Página 11 dos resultados de 8247 itens digitais encontrados em 0.017 segundos

Password secured sites : stepping forward with keystroke dynamics

Magalhães, Paulo Sérgio; Revett, Kenneth; Santos, Henrique Dinis dos
Fonte: IEEE Computer Society Publicador: IEEE Computer Society
Tipo: Conferência ou Objeto de Conferência
Publicado em //2005 Português
Relevância na Pesquisa
37.285583%
Computer Authentication is a critical component of most computer systems, especially those used in e-Commerce activities over the internet. Global access to information makes security, namely the authentication process, a critical design issue in these systems. In what concerns to authentication, what is required is a reliable, hardware independent and efficient security system. In this paper, we propose an extension to a keystroke dynamics based security system. We provide evidence that completely software based systems can be as effective as expensive and cumbersome hardware based systems. Our system is a behavioral based system that captures the normal typing patterns of a user and uses that information, in addition to standard login/password security to provide a system that is user-friendly and very effective at detecting imposters. The results provide a means of dealing with enhanced security that is growing in demand in web-based applications based on Commerce.

New foundations for efficient authentication, commutative cryptography, and private disjointness testing

Weis, Stephen August, 1978-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 115 p.
Português
Relevância na Pesquisa
37.285583%
This dissertation presents new constructions and security definitions related to three areas: authentication, cascadable and commutative crytpography, and private set operations. Existing works relevant to each of these areas fall into one of two categories: efficient solutions lacking formal proofs of security or provably-secure, but highly inefficient solutions. This work will bridge this gap by presenting new constructions and definitions that are both practical and provably-secure. The first contribution in the area of efficient authentication is a provably-secure authentication protocol named HB+. The HB+ protocol is efficient enough to be implemented on extremely low-cost devices, or even by a patient human with a coin to flip. The security of HB+ is based on the hardness of a long-standing learning problem that is closely related to coding theory. HB+ is the first authentication protocol that is both practical for low-cost devices, like radio frequency identification (RFID) tags, and provably secure against active adversaries. The second contribution of this work is a new framework for defining and proving the security of cascadable cryptosystems, specifically commutative cryptosystems.; (cont.) This new framework addresses a gap in existing security definitions that fail to handle cryptosystems where ciphertexts produced by cascadable encryption and decryption perations may contain some message-independent history. Several cryptosystems...

The effects of security choices and limits in a metacomputing environment

Irvine, Cynthia E.; Levin, Timothy E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Relatório
Português
Relevância na Pesquisa
37.285583%
It is anticipated that the introduction of metacomputing and distributed resource management mechanisms to the Internet and World Wide Web will make available to users and applications a large diversity of previously unavailable network and computing resources. New methods of managing the scheduling and allocation of distributed resources bring into focus new problems and approaches for managing security in those contexts. We present an analysis layered and variable security services and requirements. These services and requirements may be accessed via a network control program such as a Resource Management System (RMS) which is responsible for scheduling resources in distributed heterogeneous environments. The RMS will not present the same "virtual computer/network" to the same job each time it is submitted for execution. Each instance will be comprised of potentially different actual resources with different properties. Our objective is to understand how user and application requirements, characterized as choices and limits, can affect the overall security provided. A method is presented for fairly measuring the effectiveness of an RMS in performing security allocation and assignments with respect to security choices made by metacomputer users and applications.

CyberCIEGE scenario illustrating secrecy issues through mandatory and discretionary access control policies in a multi-level security network

LaMore, Robert L.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.285583%
Approved for public release, distribution is unlimited; User training in computer and network security is crucial to the survival of modern networks, yet the methods employed to train users often seem ineffective. One possible reason is that users are not fully engaged during these training sessions and thus they tend to forget the lessons being taught. The CyberCIEGE game introduces a new method of training in computer and network security. The player engages in a simulation-based network security game, that reflects real-world security principles. Each time the CyberCIEGE game runs, it loads a Scenario Definition File (SDF) written to teach specific security concepts. This thesis developed such a scenario definition file for the CyberCIEGE game. The educational purpose of the scenario is to illustrate secrecy issues in the context of mandatory and discretionary access control in a multilevel networked environment. The primary work of this thesis was to construct the scenario definition file such that playing the resulting game would achieve this educational purpose. This thesis also resulted in the construction of scenario definition files to test the CyberCIEGE game engine for expected results. These tests resulted in several recommendations for improvement in the game engine.

Chris Eagle: Attacking Obfuscated Code with IDA Pro-(Partial Japanese)

Eagle, Chris
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Áudio
Português
Relevância na Pesquisa
37.28978%
Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can be used to protect intellectual property. In the Linux world, tools such as Burneye and Shiva exist which can be used in ways similar to any Window's obfuscation tool. To fight such methods, analysts have created specific tools or techniques for unraveling these code obfuscators in order to reveal the software within. To date, in the fight against malware, anti-virus vendors have had the luxury of focusing on signature development since obfuscation of malware has presented little challenge. To combat this, malware authors are rapidly morphing their code in order to evade quickly developed and deployed signature-matching routines. What will happen when malware authors begin to morph their obfuscation techniques as rapidly as they morph their worms? While not designed specifically as a malware protection tool, one program, Shiva, aims to do exactly that. Shiva forces analysis of malicious code to be delayed while analysts fight through each novel mutation of Shiva's obfuscation mechanism. This...

SNEED: Enhancing Network Security Services Using Network Coding and Joint Capacity

Aly, Salah A.; Ansari, Nirwan; Poor, H. Vincent
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/12/2010 Português
Relevância na Pesquisa
37.285583%
Traditional network security protocols depend mainly on developing cryptographic schemes and on using biometric methods. These have led to several network security protocols that are unbreakable based on difficulty of solving untractable mathematical problems such as factoring large integers. In this paper, Security of Networks Employing Encoding and Decoding (SNEED) is developed to mitigate single and multiple link attacks. Network coding and shared capacity among the working paths are used to provide data protection and data integrity against network attackers and eavesdroppers. SNEED can be incorporated into various applications in on-demand TV, satellite communications and multimedia security. Finally, It is shown that SNEED can be implemented easily where there are k edge disjoint paths between two core nodes (routers or switches) in an enterprize network.

Deciding security properties for cryptographic protocols. Application to key cycles

Comon-Lundh, Hubert; Cortier, Véronique; Zalinescu, Eugen
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.285583%
There is a large amount of work dedicated to the formal verification of security protocols. In this paper, we revisit and extend the NP-complete decision procedure for a bounded number of sessions. We use a, now standard, deducibility constraints formalism for modeling security protocols. Our first contribution is to give a simple set of constraint simplification rules, that allows to reduce any deducibility constraint system to a set of solved forms, representing all solutions (within the bound on sessions). As a consequence, we prove that deciding the existence of key cycles is NP-complete for a bounded number of sessions. The problem of key-cycles has been put forward by recent works relating computational and symbolic models. The so-called soundness of the symbolic model requires indeed that no key cycle (e.g., enc(k,k)) ever occurs in the execution of the protocol. Otherwise, stronger security assumptions (such as KDM-security) are required. We show that our decision procedure can also be applied to prove again the decidability of authentication-like properties and the decidability of a significant fragment of protocols with timestamps.; Comment: revised version (corrected small mistakes, improved presentation); to be published in ACM Transactions on Computational Logic; 39 pages

Proceedings 8th International Workshop on Security Issues in Concurrency

Chatzikokolakis, Konstantinos; Cortier, Véronique
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 25/02/2011 Português
Relevância na Pesquisa
37.285583%
This volume contains the proceedings of the 8th Workshop on Security Issues in Concurrency (SecCo 2010). The workshop was held in Paris, France on August 30th, 2010, as a satellite workshop of CONCUR'10. The aim of the SecCo workshop series is to cover the gap between the security and the concurrency communities. More precisely, the workshop promotes the exchange of ideas, trying to focus on common interests and stimulating discussions on central research questions. In particular, we called for papers dealing with security issues (such as authentication, integrity, privacy, confidentiality, access control, denial of service, service availability, safety aspects, fault tolerance, trust, language-based security, probabilistic and information theoretic models) in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures, peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.

A Spatial-Epistemic Logic for Reasoning about Security Protocols

Toninho, Bernardo; Caires, Luís
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 27/02/2011 Português
Relevância na Pesquisa
37.285583%
Reasoning about security properties involves reasoning about where the information of a system is located, and how it evolves over time. While most security analysis techniques need to cope with some notions of information locality and knowledge propagation, usually they do not provide a general language for expressing arbitrary properties involving local knowledge and knowledge transfer. Building on this observation, we introduce a framework for security protocol analysis based on dynamic spatial logic specifications. Our computational model is a variant of existing pi-calculi, while specifications are expressed in a dynamic spatial logic extended with an epistemic operator. We present the syntax and semantics of the model and logic, and discuss the expressiveness of the approach, showing it complete for passive attackers. We also prove that generic Dolev-Yao attackers may be mechanically determined for any deterministic finite protocol, and discuss how this result may be used to reason about security properties of open systems. We also present a model-checking algorithm for our logic, which has been implemented as an extension to the SLMC system.; Comment: In Proceedings SecCo 2010, arXiv:1102.5161

Bitcoin and Beyond: Exclusively Informational Monies

Bergstra, Jan A.; de Leeuw, Karl
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.285583%
The famous new money Bitcoin is classified as a technical informational money (TIM). Besides introducing the idea of a TIM, a more extreme notion of informational money will be developed: exclusively informational money (EXIM). The informational coins (INCOs) of an EXIM can be in control of an agent but are not owned by any agent. INCOs of an EXIM cannot be stolen, but they can be lost, or thrown away. The difference between an EXIM and a TIM shows up when considering a user perspective on security matters. Security for an EXIM user is discussed in substantial detail, with the remarkable conclusion that computer security (security models, access control, user names, passwords, firewalls etc.) is not always essential for an EXIM, while the application of cryptography based information security is unavoidable for the use of an EXIM. Bitcoin seems to meet the criteria of an EXIM, but the assertion that "Bitcoin is an EXIM", might also be considered problematic. As a thought experiment we will contemplate Bitguilder, a hypothetical copy of Bitcoin that qualifies as an EXIM. A business ethics assessment of Bitcoin is made which reveals a number of worries. By combining Bitguilder with a so-called technical informational near-money (TINM) a dual money system...

Designing Rating Systems to Promote Mutual Security for Interconnected Networks

Xu, Jie; Zhang, Yu; van der Schaar, Mihaela
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 09/11/2012 Português
Relevância na Pesquisa
37.285583%
Interconnected autonomous systems often share security risks. However, an autonomous system lacks the incentive to make (sufficient) security investments if the cost exceeds its own benefit even though doing that would be socially beneficial. In this paper, we develop a systematic and rigorous framework for analyzing and significantly improving the mutual security of a collection of ASs that interact frequently over a long period of time. Using this framework, we show that simple incentive schemes based on rating systems can be designed to encourage the autonomous systems' security investments, thereby significantly improving their mutual security.

Q-ESP: a QoS-compliant Security Protocol to enrich IPSec Framework

Mostafa, Mahmoud; Kalam, Anas Abou El; Fraboul, Christian
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.285583%
IPSec is a protocol that allows to make secure connections between branch offices and allows secure VPN accesses. However, the efforts to improve IPSec are still under way; one aspect of this improvement is to take Quality of Service (QoS) requirements into account. QoS is the ability of the network to provide a service at an assured service level while optimizing the global usage of network resources. The QoS level that a flow receives depends on a six-bit identifier in the IP header; the so-called Differentiated Services code point (DSCP). Basically, Multi-Field classifiers classify a packet by inspecting IP/TCP headers, to decide how the packet should be processed. The current IPSec standard does hardly offer any guidance to do this, because the existing IPSec ESP security protocol hides much of this information in its encrypted payloads, preventing network control devices such as routers and switches from utilizing this information in performing classification appropriately. To solve this problem, we propose a QoS-friendly Encapsulated Security Payload (Q-ESP) as a new IPSec security protocol that provides both security and QoS supports. We also present our NetBSD kernel-based implementation as well as our evaluation results of Q-ESP.

BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?

Lychev, Robert; Goldberg, Sharon; Schapira, Michael
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 10/07/2013 Português
Relevância na Pesquisa
37.285583%
As the rollout of secure route origin authentication with the RPKI slowly gains traction among network operators, there is a push to standardize secure path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin authentication already does much to improve routing security. Moreover, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in "partial deployment" alongside BGP for a long time. We therefore use theoretical and experimental approach to study the security benefits provided by partially-deployed S*BGP, vis-a-vis those already provided by origin authentication. Because routing policies have a profound impact on routing security, we use a survey of 100 network operators to find the policies that are likely to be most popular during partial S*BGP deployment. We find that S*BGP provides only meagre benefits over origin authentication when these popular policies are used. We also study the security benefits of other routing policies, provide prescriptive guidelines for partially-deployed S*BGP, and show how interactions between S*BGP and BGP can introduce new vulnerabilities into the routing system.

Directed Security Policies: A Stateful Network Implementation

Diekmann, Cornelius; Hupel, Lars; Carle, Georg
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 05/05/2014 Português
Relevância na Pesquisa
37.285583%
Large systems are commonly internetworked. A security policy describes the communication relationship between the networked entities. The security policy defines rules, for example that A can connect to B, which results in a directed graph. However, this policy is often implemented in the network, for example by firewalls, such that A can establish a connection to B and all packets belonging to established connections are allowed. This stateful implementation is usually required for the network's functionality, but it introduces the backflow from B to A, which might contradict the security policy. We derive compliance criteria for a policy and its stateful implementation. In particular, we provide a criterion to verify the lack of side effects in linear time. Algorithms to automatically construct a stateful implementation of security policy rules are presented, which narrows the gap between formalization and real-world implementation. The solution scales to large networks, which is confirmed by a large real-world case study. Its correctness is guaranteed by the Isabelle/HOL theorem prover.; Comment: In Proceedings ESSS 2014, arXiv:1405.0554

A Local Mean Field Analysis of Security Investments in Networks

Lelarge, Marc; Bolot, Jean
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.285583%
Getting agents in the Internet, and in networks in general, to invest in and deploy security features and protocols is a challenge, in particular because of economic reasons arising from the presence of network externalities. Our goal in this paper is to carefully model and quantify the impact of such externalities on the investment in, and deployment of, security features and protocols in a network. Specifically, we study a network of interconnected agents, which are subject to epidemic risks such as those caused by propagating viruses and worms, and which can decide whether or not to invest some amount to self-protect and deploy security solutions. We make three contributions in the paper. First, we introduce a general model which combines an epidemic propagation model with an economic model for agents which captures network effects and externalities. Second, borrowing ideas and techniques used in statistical physics, we introduce a Local Mean Field (LMF) model, which extends the standard mean-field approximation to take into account the correlation structure on local neighborhoods. Third, we solve the LMF model in a network with externalities, and we derive analytic solutions for sparse random graphs, for which we obtain asymptotic results. We explicitly identify the impact of network externalities on the decision to invest in and deploy security features. In other words...

Towards a relation extraction framework for cyber-security concepts

Jones, Corinne L.; Bridges, Robert A.; Huffer, Kelly; Goodall, John
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 16/04/2015 Português
Relevância na Pesquisa
37.285583%
In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised Natural Language Processing and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting from the desired relations. Preliminary testing on a small corpus shows promising results, obtaining precision of .82.; Comment: 4 pages in Cyber & Information Security Research Conference 2015, ACM

On Defendability of Security Properties

Jamroga, Wojciech; Melissen, Matthijs; Schnoor, Henning
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 03/04/2014 Português
Relevância na Pesquisa
37.285583%
We study the security of interaction protocols when incentives of participants are taken into account. We begin by formally defining correctness of a protocol, given a notion of rationality and utilities of participating agents. Based on that, we propose how to assess security when the precise incentives are unknown. Then, the security level can be defined in terms of defender sets, i.e., sets of participants who can effectively "defend" the security property as long as they are in favor of the property. We present some theoretical characterizations of defendable protocols under Nash equilibrium, first for bijective games (a standard assumption in game theory), and then for games with non-injective outcomes that better correspond to interaction protocols. Finally, we apply our concepts to analyze fairness in the ASW contract-signing protocol.; Comment: In Proceedings SR 2014, arXiv:1404.0414

Efficient Wireless Security Through Jamming, Coding and Routing

Ghaderi, Majid; Goeckel, Dennis; Orda, Ariel; Dehghan, Mostafa
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 09/04/2013 Português
Relevância na Pesquisa
37.285583%
There is a rich recent literature on how to assist secure communication between a single transmitter and receiver at the physical layer of wireless networks through techniques such as cooperative jamming. In this paper, we consider how these single-hop physical layer security techniques can be extended to multi-hop wireless networks and show how to augment physical layer security techniques with higher layer network mechanisms such as coding and routing. Specifically, we consider the secure minimum energy routing problem, in which the objective is to compute a minimum energy path between two network nodes subject to constraints on the end-to-end communication secrecy and goodput over the path. This problem is formulated as a constrained optimization of transmission power and link selection, which is proved to be NP-hard. Nevertheless, we show that efficient algorithms exist to compute both exact and approximate solutions for the problem. In particular, we develop an exact solution of pseudo-polynomial complexity, as well as an epsilon-optimal approximation of polynomial complexity. Simulation results are also provided to show the utility of our algorithms and quantify their energy savings compared to a combination of (standard) security-agnostic minimum energy routing and physical layer security. In the simulated scenarios...

Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems

Greensmith, Julie; Aickelin, Uwe; Twycross, Jamie
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 03/02/2010 Português
Relevância na Pesquisa
37.289587%
In recent years computer systems have become increasingly complex and consequently the challenge of protecting these systems has become increasingly difficult. Various techniques have been implemented to counteract the misuse of computer systems in the form of firewalls, anti-virus software and intrusion detection systems. The complexity of networks and dynamic nature of computer systems leaves current methods with significant room for improvement. Computer scientists have recently drawn inspiration from mechanisms found in biological systems and, in the context of computer security, have focused on the human immune system (HIS). The human immune system provides a high level of protection from constant attacks. By examining the precise mechanisms of the human immune system, it is hoped the paradigm will improve the performance of real intrusion detection systems. This paper presents an introduction to recent developments in the field of immunology. It discusses the incorporation of a novel immunological paradigm, Danger Theory, and how this concept is inspiring artificial immune systems (AIS). Applications within the context of computer security are outlined drawing direct reference to the underlying principles of Danger Theory and finally...

Data Security Equals Graph Connectivity

Kao, Ming-Yang
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 26/01/2001 Português
Relevância na Pesquisa
37.285583%
To protect sensitive information in a cross tabulated table, it is a common practice to suppress some of the cells in the table. This paper investigates four levels of data security of a two-dimensional table concerning the effectiveness of this practice. These four levels of data security protect the information contained in, respectively, individual cells, individual rows and columns, several rows or columns as a whole, and a table as a whole. The paper presents efficient algorithms and NP-completeness results for testing and achieving these four levels of data security. All these complexity results are obtained by means of fundamental equivalences between the four levels of data security of a table and four types of connectivity of a graph constructed from that table.