Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2006 | Buch

ID-Based Ring Signature Scheme Secure in the Standard Model Kapitel lesen Erstes Kapitel lesen

Advances in Information and Computer Security

First International Workshop on Security, IWSEC 2006, Kyoto, Japan, October 23-24, 2006. Proceedings

herausgegeben von: Hiroshi Yoshiura, Kouichi Sakurai, Kai Rannenberg, Yuko Murayama, Shinichi Kawamura

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

ItwasourpleasuretoholdtheInternationalWorkshoponSecurity2006(IWSEC 2006) this year in Kyoto and to publish the proceedings as a volume of the Lecture Notes in Computer Science series. The workshop was our ?rst trial in that two major academic society groups on security in Japan, viz. ISEC and CSEC, jointly organized it; ISEC is a te- nical group on information security of the Institute of Electronics, Information and Communication Engineers (IEICE), and CSEC is a special interest group on computer security of the Information Processing Society of Japan (IPSJ). It was Ryoichi Sasaki, the former head of CSEC, who proposed holding such an international workshop in Japan for the ?rst time, two years ago. The two groups supported his idea and started organizing the workshop. CSEC has its annual domestic symposium, the Computer Security Symposium (CSS), in - tober for three days, and we decided to organize the workshop prior to CSS this year. The initial aim of the workshop was primarily to provide young researchers with the opportunity to present their work in English. However, due to more submissions than we had anticipated, the quality of the accepted papers became far better than we had expected. Theconferencereceived147submissions,outofwhichtheprogramcommittee selected 30 for presentation. These proceedings contain the ?nal versions of the accepted papers, which the authors ?nalized on the basis of comments from the reviewers. Since these revisions were not subject to editorial review, the authors bear full responsibility for the contents of their papers.

Inhaltsverzeichnis

Frontmatter

Signatures (1)

ID-Based Ring Signature Scheme Secure in the Standard Model
Abstract
The only known construction of ID-based ring signature schemes which maybe secure in the standard model is to attach certificates to non-ID-based ring signatures. This method leads to schemes that are somewhat inefficient and it is an open problem to find more efficient and direct constructions. In this paper, we propose two such constructions. Our first scheme, with signature size linear in the cardinality of the ring, is secure in the standard model under the computational Diffie-Hellman assumption. The second scheme, achieving constant signature size, is secure in a weaker attack model (the selective ID and selective chosen message model), under the Diffie-Hellman Inversion assumption.
Man Ho Au, Joseph K. Liu, Tsz Hon Yuen, Duncan S. Wong
A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability
Abstract
Previously Verifier-Local Revocation (VLR) group signature schemes from bilinear maps were proposed. In VLR schemes, only verifiers are involved in the revocation of a member, while signers are not involved in the revocation. Thus, the schemes are suitable for mobile environments. Furthermore, the previously proposed schemes satisfy an important property, the backward unlinkability. It means that even after a member is revoked, signatures produced by the member before the revocation remain anonymous. This property is needed in case a member leaves voluntarily or in case of a stolen key. In this paper an improved scheme is proposed, where the group signatures are shorter. This is achieved using a different assumption, DLDH assumption, and improving zero-knowledge proofs in the group signatures. The length of the proposed group signatures is about 53% of that of the previous ones.
Toru Nakanishi, Nobuo Funabiki
Sound Computational Interpretation of Symbolic Hashes in the Standard Model
Abstract
This paper provides one more step towards bridging the gap between the formal and computational approaches to the verification of cryptographic protocols. We extend the well-known Abadi-Rogaway logic with probabilistic hashes and we give a precise semantic interpretation to it using Canetti’s oracle hashes. These are probabilistic polynomialtime hashes that hide all partial information. Finally, we show that this interpretation is computationally sound.
Flavio D. Garcia, Peter van Rossum

Security Evaluation

A Requirement Centric Framework for Information Security Evaluation
Abstract
Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. We introduce a general-level holistic framework for security evaluation based on security behaviour modelling and security evidence collection, and discuss its applicability to the design of security evaluation experimentation set-ups in real-world systems.
Reijo Savola
A Model-Based Method for Security Configuration Verification
Abstract
Various kinds of access control mechanisms have been employed in today’s computer systems to protect confidential information. Since high expertise is required for the system configuration maintenance, detecting vulnerabilities due to configuration errors is a difficult task. In this paper, we propose a model-based configuration verification method that can find complex errors of two major access control mechanisms, network packet filtering and file access control. This method constructs an information flow model using the configurations of the two mechanisms and verifies whether the system is configured to suffice access policies defined by system administrators. Through the development of a prototype system and its experimental use, we confirmed that the proposed method could discover configuration errors of Web servers that might cause information leakage.
Hiroshi Sakaki, Kazuo Yanoo, Ryuichi Ogawa
Personal Computer Privacy: Analysis for Korean PC Users
Abstract
In this paper, we introduce our own two-year experiments to acquire sensitive personal information from discarded hard disks which we had obtained with no ease in Korean second-hand PC markets. With careful scanning, we found that most of hard disks were not adequately cleaned, and had a plenty of confidential and sensitive personal data, which could be utilized in crimes like identity theft. Collected private data, analyzed based on the concept of identifiable individual, amounted to 4,526 persons worth of data, including 3,584 resident registration numbers. The result also indicated that discovered data items of each person were revealed to display a wide spectrum of sensitivity level.
Young Chul Kwon, Sang Won Lee, Songchun Moon

Signatures (2)

Short Traceable Signatures Based on Bilinear Pairings
Abstract
We propose a short traceable signature scheme based on bilinear pairings. Traceable signatures, introduced by Kiayias, Tsiounis and Yung (KTY), support an extended set of fairness mechanisms (mechanisms for anonymity management and revocation) when compared with the traditional group signatures. Designing short signatures based on the power of pairing has been a current activity of cryptographic research, and is especially needed for long constructions like that of traceable signatures. The size of a signature in our scheme is less than one third of the size in the KTY scheme and about 40% of the size of the pairing based traceable signature (which has been the shortest till today). The security of our scheme is based on the Strong Diffie-Hellman assumption and the Decision Linear Diffie-Hellman assumption. We prove the security of our system in random oracle model using the security model given by KTY.
Seung Geol Choi, Kunsoo Park, Moti Yung
Ring Signature with Designated Linkability
Abstract
Ring signatures enable a user to sign a message so that a ring of possible signers is identified, without revealing exactly which member of that ring actually generated the signature. This concept has been used to construct new cryptographic applications, such as designated signatures, concurrent signatures, etc. To avoid being abused, the concept of linkable ring signatures was introduced. In this concept, when two ring signatures are produced by the same signer, then anyone can link the signatures. In this paper, we introduce a new concept called linkable ring signature with designated linkability that lies between the two. In this new concept, the ring signatures remain anonymous from the public’s point of view. However, they can only be linked by a designated party, whenever necessary. This notion allows the privacy of the signer, but additionally, it also limits the receiver from being abused. We present a generic construction for such schemes, and proceed with an instantiation of our generic construction that is built from the existing linkable ring signature scheme due to Liu et al.
Joseph K. Liu, Willy Susilo, Duncan S. Wong
Ad Hoc Group Signatures
Abstract
The main advantage of ring signatures is to ensure anonymity in ad hoc groups. However, since a group manager is not present in ad hoc groups, there is no existing way to identify the signer who is responsible for or benefit from a disputed ring signature. In this paper, we address this issue by formalizing the notion of ad hoc group signature. This new notion bridges the gap between the ring signature and group signature schemes. It enjoys the same advantage of ring signatures to provide anonymity whilst not requiring any group manager. Furthermore, it allows a member in an ad hoc group to provably claim that it has (not) issued the anonymous signature on behalf of the group. We propose the first construction of ad hoc group signatures that is provably secure in the random oracle model under the Strong RSA assumption. Our proposal is very simple and additionally, it produces a constant size signature length and requires constant modular exponentiations. This is to ensure that our scheme is very practical for ad hoc applications where a centralized group manager is not present.
Qianhong Wu, Willy Susilo, Yi Mu, Fangguo Zhang
Rateless Codes for the Multicast Stream Authentication Problem
Abstract
We study the multicast authentication problem when an opponent can drop, reorder and introduce data packets into the communication channel. We first study the packet authentication probability of a scheme proposed by Lysyanskaya, Tamassia and Triandopoulos in 2003 since our opponent model is based on theirs. Using a family of rateless codes called Luby Transform codes (LT codes) we design a protocol which allows any packet to be authenticated at the receiver with probability arbitrary close to 1. We also compare LT codes to other families of rateless codes which could be used in that context in order to minimize the packet overhead as well as the time complexity of encoding and decoding data.
Christophe Tartary, Huaxiong Wang

Authentication

Crossing Borders: Security and Privacy Issues of the European e-Passport
Abstract
The first generation of European e-passports will be issued in 2006. We discuss how borders are crossed regarding the security and privacy erosion of the proposed schemes, and show which borders need to be crossed to improve the security and the privacy protection of the next generation of e-passports. In particular we discuss attacks on Basic Access Control due to the low entropy of the data from which the access keys are derived, we sketch the European proposals for Extended Access Control and the weaknesses in that scheme, and show how fundamentally different design decisions can make e-passports more secure.
Jaap-Henk Hoepman, Engelbert Hubbers, Bart Jacobs, Martijn Oostdijk, Ronny Wichers Schreur
A New Approach to Hide Policy for Automated Trust Negotiation
Abstract
Automated trust negotiation (ATN) is an important approach to establish trust between strangers through the exchange of credentials and access control policies. In practice, access control policy may contain sensitive information. The negotiation process becomes complicated when the access control policy is designed complex in order to avoid information leakage. Furthermore, if the access control policy has conflicts or cycles, normal negotiation strategies often fail. In this paper, a new approach to hide access control policy is proposed based on the study on the existing problems. In the approach, the policy consistency is checked so as to detect policy conflicts. 0-1 table is used to implement it as well as discover minimal credential-set. Meanwhile, a practical example shows that the approach is suitable and can effectively protect sensitive information in access control policy.
Hai Jin, Zhensong Liao, Deqing Zou, Weizhong Qiang
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing
Abstract
We present an approach to protect mobile code and agents at runtime using Trusted Computing (TC) technologies. For this purpose, a “mobile policy” is defined by the mobile code originator, and is enforced by the runtime environment in a remote host to control which users can run the mobile code and what kind of results a user can observe, depending on the security properties of the user. The separation of policy specification and implementation mechanism in existing mobile computing platform such as Java Runtime Environment (JRE) enables the implementation of our approach by leveraging current security technologies. The main difference between our approach and existing runtime security models is that the policies enforced in our model are intended to protect the resources of the mobile applications instead of the local system resources. This requires the remote runtime environment to be trusted by the application originator to authenticate the remote user and enforce the policy. Emerging TC technologies such as specified by the Trusted Computing Group (TCG) provide assurance of the runtime environment of a remote host.
Xinwen Zhang, Francesco Parisi-Presicce, Ravi Sandhu
IP Address Authorization for Secure Address Proxying Using Multi-key CGAs and Ring Signatures
Abstract
Address proxying is a process by which one IP node acts as an endpoint intermediary for an IP address that actually belongs to another IP node. Address proxying serves many useful functions in IP networks. In IPv6, the Secure Neighbor Discovery Protocol (SEND) provides powerful tools for securing the mapping between the IP address and the link address which is the basis of local link address proxying; however, these tools don’t work for address proxies. In this paper, we present an extension to SEND for secure proxying. As an example of how secure address proxying can be used, we propose a minor extension of the Mobile IPv6 protocol to allow secure proxying by the home agent. We then present measurements comparing SEND with and without the address proxying extensions.
James Kempf, Jonathan Wood, Zulfikar Ramzan, Craig Gentry

Security for Multimedia

A Study of Detection Method of Printed Image Alteration Using Digital Watermark
Abstract
The digital watermark is used for detection of digital image alteration. However, most of digital images are printed on the paper document for submitting. Once digital images are printed on the paper, it is hard to detect alteration of it. In this paper, the detection method of printed image alteration by using digital watermark is proposed.
Junji Onishi, Tsukasa Ono
Real-Time Watermark Embedding for High Resolution Video Watermarking
Abstract
This paper addresses implementation issues for real-time watermark embedding scheme of High Definition(HD) resolution videos on personal computers. In most watermark applications, an embedding procedure should be built at low costs and at the same time the embedded watermarks should have robustness against signal and image processing as well as malicious attacks. This paper provides some performance optimization guidelines and a simplified Human Visual System (HVS) method for fast and robust watermark embedding. This work demonstrates a real-time watermark embedding process including HD MPEG-2 video decoding, watermark embedding and displaying on Intel architecture personal computers. Experimental results show optimized embedding performances and robustness against several malicious attacks commonly happened to videos.
In-Koo Kang, Dong-Hyuck Im, Young-Ho Suh, Heung-Kyu Lee
Inhibiting Card Sharing Attacks
Abstract
The satellite TV industry relies heavily on the use of smart card technology at the very heart of broadcasted services that are protected by legacy conditional access systems. The process of Satellite TV signal protection is distributed amongst a number of system components, e.g. smart cards, receivers, Conditional Access Modules (CAM) and the content provider. However, the introduction of “Open” Satellite Receivers, providing a highly configurable environment with software emulation of conditional access systems, enabled the implementation of whole range of new attacks. A widely deployed attack is often referred to as the “card sharing” attack, by which one legitimate user colludes to provide protected content to a larger group of unauthorised users. This paper proposes a countermeasure that increases the bandwidth requirements of this attack to the point where it is no longer practical with a standard internet connection, with a minimal impact on existing protocols and architectures.
Michael Tunstall, Konstantinos Markantonakis, Keith Mayes

Network Security

A Flooding-Based DoS/DDoS Detecting Algorithm Based on Traffic Measurement and Prediction
Abstract
This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.
Shi Yi, Yang Xinyu, Zhu Huijun
Hardware Stack Design: Towards an Effective Defence Against Frame Pointer Overwrite Attacks
Abstract
Currently, a buffer overflow attack is one of the most serious and widely utilized assaults in computer systems. Defense methods against this attack can be classified as three: compiler modification, system software modification, and hardware modification. Among them, most of the cases, hardware modification methods aim at detecting or tolerating alternation of return addresses in the memory stack. However, to the best of our knowledge, the previous methods cannot defend against frame pointer overwrite attacks, where an adversary can control the execution at his/her will by modifying the saved frame pointers in the stack. In this paper, we present a new reliable hardware stack to detect alternation of saved frame pointers as well as return addresses. We show that the proposed method can defend against both frame pointer overwrite attacks and stack smashing attacks.
Yongsu Park, Younho Lee, Heeyoul Kim, Gil-Joo Lee, Il-Hee Kim
Modeling of Network Intrusions Based on the Multiple Transition Probability
Abstract
In the TCP network environment, all unit transmissions are constructed using sessions. In the session, packets are transmitted sequentially. In this case, the previous and next packets contain causality mutually. Thus, we propose a method that models network transmission information based on transitions of packet states. In addition to the transition model, a probability matrix for the multiple state-transition models of all sessions is represented. The matching of the models is achieved using the maximum log-likelihood ratio. Evaluation of the proposed method for intrusion modeling is conducted by using 1999 DARPA data sets. The method is also compared with Snort-2 which is misuse-based intrusion detection system. In addition, the techniques for advancing proposed method are discussed.
Sang-Kyun Noh, DongKook Kim, Yong-Min Kim, Bong-Nam Noh

Encryption and Key Exchange

Chosen Ciphertext Security from Identity-Based Encryption Without Strong Condition
Abstract
Recently, Canetti et al [11] gave a generic construction (called CHK construction) of public key encryption (PKE) from a selective identity-based encryption scheme combined with a strong one-time signature scheme. Later, few schemes were proposed to improve the efficiency of CHK construction [11], for example, Boneh-Katz scheme [8] replaced a strong one-time signature with a message authentication code and Boyen-Mei-Waters scheme [9] was constructed directly from Waters’ IBE scheme. But, both constructions have either trade-off the publicly verifiable property or security against adaptive chosen-ciphertext attack. We ask a question whether it is possible to construct an efficient and publicly verifiable PKE scheme from a selective IBE scheme with a weak one-time signature scheme. In this paper, we provide an affirmative answer and construct a public key encryption scheme which preserves the publicly verifiable property and is secure against adaptive chosen-ciphertext attack. The construction of the proposed scheme is based on Boneh-Boyen identity-based encryption (IBE) scheme [5] and a weak one-time signature scheme (using Waters’ signature scheme [24]) built within Boneh-Boyen IBE scheme. In this construction, one-time signature scheme is not required to be strongly existential unforgeable as Waters’ signature scheme is not a strongly existential unforgeability. We also show that the proposed scheme is ”almost” as efficient as the original Boneh-Boyen IBE scheme.
Chik How Tan
Ciphertext-Auditable Public Key Encryption
Abstract
Loss of backup tapes containing personal information (PI) is a potential breach of privacy and encryption is the typical way to prevent the breach. This paper considers an attack scenario where an adversary who encrypts the PI for backup purpose tries to hide the plain PI in a valid-looking ciphertext without being detected. We show that the standard security notion IND-CCA2 does not capture such a scenario. For example, the Cramer-Shoup scheme is vulnerable to such an attack. To capture such a scenario, we define a new notion of “ciphertext-auditability” as a new property of public key encryption schemes (PKESs). It requires that, given a public key and a ciphertext, anyone should be able to verify whether the ciphertext was actually generated using the public key. Also, it requires that, given a public key and a plaintext, no adversary should be able to generate a valid-looking ciphertext so that the verification passes, but nevertheless the plaintext can be recovered from the ciphertext without the corresponding secret key. We propose a general construction of such PKESs based on standard cryptographic primitives in the random oracle model.
Satoshi Hada, Kouichi Sakurai
Provably-Secure Two-Round Password-Authenticated Group Key Exchange in the Standard Model
Abstract
Password-authenticated group key exchange (PAGKE) allows group users to share a session key using a human-memorable password only. The fundamental security goal of PAGKE is security against dictionary attacks. Several solutions have been proposed to solve this problem while most ones require rounds linearly increasing in the number of group users, so they are neither scalable nor practical. Recently a provably-secure constant-round PAGKE protocol overcoming this shortcoming is proposed at PKC ’06. However current PAGKE protocols have been proven secure in the ideal model. The ideal model assumes that some functions are “ideal” functions (or random functions). In the ideal cipher model, we assume a block cipher is an ideal cipher and in the ideal hash model (also the so-called the random oracle model), we assume a hash function is an ideal hash function. However it is well-known that a provably-secure scheme in the ideal model may be insecure if the ideal functions are implemented by the real functions. In this paper we propose the first provably-secure PAGKE protocol in the standard model. Our protocol is a two-round protocol and the security of the protocol is reduced to the Decisional Diffie-Hellman (DDH) problem.
Jeong Ok Kwon, Ik Rae Jeong, Dong Hoon Lee

Cryptanalysis and Implementation

On the Effectiveness of TMTO and Exhaustive Search Attacks
Abstract
In this paper, we consider time/memory trade-off (TMTO) and exhaustive search attacks and analyze their effectiveness on various key sizes. The first part of the paper is an overview of TMTO methodology and summarizes earlier work on hardware implementation of TMTO and exhaustive search attacks. The second part of the paper develops a cost model for analysing the effectiveness of generic attacks. Analysis of the cost model shows that 128-bit keys seem safe for the present. However, key sizes less than 96 bits do not provide comfortable security assurances. This is particularly relevant for the 80-bit stream ciphers in the Ecrypt call for stream ciphers as well as for the A5/3 encryption algorithm used in GSM mobile phones.
Sourav Mukhopadhyay, Palash Sarkar
Low Power AES Hardware Architecture for Radio Frequency Identification
Abstract
We present a new architecture of Advanced Encryption Standard (AES) cryptographic hardware which can be used as cryptographic primitives supporting privacy and authentication for Radio Frequency Identification (RFID). RFID is a technology to identify goods or person containing the tags. While it is a convenient way to track items, it also provides chances to track people and their activities through their belongings. For these reasons, privacy and authentication are a major concern with RFID system and many solutions have been proposed. M. Feldhofer , S. Dominikus, and J. Wolkerstorfer introduced the Interleaved Protocol which serves as a means of authenticating RFID tag to reader devices in [14]. They designed very small and low power AES hardware as a cryptographic primitive. In this contribution, we introduce a novel method to increase the operating speed of previous method for low power AES cryptographic circuits. Our low power AES cryptographic hardware can encrypt 128-bit data block within 870 clock cycles using less than 4000 gates and has a power consumption about or less than 20 μW on a 0.25 μm CMOS process.
Mooseop Kim, Jaecheol Ryou, Yongje Choi, Sungik Jun
The High-Speed Packet Cipher System Suitable for Small Sized Data
Abstract
Since all data input and output to a cryptographic module must occur through its interface, performance degradation coming from interface constraints is inevitable for small data packets even the best-performing cipher chip. This paper proposes the High-Speed Packet Cipher System that encrypts even small packet data at high speed by improving the packet data processing method used in existing cryptographic modules. Looking at the test result, we see that speed of 68Mbps better than 0.5Mbps of 4-step Procedure is achieved for 32-byte packets.
Sang-Hyun Park, Hoon Choi, Sang-Han Lee, Taejoo Chang

Access Control

A Tool for Managing Security Policies in Organisations
Abstract
Security policies are rules aimed at protecting the resources of an organisation from the risks associated with computer usage. Designing, implementing and maintaining security policies are all error prone and time consuming. We report on a tool that helps managing the security policies of an organisation. Security policies are formalised using first-order logic with equality and the unique names assumption, closely following the security policy language suggested in [1]. The tool includes a link to an automated theorem prover, Otter [2], and to a model finder, Mace [2], used to formally verify a set of formal security policies. It also includes a GUI and a number of links to read information and security policies from organisation databases and access control lists.
Anna V. Álvarez, Karen A. García, Raúl Monroy, Luis A. Trejo, Jesús Vázquez
Information Flow Query and Verification for Security Policy of Security-Enhanced Linux
Abstract
This paper presents a Colored Petri Nets (CPN) approach to analyze the information flow in the policy file of Security-Enhanced Linux (SELinux). The SELinux access control decisions are based on a security policy file that contains several thousands of security rules. It becomes a challenge for policy administrator to determine whether the modification of the security policy file conforms to the pre-specified security goals. To address this issue, this paper proposes a formal information flow model for SELinux security policy file, and presents a simple query language to help administrators to express the expected/unexpected information flow. We developed a method to transform the SELinux policy and security goal into Policy CPN Diagram and Query CPN Diagram. A tool named SEAnalyzer that can automatically verify the SELinux policy has been developed and two application examples of this tool will be presented in the context.
Yi-Ming Chen, Yung-Wei Kao
The Complexity of Discretionary Access Control
Abstract
A recent paper presented an access control scheme for discretionary access controls with a decidable safety problem. This paper deals with the complexity analysis of that access control, and finds it to be, in its worst cases, PSPACE-complete, but polynomial time for practical cases. The PSPACE-hardness reduction uses the theory of succinct problems in a more general manner than circuit representation.
Stephen Dranger, Robert H. Sloan, Jon A. Solworth
Traceroute Based IP Channel for Sending Hidden Short Messages
Abstract
The paper proposes a novel IP channel for sending hidden short messages, based mainly on the use of the “traceroute” command and the IP header Record route options. Instead of encrypting a hidden message or embedding it into a multimedia object, as in traditional multimedia steganography, we process the entire message and generate several IP packets with different types to carry the secret message. Thereby we foil an eavesdropper who is primarily applying statistical tests to detect encrypted communication channels. We show that our approach provides more protection against Steganalysis and sniffing attacks. A friendly graphical tool has been implemented to demonstrate the proposed secret IP channel.
Zouheir Trabelsi, Hesham El-Sayed, Lilia Frikha, Tamer Rabie
Backmatter
Metadaten
Titel
Advances in Information and Computer Security
herausgegeben von
Hiroshi Yoshiura
Kouichi Sakurai
Kai Rannenberg
Yuko Murayama
Shinichi Kawamura
Copyright-Jahr
2006
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-540-47700-6
Print ISBN
978-3-540-47699-3
DOI
https://doi.org/10.1007/11908739