp-based and a nonce-based password authentication schemes. In 2002, Chan and Cheng pointed out that Yang and Shieh's timestamp-based password authentication scheme was vulnerable to the forgery attack. However, in 2003, Sun and Yeh pointed out that Chan and Cheng's attack was unreasonable. At the same time, Sun and Yeh pointed out that Yang and Shieh's password authentication schemes were still vulnerable to the forgery attack. Later Shen et al. proposed a modified scheme to resist Chan and Cheng's attack. In this paper, we shall point out that Shen et al.'s improvement is vulnerable to the forgery attack and find their scheme still cannot resist Sun and Yeh's attack. At the same time, we shall propose a solution to resist the above attacks.
TL;DR: A simple password authentication scheme for multi-server environments that can authorize many servers at one time so that the users who have registered with various servers do not need to remember different login passwords for each.
Abstract: Traditional remote password authentication schemes allow a user to submit his identity and its corresponding password. Then, through a specific algorithm, the server authenticates its users alone. Because these schemes are independent and each scheme develops a specific algorithm by itself, the development cost and computing cost are very high. To avoid the rise in costs, we present a simple password authentication scheme for multi-server environments. The scheme can generate a public polynomial that contains a specific Access Right (AR). The AR means the legal users have different level of authorization based on which server in the multi-server environment in used. Furthermore, the scheme can verify the authorization without a password table. The scheme can authorize many servers at one time so that the users who have registered with various servers do not need to remember different login passwords for each. The scheme also allows users to choose their passwords freely and update it off-line.
TL;DR: In order to achieve non-repudiation of public key, two improvements of key authentication scheme for non- Repudiation are discussed in this paper.
Abstract: In 1996, Horng and Yang proposed a key authentication scheme that requires no authorities. However, it is vulnerable to the guessing attack. An intruder can try out a password and forge the public key. To amend this problem, an improved authentication scheme intended to prevent the guessing attack and the forging problem was proposed by Zhan et al. in 1999. However, their scheme did not achieve non-repudiation of public key. In order to achieve non-repudiation of public key, two improvements of key authentication scheme for non-repudiation are discussed in this paper.