Security and Privacy in Dynamic Environments

To give proper medical treatment, it is important to have access to updated health information on patients. In emergency situations where the treatment is not planned in advance, vital information will seldom be readily available. Smart cards can improve this, but one has to make sure that patient privacy is not sacrificed to improve availability. This paper discusses possible security solutions for an emergency health card, and evaluates to what extent we can assure availability and privacy at the same time.

The growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e-services and the increasing regulatory and legal requirements for personal privacy have fueled the need to protect the personal privacy of e-service users. Existing approaches for privacy protection such as the use of pseudonym technology, and personal privacy policies along with appropriate compliance mechanisms are predicated on the e-service provider having possession and control over the user’s personal data. In this paper, we propose a new approach for protecting personal privacy in buyer-seller e-commerce: keeping possession and control over the buyer’s personally identifiable information in the hands of the buyer as much as possible, with the help of a smart card and a trusted authority. Our approach can also be characterized as distributing personally identifiable information only on a “need to know” basis.

Interactions in electronic media require mutual trust to be established, preferably through the release of certified information. Disclosing certificates for provisioning the required information often leads to the disclosure of additional information not required for the purpose of the interaction. For instance, ordinary certificates unnecessarily reveal their binary representation.

We propose a certificate-based framework comprising protocol definitions and abstract interface specifications for controlled, that is well-specified, release of data. This includes controlled release during the certification of data and controlled release of certified data. The protocols are based on proofs of knowledge of certificates and relations over the attributes, ensuring that no side information but only the specified data are revealed. Furthermore, the protocols allow one to release certified data in plain or encrypted form and to prove general expressions over the data items. Our framework can be seen as a generalization of anonymous credential systems, group signature, traceable signature, and e-cash schemes. The framework encompasses a specification language that allows one to precisely specify what data to release and how to release them in the protocols. We outline how our framework can be implemented cryptographically. The key application of our framework is the user-controlled release of attributes. Leveraging ideas of public key infrastructures, a privacy PKI (pPKI) can be built on top of the framework. We consider our framework a central building block to achieve privacy on the Internet.

We propose a novel mechanism for authentication of queries in a sensor network in case these queries are flooded. In our protocol, the base station appends an authenticator to every query, such that each sensor can verify with certain probability that the query is sent by the base station. Implicit cooperation between sensor nodes during the flooding process ensures that legitimate queries propagate quickly in the network, whereas the propagation of illegitimate queries is limited to only a small part of the network.

This paper presents a message authentication scheme built on top of an original construct that combines a simple form of identity based cryptography with an iterated version of RSA. Our scheme blends the features of identity based cryptography and stream authentication while at the same time offering security comparable to that of the basic RSA cryptosystem. As opposed to other authentication schemes available in the literature, our solution does not rely on any public key infrastructure and, like any identity based cryptosystems, it does not require public key certificates. A basic security analysis, performance evaluation and storage requirements of our scheme are also provided in the paper. Furthermore, we explore a challenging application of our scheme: a scalable and lightweight key distribution service that offers authentication services to an infrastructure-less ad hoc network and that can be coupled with existing secure routing solutions.

In this paper we make use of the recent advances in 802.11 technologies and the new perspectives for ad hoc networks to provide a novel architecture for Inter-Vehicular communication on highways. This architecture provides authentication and access control for mobile clients on highways and ensures network transparency to mobile clients in their vehicles. We propose an integrated solution considering the service provider as the core entity for all authentication and access control operations. We develop an AAA (Authentication, Authorization, and Accounting) mechanism to authenticate mobile clients with respect to service providers authorizing them to services’ access, and ensuring a confidential data transfer between each communicating parties. Our mechanism adapts 802.11i standard to the vehicular environment setting up secure links, in layer 2, that guarantee confidential data transfer. To achieve a reliable transfer, we propose a routing approach based on the Optimized Link State Routing (OLSR) protocol that is expected to provide a reliable routing infrastructure in such a hybrid scalable wireless environment. Also, we present a simple and appropriate scheme for assigning IP addresses to mobile clients. Finally, we give a brief analysis and discuss the advantages and limitations of the proposed architecture.

Today, organisations that seek a competitive advantage are adopting virtual infrastructures that share and manage computing resources. The trend is toward implementing collaborating applications supported by web services technology. In order to enable secure interoperation between participants of these environments, trust is an important requirement to address. Current solutions to trust between web components are limited, as they are usually established via cryptographic mechanisms, in the presence of trusted third parties. To accommodate the dynamic and fluid nature of web services environments, a framework for trust assessment and computation is presented. The trust framework is characterised by information and reasoning. It has mechanisms that allow web services entities to manage trust autonomously, by activating a trust level and trust types by means of a rule-based fuzzy cognitive map.

Information security is no longer restricted to technical issues but incorporates all facets of securing systems that produce the company’s information. Some of the most important information systems are those that produce the financial data and information. Besides securing the technical aspects of these systems, one needs to consider the human aspects of those that may ‘corrupt’ this information for personal gain. Opportunistic behaviour has added to the recent corporate scandals such as Enron, WorldCom, and Parmalat. However, trust and controls help curtail opportunistic behaviour, therefore, confidence in information security management can be achieved. Trust and security-based mechanisms are classified as safeguard protective measures and together allow the stakeholders to have confidence in the company’s published financial statements. This paper discusses the concept of trust and predictability as an element of information security and of restoring stakeholder confidence. It also argues that assurances build trust and that controls safeguard trust.

We present a security ontology (SO), which can be used as a basis of security management of an arbitrary information system. This SO provides capabilities, such as modeling of risk assessment knowledge, abstraction of security requirements, reusable security knowledge interoperability, aggregation and reasoning. The SO is based on the exploitation of security-related knowledge, derived from diverse sources. We demonstrate that the establishment of such a framework is feasible and, furthermore, that a SO can support critical security activities of an expert, e.g. security requirements identification, as well as selection of certain countermeasures. We also present and discuss an implementation of a specific SO. The implementation is accompanied by results regarding how a SO can be built and populated with security information.

Many anonymous applications offer unconditional anonymity to their users. However, this can provoke abusive behavior. Dissatisfied users will drop out or liability issues may even force the system to suspend or cease its services. Therefore, controlling abuse is as important as protecting the anonymity of legitimate users. However, designing such applications is no sinecure. This paper presents a methodology for designing controlled anonymous environments. The methodology generates a conceptual model that compromises between privacy requirements and control requirements. The conceptual model allows to derive performance and trust properties and easily maps to control mechanisms.

Reputation systems play an important role in Internet communities like eBay. They allow members of the community to estimate other members’ behaviour before an interaction. Unfortunately the design of current reputation systems allows to generate user profiles including all contexts the user has been involved in. A more privacy-enhancing design of reputation systems is needed while keeping the trust provided to the members by the use of reputations. We will present design options for such a system and analyse the privacy it provides with common information-theoretic models. The analysis of our reputation system also allows to analyse similar aspects of privacy in other systems, especially privacy-enhancing identity management.

Digital credentials and certificates can easily be shared and copied. For instance, if a user possesses a credential that allows her to access some service, she can easily share it with her friends and thereby let them use the service as well. While with non-anonymous credentials, this sharing can to some extend be detected by the fact that some credentials get used too often, such detection is not possible with anonymous credentials. Furthermore, the honest user is also at risk of identity theft: malicious software such as viruses and worms or phishing attacks can without too much difficulty steal her credentials.

One solution to the problem is to use tamper-resistant hardware tokens to which a credential is bound such that a credential can only be used in connection with the token. Although this approach is sometimes taken for isolated high security applications, it is not used widely because of the organizational overhead to distribute such tokens. Moreover, such tokens are usually very application specific and hence cannot be used with different applications (from different service providers).

Recently, however, manufacturers have started to embed into computers a tamper-resistant piece of hardware, called trusted platform modules (TPM), as specified by the Trusted Computing Group. In this paper we show that this module can in fact be used to secure anonymous as well as non-anonymous credentials. We provide a mechanism to insure that credentials can only be used with the TPM it got issued to. We then extend our solution to one that allows the use of credentials not only with the TPM they got issued to but also with other TPMs of the

same

user. Finally, we show how to secure a full-fledged anonymous credential system.

The problem of phishing has attracted considerable attention recently, and a number of solutions and enhanced security measures have been proposed. We perform a detailed analysis of several anti-phishing schemes, and attacks and improvements. While several anti-phishing technologies address commonly observed phishing tactics, the space evolves rapidly, and a good prevention technique should be robust to anticipated as well as observed attacks. We present a number of attacks and techniques that might be easily employed by phishers and examine the robustness of a recently proposed password reuse anti-phishing system. We compare with other proposed phishing prevention techniques and find that it withstands several attacks that render current anti-phishing approaches obsolete and fares better in a large scale deployment than others.

This paper presents the Cellular Network Vulnerability Assessment Toolkit - CAT, designed for end-to-end vulnerability assessment of 3G networks. It is the first tool of its kind to model and represent 3G network vulnerabilities and attacks as attack graphs. CAT uses freely available 3G telecommunication specifications written in SDL, the standard Specification and Description Language to produce attack graphs. Attack graphs generated by CAT are unique due to their: (1) global representation of the network, (2) independence from physical deployments, and (3) depiction of the 3G attack graph model and cascading effects.

Though Web Services become more and more popular, not only inside closed intranets but also for inter-enterprise communications, few efforts have been made so far to secure a Web Service’s availability. Existing security standards like e.g. WS-Security only address message integrity and confidentiality, and user authentication and authorization. In this article we present a system for protecting Web Services from Denial-of-Service (DoS) attacks. DoS attacks often rely on misformed and/or overly long messages that engage a server in resource-consuming computations. Therefore, a suitable means to prevent such kinds of attacks is the full grammatical validation of messages by an application level gateway before forwarding them to the server. We discuss specific kinds of DoS attacks against Web Services, show how message grammars can automatically be derived from formal Web Service descriptions (written in the Web Service Description Language), and present an application level gateway solution called “Checkway” that uses these grammars to filter Web service messages. The paper closes by giving some performance figures for full grammatical validation.

Avoiding unauthorized access in an information system usually means enforcing access control mechanisms. Traditional access control only aims at deciding if an access can be granted or not. Dynamic access control goes further as it aims at controlling also if an ongoing access is still authorized while it is running. Rights Expression Languages, such as MPEG-REL, take into account dynamic aspects of access control policy. However, existing access control architectures are not adequate to enforce such dynamic access control. In this paper, we first explain what dynamic access control involves and why existing architectures are not appropriate. We then provide a flexible and distributed architecture where different components interact to enforce dynamic access control. Using temporal logic of actions, we specify the different interactions between components in the architecture and specify more precisely the component in charge of giving the decision. Finally, we discuss about technical and security issues about how the architecture can be implemented to enable Digital Rights Management (DRM) applications.

The administration of authorizations in modern Web-based computing environments has become a primary concern. Application security is characterized by a significant complexity, due to the large number of variations and combinations of objects and operations to be protected. Thus, there is a need for data, processes and context parameters, like time and location, to be combined into a security model that ensures correct decision-making for access. Moreover, access control must often be based on dynamic functional requirements that are capable of embedding the required context information to express application-level access control policies in new application domains, as for example Internet workflow applications. In this work a new paradigm of dynamic and decentralized administration of access control that is based on the DARBAC model is presented. DARBAC concerns access control for a wide-range of collaborative applications and aims to provide fine-grained and dynamic administration of authorizations. The presented implementation assumes Web-based applications to support enforcing of access control at a distributed platform level, and it demonstrates in a step-by-step basis the construction of DARBAC components and their management during run-time.

Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services, and on the interaction between different, remotely located parties. On corporate networks as well as on the open Web, the huge number of resources and services often requires to multiple log-ons leading to credential proliferation and, potentially, to security leaks. An increasingly widespread approach to simplify and secure the log-on process is Single Sign-On (SSO) that allows automatic access to secondary domains through a single log-on operation to a primary domain. In this paper, we describe the basic concepts of SSO architecture focusing on the central role of open source implementations. We outline three major SSO trust models and the different requirements to be addressed. We then illustrate CAS++, our open source implementation of a Single Sign-On service. Finally, we illustrate the application of CAS++ to a real case study concerning the development of a multi-service network management system. The motivation for our work has been raised in response to the requirements of such case study within the Pitagora project.

Contract signing is a fundamental service in doing business. The Internet has facilitated the electronic commerce, and it is necessary to find appropriate mechanisms for contract signing in the digital world. A number of two-party contract signing protocols have been proposed with various features. Nevertheless, in some applications, a contract may need to be signed by multiple parties. Less research has been done on multi-party contract signing. In this paper, we propose a new synchronous multi-party contract signing protocol that, with

n

parties, it reaches a lower bound of 3(

n

− 1) steps in the all-honest case and 4

n

− 2 steps in the worst case (i.e., all parties contact the trusted third party). This is so far the most efficient synchronous multi-party contract signing protocol in terms of the number of messages required. We further consider the additional features like timeliness and abuse-freeness in the improved version.

Symbolic secrecy of exchanged keys is arguably one of the most important notions of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire key into its knowledge set. Cryptographic key secrecy essentially means computational indistinguishability between the real key and a random one, given the view of a much more general adversary.

We analyze the cryptographic key secrecy for the strengthened Yahalom protocol, which constitutes one of the most prominent key exchange protocols analyzed symbolically by means of automated proof tools. We show that the strengthened Yahalom protocol does not guarantee cryptographic key secrecy. We further show that cryptographic key secrecy can be proven for a slight simplification of the protocol by exploiting recent results on linking symbolic and cryptographic key secrecy in order to perform a symbolic proof of secrecy for the simplified Yahalom protocol in a specific setting that allows us to derive the desired cryptographic key secrecy from the symbolic proof. The proof holds in the presence of arbitrary active attacks provided that the protocol is relying on standard provably secure cryptographic primitives.

In electronic auction applications, small-value merchandise is often distributed. We call this kind of auction micro auction. Compared to traditional general-purpose electronic auction, micro electronic auction has its own special requirements. Especially, micro auction must be very efficient: the cost of the auction protocol must not be over the cost of the merchandise for sale. Although the merchandise to distribute are of small value in micro auctions, bid privacy is still needed in many circumstances. So sealed-bid auction mechanism has to be employed in micro auction. Therefore, a question is raised: how to balance between the high efficiency requirement of micro auction and the high cost needed to keep bid privacy. In this paper, the traditional sealed-bid e-auction techniques are modified to satisfy the special requirements of sealed-bid micro auction. Two existing general-purpose electronic sealed-bid auction schemes are modified into micro sealed-bid auction schemes. The new schemes are secure and suitable for micro auction. One of them is further improved in efficiency to meet more critical requirements in certain micro auction applications.

It is well known that signature based intrusion detection systems are only able to detect known attacks. Unfortunately, current anomaly based intrusion detection systems are also unable to detect all kinds of new attacks because they are designed to restricted applications on limited environment. Current hackers are using new attacks where neither access control systems nor current signature based systems can prevent the devastating results of these attacks against information systems. We enhance the notion of anomaly detection, introduce necessary conditions that should be taken into account by the building detection models and propose a new machine learning algorithm based on decision trees to discover known and unknown attacks in real time. Experimental results demonstrate that the proposed method is highly successful in detecting new attacks and significantly outperforms previous work.

As a result of the impersonation of a user of a mobile terminal, sensitive information kept locally or accessible over the network can be abused. The means of masquerader detection are therefore needed to detect the cases of impersonation. In this paper, the problem of mobile-masquerader detection is considered as a problem of classifying the user behaviour as originating from the legitimate user or someone else. Different behavioural characteristics are analysed by designated one-class classifiers whose classifications are combined. The paper focuses on selecting the classifiers for mobile-masquerader detection. The selection process is conducted in two phases. First, the classification accuracies of classifiers are empirically evaluated, and inaccurate classifiers are excluded. After that, the accuracies of different classifier combinations are explored, and the combination with the best classification accuracy is identified. The experimental results suggest that, in order to achieve better accuracy, the individual classifiers with both high classification accuracy and a small number of non-classifications need to be selected.

With the increasing number of hostile network attacks, anomaly detection for network security has become an urgent task. As there have not been highly effective solutions for automatic intrusion detection, especially for detecting newly emerging attacks, network traffic visualization has become a promising technique for assisting network administrators to monitor network traffic and detect abnormal behaviors.

In this paper we present

VisFlowCluster-IP

, a powerful tool for visualizing network traffic flows using network logs. It models the network as a graph by modeling hosts as graph nodes. It utilizes the force model to arrange graph nodes on a two-dimensional space, so that groups of related nodes can be visually clustered in a manner apparent to human eyes. We also propose an automated method for finding clusters of closely connected hosts in the visualization space. We present three real cases that validate the effectiveness of

VisFlowCluster-IP

in identifying abnormal behaviors.

Security policy management is a difficult and security-critical task. We have evaluated Java’s policytool with a usability study to see how well it can support users in setting up an appropriate security policy. The Java policytool is a graphical user interface tool integrated into Sun Microsystem Inc.’s Java 5.0 distribution for setting up security policies that can enable e.g. applets with more permissions than the default sandbox.

Results show that policytool is in line with other security tools, namely usability is poor. Policytool provides a certain degree of syntax help to novice users but it does not help with semantics, does not cater to expert users and actually does promote the accidental set-up of too lenient a policy. We show specific usability problems in policytool, comment on the differences in the policy files created by our study users, explore ways of solving the error-prone task of setting up a Java policy and relate this to the general subject of usability of security tools.

Security features can now be found in a variety of end-user applications. However, the extent to which such features can actually be understood and used by the target audience is often undermined by poor attention to human-computer interaction factors. This paper considers the problem, and highlights a number of common issues that can compromise the usability of security features in practice. The discussion evidences the problems by means of examples from well-known applications, as well as drawing upon the results from a survey of over 340 end-users, which benchmarks the extent to which some of the observed issues actually affect them. It is concluded that users can currently face real difficulties, but could be relatively easily avoided though better design and implementation of the features concerned.

In most computer science graduate programs, students must complete an advanced research project that demonstrates the students technical competence in both the theory and practice of the field. Information security is a specialization area of computer science whose research results have direct benefits to real world problems. The Common Criteria (CC) is an international standard for security evaluation of products. This paper describes the utilization of the CC paradigmatic framework for advanced student research projects focused on security engineering. Three CC-based efforts of varying levels of difficulty are presented and the suitability and benefits of applying the CC in this context are discussed.

We investigate a mechanism for secure remote logging to improve privacy guarantees in dynamic systems. Using an extended threat model for privacy, we first describe outer and inner privacy: outer privacy denotes the traditional attacker model for privacy where identity management systems control the collection of personal, observable information; inner privacy denotes the threat posed by an attacker who attempts to get hold of private log data by tampering with a device. While privacy-enhancing technologies should take outer and inner privacy into account, there is, to our knowledge, no approach for inner privacy, in particular for dynamic systems. To this end, we develop protocols to address inner privacy based on secure logging. Our approach accounts for the capacity limitations of resource-poor devices in dynamic systems, as it allows for the remote storage of log data, while fulfilling its security guarantees. Furthermore, our approach can be smoothly integrated into identity management systems to combine outer and inner privacy.

Privacy-preserving clustering algorithms group similar databases populated at distributed locations to improve data qualities and enable accurate data analysis and thus provide fundamental security components for distributed data mining with privacy concerns. This paper makes three contributions regarding shared κ-means clustering algorithms. First, a new notion called shared-additive-inverse (SAI) protocols — a building block for efficient implementation of shared κ-means clustering protocols within the arbitrarily partitioned database model, is introduced and formalized. Second, a generic implementation of SAI protocols from shared-scalar-product (SSP) protocols is proposed which is provably secure in the semi-honest model assuming that any underlying SSP protocol is privacy-preserving. Finally, we propose an immediate application of SAI protocols for privacy-preserving computation of shared cluster means — a crucial step in the shared κ-means clustering algorithms. To the best of our knowledge, this is the first implementation of shared κ-means clustering algorithms with provable security from SAI protocols which in turn are derived from SSP protocols.

We present a set of algorithms and tools that enable entering passwords on devices with graphical input (touch-pad, stylus, mouse) by clicking on specific pixels of a custom image. As one of the most important features, when entering a password, the user is given limited tolerance for inaccuracy in the selection of pixels. The goal of the proposed click password system is to maximize the password space, while facilitating memorization of entered secrets. Besides enabling personalization of the login procedure through selection of the background image, the proposed system provides superior password space compared to traditional 8-character textual passwords.

The present paper addresses privacy and security enhancements to a basic role-based access control system. The contribution is twofold. First, the paper presents an approach to personalized access control, i.e. a combination of role-based access control and user-managed access control. Second, the proposed access control approach is cryptographically enforced and an efficient key management method for the personalized role-based access control is described. The proposed solutions are discussed in the context of a system architecture for secure management of Electronic Health Records.

This research paper presents results of the analysis how the Virtual Organisation (VO) concept can be used for managing dynamic security associations in collaborative applications and for complex resource provisioning. The paper provides an overview of the current practice in VO management at the organisational level and its support at the security middleware level in Grid based applications. The paper identifies open issues and basic requirements to the VO security functionality and services and suggests possible directions of further research and development, in particular, VO management concept, dynamic interdomain trust management for user-controlled applications, multi-domain policy decision and security context management. Proposed conceptual VO model addresses VO management issues and VO security services operation. The paper is based on experiences gained from the major Grid based and Grid oriented projects in collaborative applications and complex resource provisioning.

In an Open Broadband Access Network consisting of multiple Internet Service Providers, delay due to multi-hop processing of authentication credentials is a major obstacle to fast handover between access points, effectively preventing delay-sensitive interactive applications such as Voice over IP. By exploiting existing trust relationships between service providers and access points, it is possible to pre-authenticate a mobile terminal to an access point, creating a Kerberos-style ticket that can be evaluated locally. The terminal can thus perform a handover and be authenticated to the new access point, without incurring communication and processing delays by involving other servers.

We present an approach to network forensics that makes it feasible to trace the content of all traffic that passed through the network via packet content fingerprints. We develop a new data structure called the “Rolling Bloom Filter” (RBF), which is based on a generalization of the Rabin-Karp string-matching algorithm. This merges the two key advantages of space efficiency and an efficient content matching mechanism. This also achieves analytically predictable False Positive Rates that can be controlled by tuning the RBF parameters. Leveraging upon these insights, we have designed and implemented a practical Network Forensic System that gives the ability to reconstruct the sequence of events for post-incident analysis.

This paper proposes a method, called Oscar, for determining the probable file type of binary data fragments. The Oscar method is based on building models, called centroids, of the mean and standard deviation of the byte frequency distribution of different file types. A weighted quadratic distance metric is then used to measure the distance between the centroid and sample data fragments. If the distance falls below a threshold, the sample is categorized as probably belonging to the modelled file type. Oscar is tested using JPEG pictures and is shown to give a high categorization accuracy, i.e. high detection rate and low false positives rate. By using a practical example we demonstrate how to use the Oscar method to prove the existence of known pictures based on fragments of them found in RAM and the swap partition of a computer.

The concept of security culture is relatively new. It is often investigated in a simplistic manner focusing on end-users and on the technical aspects of security. Security, however, is a management problem and as a result the investigation of security culture should also have a management focus. This paper discusses security culture based on an organisational culture framework of eight dimensions. We believe that use of this framework in security culture research will reduce the inherent biases of researchers who tend to focus on only technical aspects of culture from an end users perspective.

Although many of the concepts included in staff cyber-security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure.

This paper discusses the concept of basic security knowledge. This concept is about organisational members possessing basic security knowledge that can be applied to perform security tasks in their daily work routine. The intention of this paper is not to attempt an exhaustive literature review, but to understand the concept of basic security knowledge that can be used to cultivate a culture of information security in an organisation. The first part highlights some of the basic ideas on knowledge. The second part interprets the concept of basic security knowledge in the case study. Finally, a synthesised perspective of this concept is presented.

The lack of planning, business re-engineering, and coordination in the whole process of computerisation, is the most pronounced problem facing organisations in developing countries. These problems often lead to a discontinuous link between technology and the business processes. As a result, the introduced technology poses some critical risks to the organisations due to the different perceptions of the management and technical staff in viewing the ICT security problem. This paper discusses a practical experience of bridging the gap between the general management and ICT technicians.

The aim of this paper is to introduce the approach of value-focused thinking when identifying information and communications technology (ICT) security awareness aspects. Security awareness is important to reduce human error, theft, fraud, and misuse of computer assets. A strong ICT security culture cannot develop and grow in a company without awareness programmes. How can personnel follow the rules when they don’t know what the rules are? [

1

] This paper focuses on ICT security awareness and how to identify key areas of concern to address in ICT security awareness programmes by making use of the value-focused approach. The result of this approach is a network of objectives where the fundamental objectives are the key areas of concern that can be used in decision making in security planning.

User security education and training is one of the most important aspects of an organizations security posture. Using security exercises to reinforce this aspect is frequently done by education and industry alike; however these exercises usually enlist willing participants. We have taken the concept of using an exercise and modified it somewhat to evaluate a users propensity to respond to email phishing attacks.

Regular expressions are a frequently used tool to search in large texts. They provide the ability to compare against a structured pattern that can match many text strings and are common to many applications, even programming languages. This paper extends the problem to the private two-party setting where one party has the text string and the other party has the regular expression. The privacy constraint is that neither party should learn about the input of the other party, i.e. the string or the regular expression, except the result of the computation which is wether the string matches the regular expression or not. Secure Multiparty Computation provides general algorithms for any such problem, but it has been recommended to develop special protocols for important cases that provide better performance using the domain knowledge of that problem. This paper presents two protocols: One with perfect secrecy that provides a lower-bound on protocols using circuit construction and a fast one that provides better performance bounds, but the secrecy it provides is limited and tuned for practical applications. The fast protocol presented here uses permutation and commutative encryption as its only building blocks.

In this paper we describe a system for allocating computational resources to distributed applications and services (within distributed data centres and utility computing systems) in order to perform operations on personal or confidential data in a way that is compliant with associated privacy policies. Relevant privacy policies are selected on the fly, based on related meta-policies, depending on contextual information (potentially including location) and properties of the resources. One or more Trusted Privacy Services are involved to mediate the access to the data, based on the satisfaction of pertinent policies. Resources might be equipped with trusted computing components (e.g. Trusted Platform Modules [

1

]) to provide higher assurance and trust about the contextual statements or properties of these resources (such as their location, their status and integrity, etc.).

Anonymous communication has become a building block of network services. Besides providing anonymity, speed (and thus

real-time guarantees)

are becoming crucial as well. In this paper we will introduce the

global delaying adversary (GDA)

, an active attacker who is capable of arbitrarily delaying messages, while eavesdropping on all communication channels. This type of foe is particularly relevant for inter-mix relationships, where communication between the partners is secured (by authentication and integrity protection), and delaying remains the only effective external active attacking possibility. To counter GDA, the

adaptive semi-real-time APROB Channel

will be introduced. It will be shown that the APROB Channel can provide a guaranteed level of anonymity under semi-real-time

1

conditions considering that the adversary cannot obtain any additional information by delaying messages, thus this type of attack

will not be reasonable

.