scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Tutorial: Security in computer networks and distributed systems

01 May 1996-Computer Communications (Elsevier)-Vol. 19, Iss: 5, pp 379-388
TL;DR: Some of the commonly known security threats, together with the security services and state-of-the-art mechanisms that can be used to provide protection against these threats are introduced.
About: This article is published in Computer Communications.The article was published on 1996-05-01. It has received 12 citations till now. The article focuses on the topics: Security service & Computer security model.
Citations
More filters
Journal ArticleDOI
TL;DR: This paper identifies and presents the most likely ''places'' where hidden information can be exchanged using an SCTP, and this analysis can be treated as a ''guide'' when developing steganalysis (detection) tools.

30 citations


Cites background from "Tutorial: Security in computer netw..."

  • ...In an ideal situation, the existence of the hidden communication cannot be detected by third parties....

    [...]

Posted Content
TL;DR: In this paper, a complete analysis of information hiding in Stream Control Transmission Protocol (SCTP) is presented, and this analysis can be used as a "guide" when developing steganalysis (detection) tools.
Abstract: The STCP (Stream Control Transmission Protocol) is a candidate for a new transport layer protocol that may replace the TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol) protocols in future IP networks. Currently, the SCTP is implemented in, or can be added to, many popular operating systems (Windows, BSD, Linux, HPUX or Sun Solaris). This paper identifies and presents all possible "places" where hidden information can be exchanged using an SCTP. The paper focuses mostly on proposing new steganographic methods that can be applied to an SCTP and that can utilise new, characteristic SCTP features, such as multi-homing and multi-streaming. Moreover, for each method, the countermeasure is covered. When used with malicious intent, a method may pose a threat to network security. Knowledge about potential SCTP steganographic methods may be used as a supplement to RFC5062, which describes security attacks in an SCTP protocol. Presented in this paper is a complete analysis of information hiding in an SCTP, and this analysis can be treated as a "guide" when developing steganalysis (detection) tools.

27 citations

Patent
02 Nov 1998
TL;DR: In this article, the authors present a distributed object system comprising at least one object distributing server, one client terminal and one server object execution server, including an object distribution server for storing an object program to which an electronic signature is affixed; a client terminal including means for downloading the object program from the distribution server, means for verifying the electronic signature affixed to the program, and means for executing the client object program when the completeness of the program is confirmed and the user of the client terminal beforehand permits execution of the application.
Abstract: A distributed object system comprising at least one object distributing server, at least one client terminal and at least one server object execution server according to the present invention, including: an object distributing server for storing an object program to which an electronic signature is affixed; a client terminal including means for down-loading the object program from the object distributing server, means for verifying the electronic signature affixed to the object program, means for executing the client object program when the completeness of the object program is confirmed and the user of the client terminal beforehand permits execution of the client object program which is electronically signed by a signatory, and means for transmitting the electronic signature affixed to the object program to a server object execution server; and a server object execution server including means for verifying the signature received, and means for supplying services to the user of the client terminal when the completeness of the object program is confirmed and the user and the object program permit use of the services in advance, which makes it possible to prevent a client object which is down-loaded to a client terminal through a network and executed therein from carrying out unjustified processing (not intended by a user using the client terminal) by using authority of the user.

26 citations

Patent
16 Jul 1997
TL;DR: In this article, a request for a time stamp and a location stamp from a user in a transactional flow application is made over an open network such as the Internet, for example from a World Wide Web site.
Abstract: Where sensitive information forming part of a transactional flow application is required to be sent over an open network such as the Internet, for example from a World Wide Web site, a time stamp and a location stamp are included in a request for such information from a user. The time stamp carries the time at which a previous page in the application was sent to the client and the location stamp carries the client address as provided for that previous page. Preferably the stamps are encrypted and are thus protected at the user location.

11 citations

Journal ArticleDOI
TL;DR: A conceptual framework for network security that provides a basis to address, fundamentally, every weakness in a given network and can facilitate electronic commerce by devising fixed routing across networks of known security.
Abstract: This article Introduces a conceptual framework for network security that provides a basis to address, fundamentally, every weakness In a given network. The principal objective of the frame work Is to provide a basis to determine the resulting security of a composite network that Is formed from connecting two or more networks with known security. Using asynchronous transfer mode (ATM), this framework can facilitate electronic commerce by devising fixed routing across networks of known security.

8 citations

References
More filters
Journal ArticleDOI
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.

14,659 citations

Proceedings Article
01 Apr 1992
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Abstract: This document describes the MD5 message-digest algorithm. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. This memo provides information for the Internet community. It does not specify an Internet standard.

3,514 citations

01 Jan 1992

3,158 citations

Journal ArticleDOI
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.

2,671 citations

Journal ArticleDOI
TL;DR: This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols.
Abstract: Authentication protocols are the basis of security in many distributed systems, and it is therefore essential to ensure that these protocols function correctly. Unfortunately, their design has been extremely error prone. Most of the protocols found in the literature contain redundancies or security flaws. A simple logic has allowed us to describe the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication. We have been able to explain a variety of authentication protocols formally, to discover subtleties and errors in them, and to suggest improvements. In this paper we present the logic and then give the results of our analysis of four published protocols, chosen either because of their practical importance or because they serve to illustrate our method.

2,638 citations