Simple Security Research Articles

Secure System of Attack Patterns towards Application Security Metric Derivation

Attack pattern system exhibits a unique property of pattern sequential cascading nature which can be identified during the design phase of an application system implementing security scenarios. In this paper a mathematical framework of secure system of attack patterns is presented to verify the stated design specification property along with theoretical back ground work. The framework defines 12 definitions of secure system of attack patterns, propositional transition system, computable functions and other supported elements. The frame work establishes 15 specifications with associated lemmas and theorems to construct and build the background towards verification of proposed system. Finally the proposed attack pattern system is assessed against the number of patterns, resources and other pattern properties with the help of simple security scenario. General Terms Application Security, Attack patterns, Properties of attack pattern

A robust and simple security extension for the medical standard SCP-ECG

This paper proposes a SCP-ECG security extension after having analyzed the features of this standard, its security requirements and the current measures implemented by other medical protocols. Our approach permits SCP-ECG files to be stored safely and proper access to be granted (or denied) to users for different purposes: interpretation of the test, consultation, clinical research or teaching. The access privileges are scaled by means of role-based profiles supported by cryptographic elements (ciphering, digital certificates and digital signatures). These elements are arranged as metadata into a new section which extends the protocol and protects the remaining sections. The application built to implement this approach has been extensively tested, showing its capacity to authenticate users and to protect the integrity of files and the privacy of sensitive data, with a low impact on file size and access time. In addition, this solution is compatible with any version of the SCP-ECG and can be easily integrated into e-health platforms.

A New Anonymous but Accountable Secure Proxy Signature Scheme

Privacy has become one of the most important human rights of the modern age. In order to verify the validity of the proxy signature, the verifier need get the original signers’ public key and the proxy signer’s public key. Obviously, the verification would leak the relationship between the proxy signer and the original signer. Using the technology of pseudonym, in this paper, we propose a simple secure anonymous but accountable method for proxy signer in a proxy signature scheme. Unless the corresponding evidence has been provided by the original signer, no one can find the proxy signer’s real identity or public key. In the scheme, the can reveal the identity of the proxy signer; moreover, the original signer can also demonstrate the identity of the proxy signer. Specially, we realize the property of anonymous but accountable without complex computation and trusted third party which is different to earlier method. The method can be used in any proxy signature scheme based on warrant to reach the target of proxy signer’s anonymity and accountability.

Simple computer security exercises for every class room

Computer Security has grown to a field of significant importance over the last 25 years. Hacking and Cracking are subjects that many students are fascinated by and curious about. In addition, the n...

TRANSFORM ANALYSIS FOR POINT PROCESSES AND APPLICATIONS IN CREDIT RISK

This paper develops a formula for a transform of a vector point process with totally inaccessible arrivals. The transform is expressed in terms of a Laplace transform under an equivalent probability measure of the point process compensator. The Laplace transform of the compensator can be calculated explicitly for a wide range of model specifications, because it is analogous to the value of a simple security. The transform formula extends the computational tractability offered by extant security pricing models to a point process and its applications, which include valuation and risk management problems arising in single‐name and portfolio credit risk.

Analytic Hierarchy Process to Improve Simple Bridge Security Checklist

Enhancement of bridge security is key to improved homeland security and entails several steps, including on-site assessment, analysis of security components, and implementation of some mitigation measures. A review of the nation's current bridge security posture showed a need to develop methods to identify critical bridges as security hazards and to provide engineering standards and guidelines for security design to reduce the vulnerability of bridges to attack. In particular, a need was seen for a simple bridge security checklist to provide on-site assessment of bridge vulnerability and security risk. After the events of September 11, 2001, the New Jersey Department of Transportation asked Rutgers University to develop a checklist to be used by bridge inspectors to provide management with security data for the department's entire bridge inventory. Rutgers developed a concise checklist, which consisted of yes or no questions in three categories: occurrence, vulnerability, and importance. The overall risk of a structure was measured in terms of an equation risk. To improve this tool, a survey was administered to industry subject matter experts across the United States to determine the relative importance of each question. The data from the survey were analyzed with the use of the analytic hierarchy process, and new weights were assigned to each question. This paper provides the results of the survey and discusses the methodology, analysis of the survey results, and implementation of the updated tool.

An Australian Perspective on the Challenges for Computer and Network Security for Novice Endusers

It is common for end-users to have difficulty in using computer or network security appropriately and thus have often been ridiculed when misinterpreting instructions or procedures. This discussion paper details the outcomes of research undertaken over the past six years on why security is overly complex for end-users. The results indicate that multiple issues may render end-users vulnerable to security threats and that there is no single solution to address these problems. Studies on a small group of senior citizens has shown that educational seminars can be beneficial in ensuring that simple security aspects are understood and used appropriately.

Marlin: toward seamless content sharing and rights management

Digital rights management is used to protect copyrighted content from unauthorized use. However, it still remains challenging to strike a balance between content sharing and rights management. Marlin is developing open standards for interoperable DRM technology. The Octopus and NEMO frameworks in Marlin are the underlying technologies to realize seamless content sharing and rights management to support a wide variety of business models. We demonstrate the use of Octopus and NEMO in a practical manner by means of Marlin Broadband Network Services (MBNS) and Marlin Shared Domain (MSD). Marlin Simple Secure Streaming (MS3) is designed for protecting streaming content in a simple and efficient manner. We show the industrial adoption of Marlin as the first step toward creating an open and interoperable DRM ecosystem through example deployments of Marlin technology in the market.

Quantum tagging: Authenticating location via quantum information and relativistic signaling constraints

We define the task of {\it quantum tagging}, that is, authenticating the classical location of a classical tagging device by sending and receiving quantum signals from suitably located distant sites, in an environment controlled by an adversary whose quantum information processing and transmitting power is unbounded. We define simple security models for this task and briefly discuss alternatives. We illustrate the pitfalls of naive quantum cryptographic reasoning in this context by describing several protocols which at first sight appear unconditionally secure but which, as we show, can in fact be broken by teleportation-based attacks. We also describe some protocols which cannot be broken by these specific attacks, but do not prove they are unconditionally secure. We review the history of quantum tagging protocols, which we first discussed in 2002 and described in a 2006 patent (for an insecure protocol). The possibility has recently been reconsidered by other authors. All the more recently discussed protocols of which we are aware were either previously considered by us in 2002-3 or are variants of schemes then considered, and all are provably insecure.

The Efficient CCA Secure Public-Key Encryption Scheme

The security and efficient public key encryption algorithm is an important technology guarantee for security of information systems.This paper uses an idea of trapdoor commitment function to protect ciphertext integrity,thus presents a provable public-key encryption(PKE) scheme in the standard model,which is secure against adaptive chosen ciphertext attacks(CCA).The new encryption scheme is very efficient: Compared to the previously most famous scheme by Cramer and Shoup(CS98) it has 20% shorter public keys and 80% shorter secret keys;compared to the scheme by BMW05 it has shorter public/secret keys and has tighter and simpler security reduction.The new encryption scheme supports public ciphertext integrity verification,has short public/secret keys,and its security proved reduces to the Gap Hashed Diffie-Hellman(GHDH) assumption tightly.

Transform Analysis for Point Processes and Applications in Credit Risk

This paper develops a formula for a transform of a vector point process with totally inaccessible arrivals. The transform is expressed in terms of a Laplace transform under an equivalent probability measure of the point process compensator. The Laplace transform of the compensator can be calculated explicitly for a wide range of model specifications, because it is analogous to the value of a simple security. The transform formula extends the computational tractability offered by extant security pricing models to a point process and its applications, which include valuation and risk management problems arising in single-name and portfolio credit risk.

Efficient and Secure Authenticated Key Exchange Protocols in the eCK Model

In this paper, we propose two authenticated key exchange (AKE) protocols and prove their security in the extended Canetti-Krawczyk model. The first protocol, called NAXOS+, is obtained by slightly modifying the NAXOS protocol proposed by LaMacchia, Lauter and Mityagin [15]. We prove its security under the Computational Diffie-Hellman (CDH) assumption by using the trapdoor test introduced in [6]. To the authors' knowledge, this is the first AKE protocol which is secure under the CDH assumption in the eCK model. The second protocol, called NETS, enjoys a simple and tight security reduction compared to existing schemes including HMQV and CMQV without using the Forking Lemma. Since each session of the NETS protocol requires only three exponentiations per party, its efficiency is also comparable to MQV, HMQV and CMQV.

PERSEN: power-efficient logical ring based key management for clustered sensor networks

Cluster-based organisation is widely used to achieve energy efficiency in Wireless Sensor Networks (WSNs). To achieve confidentiality of the sensed data, it is necessary to have a secret key shared between a node and its Cluster Head (CH). Key management is challenging as the CH changes in every round in cluster-based organisation. In this paper, we propose two schemes for key management in clustered sensor networks with changing CH. In Simple Secure Logical Ring (SSLR) scheme, communication and computation cost incurred for key establishment is constant. In Burmester Desmedt Logical Ring (BDLR) scheme, key establishment is achieved by performing (n + 1) multiplications and (n + 5) communications, where n is the number of nodes in the cluster. Simulation results show that node compromise in the proposed schemes is handled efficiently.

Security Engineering of SOA Applications Via Reliability Patterns

Providing reliable compositions of Web Services is a challenging issue since the workflow architect often has only a limited control over the reliability of the composed services. The architect can instead achieve reliability by properly planning the workflow architecture. To this end he must be able to evaluate and compare the reliability of multiple architectural solutions. In this paper we present a useful tool which allows to conduct reliability analysis on planned workflows, as well as to compare the reliability of alternative solutions in a what-if analysis. The tool is implemented as a plug-in for the widely adopted Active BPEL Designer and exploits the concept of reliability pattern to evaluate the reliability formula of the workflow. The effectiveness of the approach and the operation of the tool are demonstrated with respect to a case study of a business security infrastructure realized by orchestrating simple security services.

Sharing information for event analysis over the wide Internet

Cross-domain event information sharing is a topic of great interest in the area of event based network management. In this work we use data sets which represent actual attacks in the operational Internet. We analyze the data sets to understand the dynamics of the attacks and then go onto show the effectiveness of sharing incident related information to contain these attacks. We describe universal data acquisition system for event based management (UniDAS), a novel system for secure and automated cross-domain event information sharing. The system uses a generic, structured data format based on a standardized incident object description and exchange format (IODEF). IODEF is an XML-based extensible data format for security incident information exchange. We propose a simple and effective security model for IODEF and apply it to the secure and automated generic event information sharing system UniDAS. We present the system we have developed and evaluate its effectiveness.

A logical specification and analysis for SELinux MLS policy

The SELinux mandatory access control (MAC) policy has recently added a multilevel security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of the SELinux MLS model makes it impractical to manually evaluate that a given policy meets certain specific properties. To address this issue, we have modeled the SELinux MLS model, using a logical specification and implemented that specification in the Prolog language. Furthermore, we have developed some analyses for testing information flow properties of a given policy as well as an algorithm to determine whether one policy is compliant with another. We have implemented these analyses in Prolog and compiled our implementation into a tool for SELinux MLS policy analysis, called PALMS. Using PALMS, we verified some important properties of the SELinux MLS reference policy, namely that it satisfies the simple security condition and ⋆-property defined by Bell and LaPadula. We also evaluated whether the policy associated to a given application is compliant with the policy of the SELinux system in which it would be deployed.

Survey on secure network coding

The recent advance in secure network coding techniques was reviewed.Firstly,the main idea of network coding was introduced.Then a number of secure network coding protocols were demonstrated to contact different adversaries in communication networks and the design of secure network coding schemes integrated with the characteristics of network coding was highlighted.Furthermore,a brief overview of the relationships among secure network coding,cost criterion and network capacity were presented.Finally,the theory and application prospects for secure network coding were given and analyzed.Considering the intrinsic properties of network coding,to devise simple and efficient secure network coding schemes is an important tendency.

High Speed Data Routing in Vehicular Sensor Networks

In this paper, we show through a simple secure symmetric key based protocol design and experiments the feasibility of secure data collection in a vehicular sensor networks. This protocol exhibits high speed data routing for sensor data collection through vehicles. The large communictaion and storage capacities of a vehicle and its mobility facilitates this high speed routing scheme compared with routing through hop-by-hop communication among sensors. We demonstrate that the protocol works in a realistic setting by collecting the real trace data through real implementation.

An audit framework to support information system security management

The widespread adoption of information and communication technology has promoted an increase dependency of organisations from the performance of their information systems. As a result, adequate security procedures to properly manage information security must be established by the organisations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit information system security is proposed and discussed. The proposed framework intends to assist organisations firstly, to understand what assets precisely need to be protect and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a simple security auditing process to support the organisation to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new internet-enabled services. The presented framework is based on a conceptual model approach, comprising the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Enumeration Based Security Behavior Model Checking Algorithm

Model Carrying Code(MCC) provides a way to safe execution of untrusted code by taking both mobile code producer and consumers into consideration, where it checks mobile code security by comparing security related program behavior model with security policies. In this paper an enumeration based algorithm to checking security related behavior with respect to security policy has been given, where security behavior has been modeled as extended context free grammar and the security policy has been specified as extended FSA. Solutions to dealing with loops and recursions have been introduced. A program has been developed for implementing the algorithm, and several experiments have been done. It has been indicated that our algorithm can effectively check small scale security behavior models on the basis of simple security policies.