SECRYPT 2007 Abstracts CONFERENCE Area 1 - Access Control and Intrusion Detection Area 2 - Network Security and Protocols Area 3 - Cryptographic Techniques and Key Management Area 4 - Information Assurance Area 5 - Security in Information Systems Title: RELIABLE PROCESS FOR SECURITY POLICY DEPLOYMENT Author(s): Stere Preda, Nora Cuppens-Boulahia, Frederic Cuppens, JoaquinG.Alfaro, and Laurent Toutain Abstract: We focus in this paper on the problem of configuring and managing network security devices, such as Firewalls, Virtual Private Network (VPN) tunnels, and Intrusion Detection Systems (IDSs). Our proposal is the following. First, we formally specify the security requirements of a given system by using an expressive access control model. As a result, we obtain an abstract security policy, which is free of ambiguities, redundancies or unnecessary details. Second, we deploy such an abstract policy through a set of automatic compilations into the security devices of the system. This proposed deployment process not only simplifies the security administrator's job, but also guarantees a resulting configuration free of anomalies and/or inconsistencies. Title: A COMBINATORICS PROLIFERATION MODEL TO DETERMINE THE TIMING FOR BLOCKING SCANNING MALWARE Author(s): Kazumasa Omote, Takeshi Shimoyama and Satoru Torii Abstract: One of the worst threats present in an enterprise network is the propagation of “scanning malware” (e.g., scanning worms and bots). It is important to prevent such scanning malware from spreading within an enterprise network. It is especially important to suppress scanning malware infection to less than a few infected hosts. We estimated the timing of containment software to block “scanning malware” in a homogeneous enterprise network. The “combinatorics proliferation model”, based on discrete mathematics, developed in this study derives a threshold that gives the number of the packets sent by a victim that must not be exceeded in order to suppress the number of infected hosts to less than a few. This model can appropriately express the early state under which an infection started. The result from our model fits very well to the result of computer simulation using a typical existing scanning malware and an actual network. Title: PRACTICAL SECURE BIOMETRICS USING SET INTERSECTION AS A SIMILARITY MEASURE Author(s): Daniel Socek, Dubravko Culibrk and Vladimir Bozovi Abstract: A novel scheme for securing biometric templates of variable size and order is proposed. The proposed scheme is based on new similarity measure approach, namely the set intersection, which strongly resembles the methodology used in most current state-of-the-art biometrics matching systems. The applicability of the new scheme is compared with that of the existing principal schemes, and it is shown that the new scheme has clear advantages over the existing approaches. Title: ON THE EFFECT OF SCORE EQUALIZATION IN SVM MULTIMODAL BIOMETRIC SYSTEMS Author(s): Pascual Ejarque and Javier Hernando Abstract: Most Support Vector Machine (SVM) based systems make use of conventional methods for the normalization of the features or the scores previously to the fusion stage. In this work, in addition to the conventional methods, two equalization methods, histogram equalization, which was recently introduced in multimodal systems, and Bi-Gaussian equalization, which is presented in this paper, are applied upon the scores in a multimodal person verification system composed by prosodic, speech spectrum, and face information. The equalization techniques have obtained the best results; concretely, Bi-Gaussian equalization outperforms in more than a 22.19 % the results obtained by Min-Max normalization, the most used normalization technique in SVM fusion systems. The prosodic and speech spectrum scores have been provided by speech experts using records of the Switchboard I database and the face scores have been obtained by a face recognition system upon XM2VTS database. Title: MAIS: MOBILE AGENT INTEGRITY SYSTEM A Security System to IDS based on Autonomous Agents Author(s): Rafael Páez, Joan Tomàs, Jordi Forné and Miquel Soriano Abstract: Intrusion Detection Systems based on autonomous agents are a promising technology due to their scalability, resilience to failures, independence and reduction of network traffic. However, when used to protect critical systems, the IDS by itself can be the target of malicious attacks. In this paper we propose a security system to verify the integrity of the IDS agents during their execution time, by using software watermarking techniques. Title: IMPLEMENTATION AND ANALYSIS OF A HANDWRITTEN SIGNATURE VERIFICATION TECHNIQUE Author(s): Alan McCabe and Jarrod Trevathan Abstract: There is considerable interest in authentication based on handwritten signature verification because it is superior to many other biometric authentication techniques such as finger prints or retinal patterns, which are reliable but {\it much more intrusive}. The paper details a number of experiments using a signature verfication technique which is unlike any other reported in literature. Specifically, characters are used to represent various features of a signature image allowing the use of existing and proven string distance metrics to determine distances between signatures. Extensive testing shows that our proposed system is comparable with, and in many aspects better than the highest quality signature verfication techniques presented in literature. Title: TOWARDS USER AUTHENTICATION FLEXIBILITY Author(s): Laurent Gomez and Ivonne Thomas Abstract: In order to gain access to a resource protected by an authorization service, a user can be led to authenticate. In traditional approaches, user authentication is performed by means of a combination of authentication factors statically specified in an access control policy of an authorization service. In this paper, we propose to improve the flexibility of user authentication by enabling to authenticate himself by means of authentication factors at his disposal. We understand authentication factor as any piece of information used to assess the identity of a user. Capitalizing on opinion metric from subjective logic (Josang, 2001), the authorization service specifies an authentication level to be reached in order to gain access to a resource. Title: COMBINED DATA MINING APPROACH FOR INTRUSION DETECTION Author(s): U. Zurutuza, R. Uribeetxeberria, E. Azketa, G. Gil, J. Lizarraga and M. Fernández Abstract: This paper presents the results of the project MIAU, a data mining approach for intrusion detection alert correlation. MIAU combines different data mining techniques in order to properly solve some existing problems in the management and analysis of alerts generated by actual intrusion detection systems. Some of these data mining methods and their application to MIAU are introduced in this paper. Experiments have been carried out with the purpose of demonstrating the validity of the proposed model and some conclusions about them are extracted. Finally, some possible improvements for the system and further work are exposed. Title: DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS Author(s): Paola Baldassarri, Anna Montesanto and PaoloPuliti Abstract: The main idea of the present work is to create a system able to detect intrusions in computer networks. For this purpose we propose a novel intrusion detection system (IDS) based on an anomaly approach. We analyzed the network traffic from (outbound traffic) and towards (inbound traffic) a victim host through another host. Besides we realized an architecture consisted of two subsystems: a statistical subsystem and a neural networks based subsystem. The first elaborates chosen features extracted from the network traffic and it allows determining if an attack occurs through a preliminary visual inspection. The neural subsystem receiving in input the output of the statistical subsystem has to indicate the status of the monitored host. It classifies the network traffic distinguishing the background traffic from the anomalous one. Moreover the system has to be able to classify different instances of the same attack in the same class, distinguishing in a completely autonomous way different typology of attack. Title: AN IMPROVED MODEL FOR SECURE CRYPTOGRAPHIC INTEGRITY VERIFICATION OF LOCAL CODE Author(s): Christian Payne Abstract: Trusted fingerprinting is a new model for cryptographic integrity verification of executed code and related objects to protect users against illicit modifications to system programs and attacks by malicious code. In addition to a number of other novel features, trusted fingerprinting improves upon previous designs by managing the privileges assigned to processes based upon their verification status. It also provides greater flexibility and as, in addition to globally verified programs, each user can independently flag for verification software relevant to their individual security requirements. Trusted fingerprinting also allows for automatic updates to fingerprints of objects where these modifications are made by trusted code. Title: ROLE AND TASK BASED AUTHORIZATION MANAGEMENT FOR PROCESS-VIEW Author(s): Mei-Yu Wu and Duen-Ren Liu Abstract: Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work discusses the authorization management of organizational roles in a process-view. A process-view, an abstracted process (workflow) derived from a base process, can provide adaptable task granularity to suit different needs of workflow participants. A novel authorization mechanism is proposed to derive a role’s permissions on virtual activities based on the role’s permissions on base activi-ties. The proposed authorization mechanisms consider duty-conflict relationships among base activities to enforce SoD. Title: ON THE IMPROVEMENT OF REMOTE AUTHENTICATION SCHEME WITH SMART CARDS Author(s): Lih-Yang Wang and Chao-Chih Chen Abstract: In 2005, Sun et al’s proposed a user-friendly remote authentication scheme. In order to improve the efficiency of the authentication process, their method is based on one-way hash function. Unlike previous methods, Sun’s method allows the user to choose and change the password locally without connecting to the server. It can resist replay attack, impersonation attack, guessing password attack, denial of service attack. However, in this paper we will point out that their scheme is vulnerable to privileged insider attack, and an enhanced scheme is proposed to eliminate the weakness. Title: TOWARDS A MULTI-MODEL VIEWS SECURITY FRAMEWORK Author(s): Lei Xia, Hao Huang and Shuying Yu Abstract: With increasing diversity and complexity of the computing environments, various security needs in one system can no longer be met by single access control model at the same time. An operating system should be able to enforce multiple access control models. A Multi-Model Views Security Framework is proposed, which is able to enforce multiple access control model views in operating system flexibly. Title: AN EFFICIENT INTRUSION DETECTION SYSTEM FOR NETWORKS WITH CENTRALIZED ROUTING Author(s): Paulo F. Andrade, Fernando Mirada Silva and Carlos Ribeiro Abstract: As Internet becomes more and more ubiquitous, security is an increasingly important topic. Furthermore, private networks are expanding and security threats from within the network have to be cautioned. For these large networks, which are generally high-speed and with several segments, Intrusion Detection System (IDS) placement usually comes down to a compromise between money invested and monitored services. One common solution in these cases, is to use more than one IDS scattered across the network, thus, raising the amount invested and administrative power to operate. Another solution is to collect data through sensors and send it to one IDS via an Ethernet hub or switch. This option normally tends to overload the hub/switch port where the IDS is connected. This paper presents a new solution, for networks with a star topology, where an IDS is coupled to the network’s core router. This solution allows the IDS to monitor every different network segment attached to the router in a round-robin fashion. Title: INTEGRATED RIGHT MANAGEMENT FOR HOME CONTENT A SIM based Right Management Solution for Home Networks Author(s): György Kálmán and Josef Noll Abstract: With continous internet access, the user behavior is changing. Now, users are creating and sharing their content over the network. With content sharing, the need for protection arises. Currently, no fine grained security solution exists, which provides such functionality for users. Easy and transparent user authentication and access control is of key importance. In this paper, we suggest a solution, where devices on the home network and in PANs may use a common right management infrastructure. Key of our recommendation is the mobile phone, which can act as a trusted key management and distribution unit for the user. In this paper, a solution is shown for easy access right management, a tamper resistant central unit is recommended and a service example is shown. Title: REMOTE ALGORITHMIC COMPLEXITY ATTACKS AGAINST RANDOMIZED HASH TABLES Author(s): Noa Bar-Yosef and Avishai Wool Abstract: Many network devices, such as routers, firewalls, and intrusion detection systems, usually maintain per-connection state in a hash table. However, hash tables are susceptible to algorithmic complexity attacks, in which the attacker degenerates the hash into a simple linked list. A common counter-measure is to randomize the hash table by adding a secret value, known only to the device, as a parameter to the hash function. Our goal is to demonstrate how the attacker can defeat this protection: we demonstrate how to discover this secret value, and to do so remotely, using network traffic. We show that if the secret value is small enough, such an attack is possible. Our attack does not rely on any weakness of a particular hash function and can work against any hash --- although a poorly chosen hash function, that produces many collisions, can make the attack more efficient. We present a mathematical modeling of the attack, simulate the attack on different network topologies and finally describe a real-life attack against a weakened version of the Linux Netfilter. Title: A 3G IMS-BASED TESTBED FOR SECURE REAL-TIME AUDIO SESSIONS Author(s): Paolo Cennamo, Antonio Fresa, Anton Luca Robustelli, Francesco Toro, Maurizio Longo and Fabio Postiglione Abstract: The emerging all-IP mobile network infrastructures based on 3rd Generation IP Multimedia Subsystem philosophy are characterised by radio access technology independence and ubiquitous connectivity for mobile users. Currently, great focus is being devoted to security issues since most of the security threats presently affecting the public Internet domain, and the upcoming ones as well, are going to be suffered by mobile users in the years to come. While a great deal of research activity, together with standardisation efforts and experimentations, is carried out on mechanisms for signalling protection, very few integrated frameworks for real-time multimedia data protection have been proposed in a context of IP Multimedia Subsystem, and even fewer experimental results based on testbeds are available. In this paper, after a general overview of the security issues arising in an advanced IP Multimedia Subsystem scenario, a comprehensive infrastructure for real-time multimedia data protection, based on the adoption of the Secure Real-Time Protocol, is proposed; then, the development of a testbed incorporating such functionalities, including mechanisms for key management and cryptographic context transfer, and allowing the setup of Secure Real-Time Protocol sessions is presented; finally, experimental results are provided together with quantitative assessments and comparisons of system performances for audio sessions with and without the adoption of the Secure Real-Time Protocol framework. Title: A QUERY UNIT FOR THE IPSEC DATABASES Author(s): Alberto Ferrante, Sathish Chandra and Vincenzo Piuri Abstract: IPSec is a suite of protocols that adds security to communications at the IP level. Protocols within IPSec make extensive use of two databases, namely the Security Policy Database (SPD) and the Security Association Database (SAD). The ability to query the SPD quickly is fundamental as this operation needs to be performed for each incoming or outgoing IP packet, even if no IPSec processing needs to be applied on it. This may easily result in millions of query per second in gigabit networks. Since the databases may be of several thousands of records on large secure gateways, a dedicated hardware solution is needed to support high throughput. In this paper we discuss an architecture for these query units, we propose different query methods for the two databases, and we compare them through simulation. Two different versions of the architecture are presented: the basic version is modified to support multithreading. As shown by the simulations, this technique is very effective in this case. The architecture that supports multithreading allows for 11 million queries per second in the best case. Title: WISE GUARD MAC Address Spoofing Detection System for Wireless LANs Author(s): Kai Tao, Jing Li and Srinivas Sampalli Abstract: MAC (Medium Access Control) address spoofing is regarded as an important first step in a hacker’s attempt to launch a variety of attacks on 802.11 wireless LANs. Unfortunately, MAC address spoofing is hard to detect. Most current spoofing detection systems mainly use the sequence number (SN) tracking technique, which has drawbacks. Firstly, it may lead to an increase in the number of false positives. Secondly, such techniques cannot be used in systems with wireless cards that do not follow standard 802.11 sequence number patterns. Thirdly, attackers can forge sequence numbers, thereby causing the attacks to go undetected. We present a new architecture called WISE GUARD (Wireless Security Guard) for detection of MAC address spoofing on 802.11 wireless LANs. It integrates three detection techniques – SN tracking, Operating System (OS) fingerprinting and tracking and Received Signal Strength (RSS) fingerprinting and tracking. It also includes the fingerprinting of Access Point (AP) parameters as an extension to the OS fingerprinting for detection of AP address spoofing. We have implemented WISE GUARD on a test bed using off-the-shelf wireless devices and open source drivers. Experimental results show that the new design enhances the detection effectiveness and reduces false positives, in comparison with current approaches. Title: MODIFIED TEMPORAL KEY INTEGRITY PROTOCOL FOR EFFICIENT WIRELESS NETWORK SECURITY Author(s): M. Razvi Doomun and K. M. Sunjiv Soyjaudah Abstract: Temporal Key Integrity Protocol (TKIP) is the IEEE TaskGroupi’s solution for the security loop holes present in the already widely deployed 802.11 hardware. It is a set of algorithms that wrap WEP to give the best possible solution given design constraints such as paucity of the CPU cycles, hardwiring of the WEP encryption algorithm and software upgrade dependent. Thus, TKIP is significantly more difficult and challenging to implement and optimise than WEP. The objective of this research is to examine the cost/benefit of TKIP security mechanisms and optimise its implementation to reduce security overhead for better performance. We propose a modified TKIP (MoTKIP) with improved packet encapsulation and decapsulation procedure that reduces computation and packet overhead in classic TKIP substantially and optimises total wireless network throughput rates. Title: PRACTICAL AND UNIVERSAL INTERPRETATION FUNCTIONS FOR SECRECY Author(s): Hanane Houmani and Mohamed Mejri Abstract: This paper shows how to define and use some functions - called interpretation functions - to verify statically the secrecy property of cryptographic protocols. An interpretation function is a function that returns the security level of an atomic message given a set of messages. The verification of the secrecy property using an interpretation functions consists in verifying if some conditions are respected by the analyzed protocol. The idea behind these conditions is to restrict the principals involved in the analyzed protocol so that they never decrease the security level (obtained by using an interpretation function) of any peace of information when they send it over the network. The proposed conditions can be syntactically verified on a cryptographic protocol in acceptable time and this proposed approach can be used to verify the secrecy property of any protocol. Title: IDENTITY BASED PUBLIC KEY EXCHANGE (IDPKE) FOR WIRELESS AD HOC NETWORKS Author(s): Clare McGrath, Ghazanfar Ali Safdar and Máire McLoone Abstract: In this paper a novel identity based public key exchange (IDPKE) protocol is proposed for wireless ad hoc networks, where the network node IDs are used as public keys. Previous research into ID based key management schemes assumes that node IDs are well known and have been distributed amongst the nodes at the time of network formation. However, this assumption limits the application of these schemes to many ad hoc networking scenarios. Our proposed IDPKE protocol addresses this disadvantage. It assumes that node IDs are not known prior to network formation and provides secure and authentic ID exchange between nodes, thus allowing employment in a wider range of applications. The IDPKE protocol is an extension to an existing certificate based scheme and it provides an increase in security and a reduction in computation and bandwidth by comparison. Title: MOBILE SECRET KEY DISTRIBUTION WITH NETWORK CODING Author(s): Paulo F. Oliveira, Rui A. Costa and Joao Barros Abstract: We consider the problem of secret key distribution in a sensor network with multiple scattered sensor nodes and a mobile device that can be used to bootstrap the network. Our main contribution is a practical scheme that relies on network coding to provide a robust and low-complexity solution for sharing secret keys among sensor nodes. In spite of its role as a key enabler for this approach, the mobile node only has access to encrypted version of the keys. In contrast with probabilistic key pre-distribution schemes our method assures secure connectivity with probability one, requiring only a modest amount of memory — initially each sensor node stores only one key per secured link. The basic scheme was implemented on a sensor network platform. Extensions to large-scale sensor networks and cluster keys are also included. Title: SECURE SERVICE PUBLISHING WITH UNTRUSTED REGISTRIES Securing Service Discovery Author(s): Slim Trabelsi and Yves Roudier Abstract: Service Discovery becomes an essential phase during the service deployment in Ubiquitous system. Applications and services tend to be more dynamic and flexible. Users need to adapt in order to locate these pervasive applications. Service mobility introduces new security challenges relating to trust and privacy. Existing solutions to secure the service discovery cannot provide any solution without relying on a trusted third party. In this paper we purport to use Attribute Based Encryption so as to protect the publishing and binding messages with untrusted registries. Title: INVESTIGATION OF COOPERATIVE DEFENSE AGAINST DDOS Author(s): Igor Kotenko and Alexander Ulanov Abstract: The paper considers a new approach and a simulation environment which have been developed for comprehensive investigation of Internet Distributed Denial of Service attacks and defense. The main peculiarities of the approach and environment are as follows: agent-oriented framework to attack and defense investigation, packet-based simulation, and capability to add new attacks and defense methods and analyze them. The main components of the simulation environment are specified. Using the approach suggested and the environment implemented we evaluate and compare several cooperative defense mechanisms against DDoS (DefCOM, COSSACK, and our own mechanism based on full cooperation). The testing methodology for defense investigation is described, and the results of experiments are presented. Title: SECURING OPEN SSL AGAINST MICRO-ARCHITECTURAL ATTACKS Author(s): Marc Joye and Michael Tunstall Abstract: This paper presents a version of the 2^k-ary modular exponentiation algorithm that is secure against current methods of side channel analysis that can be applied to PCs (the so-called micro-architectural attacks). Some optimisations to the basic algorithm are also proposed to improve the efficiency of an implementation. The proposed algorithm is compared to the current implementation of OpenSSL, and it shown that the proposed algorithm is more robust than the current implementation. Title: EFFICIENT LARGE-SCALE DISTRIBUTED KEY GENERATION AGAINST BURST INTERRUPTION Author(s): Jheng-Ru Ou, Shi-Chun Tsai and Wen-Guey Tzeng Abstract: A distributed key generation scheme allows the key servers to distributively share a secret key and then compute the corresponding public key. Canny and Sorkin~\cite{CS04} proposed a {\em probabilistic} threshold distributed key generation scheme that is suitable for the case that the number of key servers is large. The communication cost of their scheme is much less than that of previous schemes. Nevertheless, it is possible to improve their scheme in some aspects. In this paper we employ the randomness technique to cope with some problems encountered by their scheme. Our contribution is twofold. Firstly, our scheme is secure against a large cluster of dishonest key servers and the DoS attack. Secondly, our scheme has better performance in some aspects. We support this point by a series of simulation experiments. As a result, our scheme and Canny and Sorkin's scheme can be used in different situations. Title: K2:A STREAM CIPHER ALGORITH MUSING DYNAMICFEEDBACKCONTROL Author(s): Shinsaku Kiyomoto, Toshiaki Tanaka and Kouichi Sakurai Abstract: A variety of different clock-controlled stream ciphers and attacks on them have been described in a number of papers. However, few word-oriented algorithms with an irregular clocking mechanism have been proposed. This paper proposes a new design of irregular clocking for word-oriented stream ciphers that is dynamic feedback control and show analysis results of its security and performance. The stream cipher K2 v2.0 is a secure and high-performance stream cipher using the dynamic feedback control, which is applicable for several applications. We believe that the dynamic feedback control mechanism is potentially effective against several different types of attacks, not only existing attacks but also novel attacks. The earlier version of the algorithm was presented in SASC 2007 workshop. We improved the performance of initialization process on the new algorithm and added detailed analysis for the period of LFSR-B and security of the algorithm to the paper. SASC 2007 workshop provided no formal proceedings and allows to submit to other conferences. Title: A MORE EFFICIENT CONVERTIBLE NOMINATIVE SIGNATURE Author(s): Dennis Y.W.Liu, Shuang Chang and Duncan S. Wong Abstract: Nominative signature provides a division of power between a nominator and a nominee in which the validity of the nominator's signature can only be verified with the aid of the nominee. In this paper, we propose a new construction of nominative signature which is more efficient than the existing one \cite{LiuWoHuWaHuMuSu07}. Our construction is proven secure under the strongest security model currently available. We also enhance the current set of security models for nominative signature by proposing an adversarial model for the conversion of nominative signatures. Our proposed construction is also shown secure with respect to conversion. Title: ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS Author(s): K. Chalkias, F. Mpaldimtsi, D. Hristu-Varsakelis and G.Stephanides Abstract: Key establishment protocols are among the most important security mechanisms via which two or more parties can generate a common session key in order to encrypt their communications over an otherwise insecure network. This paper is concerned with the vulnerability of one-pass two-party key establishment protocols to key-compromise impersonation (K-CI) attacks. The latter may occur once an adversary has obtained the long-term private key of an honest party, and represent a serious—but often underestimated—threat. This is because an entity may not be aware that her computer has been compromised and her private key is exposed, and because a successful impersonation attack may result in far greater harm than the reading of past and future conversations. Our aim is to describe two main classes of K-CI attacks that can be mounted against all of the best-known one-pass protocols, including MQV and HMQV. We show that only one of the attacks described can be somewhat avoided (though not completely eliminated) through the combined use of digital signatures and time-stamps. Title: SUB QUADRATIC BINARY FIELD MULTIPLIER IN DOUBLE POLYNOMIAL SYSTEM Author(s): Pascal Giorgi, ChristopheNègre and Thomas Plantard Abstract: We propose a new space efficient operator to multiply elements lying in a binary field GF(2^k). Our approach is based on a novel system of representation called "Double Polynomial System" which set elements as a bivariate polynomials over GF(2). Thanks to this system of representation, we are able to use a Lagrange representation of the polynomials and then get a logarithmic time multiplier with a space complexity of O(k^(1.31)) improving previous best known method. Title: ADDITIVE PROOFS OF KNOWLEDGE A New Notion for Non-Interactive Proofs Author(s): Amitabh Saxena Abstract: In this paper, we study the opacity property of \emph{verifiably encrypted signatures} (VES) of Boneh et al. (proposed in Eurocrypt 2003). Informally, opacity implies that although some given aggregate signature can be verified, no useful information about the individual signatures is leaked. However, the very fact that an aggregate signature can be verified leaks certain information - that the individual signatures are indeed well-formed. Apart from this, is there any other information leaked? In this paper, we show that there is \emph{absolutely no other information leaked} about the individual signatures when the aggregation contains only two signatures. In more formal terms, we show that VES are \emph{Zero-Knowledge} (ZK). We then extend the ZK property of VES to propose efficient Additive Non-Interactive Witness-Indistinguishable (A-NIWI) proofs. Intuitively an A-NIWI proof can be considered as a Proof of Knowledge (PoK) of another A-NIWI proof. Title: UTILIZING SOCIAL NETWORKING PLATFORMS TO SUPPORT PUBLIC KEY INFRASTRUCTURES Author(s): Volker Gruhn, Malte Hulder and Vincent Wolff-Marting Abstract: Although public key infrastructures (PKI) exist for quite a while already, neither hierarchical PKI based on Certification Authorities (CA) nor decentralized webs-of-trust have come to great popularity, particularly not in the private sector. In this paper we want to analyze some reasons for this development and propose possible solutions. The utilization of social networking platforms which have become popular by the so-called "web 2.0", may bridge the gap between webs-of-trust and social networks. Thus, the web-of-trust structure may also become more popular and more widely spread due to the better usability this combination provides. For example, key exchange and authentication of the key owners' identities can be supported by extended means of social networking platforms. Title: SECURE LICENSE MANAGEMENT Management of Digital Object Licenses in a DRM Environment Author(s): Carlos Serrão, Miguel Dias and Jaime Delgado Abstract: In the digital world protecting digital intellectual property is proving to be a hard task. Not only it is complex to provide robust and reliable mechanisms to prevent unauthorized content copying and utilization, but also it is complex to provide a mechanism for specifying and enforcing how content can and will be used. Rights expression languages allow content providers and distributors to syntactically and semantically to express a set of rights that are associated to a digital object. In this paper we will provide the definition and description of the digital object license granting rights life cycle management and processes necessary to secure the license throughout this entire life cycle. Title: CLOCK CONTROL SEQUENCE RECONSTRUCTION IN THE GENERALIZED SHRINKING GENERATOR Author(s): Slobodan Petrovic Abstract: An algorithm is presented that reconstructs the clock control sequence in the generalized shrinking generator in the presence of noise. The shrinking generator is first reduced to a step 1/step E generator, where E depends on the maximum length of runs of zeros in the output sequence of its clocking part. Then a directed depth-first like search for optimal and suboptimal paths in the edit distance matrix corresponding to the generator is performed. The permitted path weight deviation from the optimum is determined by the noise level in the statistical model of the generator. Theoretical complexity analysis of the algorithm shows that its use is much more efficient than the exhaustive search through all the possible initial states of the clocking part of the generator. Also, since the algorithm is deterministic, the correct clock control sequence is guaranteed to be found, unlike many known algorithms of this kind. Experimental results show that the algorithm converges to the correct solution relatively fast even if the noise level is high. Title: AN EFFECTIVE AND SECURE WATERMARKING PROTOCOL FOR DIGITAL RIGHTS PROTECTION OVER THE SECOND-HAND MARKET Author(s): Ibrahim M. Ibrahim, Sherif Hazem Nour El-Din and Abdel Fatah A. Hegazy Abstract: Different buyer-seller watermarking protocols have been proposed to address preserving the digital rights of both the buyer and the seller over the first-hand market. However, the support of the digital rights over the second-hand market is still rarely addressed. This paper proposes an effective and secure watermarking protocol for digital rights protection over the second-hand market. This protocol achieves customer’s rights protection, copy deterrence, protocols' practice applicability, preventing the buyer’s participation in the dispute resolution and defending man in the middle attack along with solving the unbinding and conspiracy problems over the second-hand market. The protocol's security is based on the public key infrastructure (PKI) and exploits the existence of the certification authority (CA) that is considered the only trust anchor between the buyer and the seller. Title: THE POLYNOMIAL MULTICOMPOSITION PROBLEM IN (Z/nZ) Author(s): Neculai Daniel Stoleru and Victor Valeriu Patriciu Abstract: Generally, the public-key cryptographic schemes base their security on the difficulty of solving hard mathematical problems. The number of such problems currently known is relative reduced. Therefore the further investigation of mathematical problems with applications in cryptography is of central interest. This paper explores a new problem based on polynomial composition. We analyze the connections between the proposed problem and the RSA problem. Adjacent, we derive from it a zero – knowledge identification protocol. We show that the method allows the definition of a commutative class of polynomials. Based on this class, a “Diffie – Hellman like” key exchange protocol can be devised. Title: IMPROVING SECURITY IN CHAOTIC SPREAD SPECTRUM COMMUNICATION SYSTEMS WITH A NOVEL ‘BIT POWER PARAMETER SPECTRUM’ MEASURE Author(s): Branislav Jovic and Charles Unsworth Abstract: Due to the broadband nature and the high sensitivity to parameter and initial conditions in chaotic signals, chaotic spread spectrum (SS) communication systems have been regarded as highly secure. However, it is often easier to decrypt chaotic parameter modulation (CPM) based SS systems than was originally thought. In this paper, a single user CPM based chaotic communication system implementing Pecora-Carroll (PC) synchronization is described. Following this, the CPM based communication system, employing the chaotic carrier generated by the Burger’s map is proposed. To highlight the security aspect a new measure called ‘Bit Power Parameter Spectrum’ (BPPS) is introduced. The BPPS is then used to identify parameters that provide high secure and insecure regions for the chaotic map. Furthermore, it is demonstrated how a binary message can be decrypted easily if the parameters of the map exist in the insecure region of the BPPS and how security is optimised if the parameters exist in the secure region of the BPPS. The results are contrasted with those of the standard Lorenz CPM based system. The BPPS measure shows that the Lorenz CPM based system is easily decrypted for nearly all parameter values thus rendering the carrier insecure. Title: ANONYMOUS PREPAID CONTENT VIEWING SYSTEM WITH MOBILE TERMINAL Author(s): Toshiyuki Fujisawa, Kazuto Ogawa, Takeshi Kimura, Masaki Inamura and Toshiaki Tanaka Abstract: A number of content viewing systems that use electronic money have been proposed recently. These systems' access control uses license information stored in the specific hardware such as a set-top box (STB), which is distributed by broadcasters or communication carriers. However, such an access control decreases the usability of the system, since users cannot carry around a STB. To solve this problem, other content viewing systems uses an electronic prepaid ticket and a tamper resistant module (TRM) for digital broadcasting. In such a system, license information stored in the TRM is transferred to a user's mobile terminal, such as a cellular phone. The user, who carries this mobile terminal, can view contents away from home. This kind of system requires the license information to be managed securely and the electronic prepaid ticket payment to be performed correctly. In this paper, we propose another system that meets these requirements and enables anonymous viewing with a low CPU cost. Title: PRIVATE COMPUTING WITH BEEHIVE ORGANIZED AGENTS Author(s): Bartek Gedrojc, Jan C. A. vander Lubbe and Martin van Hensbergen Abstract: Consider the problem of using mobile agents within an e-commerce setting where the goal is to purchase a desired item for a user. The problem is that the mobile agents visit a collection of hosts which are untrustworthy and therefore could tamper with the correct execution of the agents. Our approach to the e-commerce problem prevents the hosts to retrieve the price the user is willing to pay for a desired item, it prevents the hosts to retrieve the offers given by other hosts (confidentiality) and it ensures the integrity of the agents' code, the query and itinerary. The key to our approach is the use of multiple agents for our goal; to purchase a desired item for a user. Analogous to a beehive, the user creates Drone agents that can collect data but which do not have the capability to process this data. Also, one Queen agent is deployed which uses the outputs of the Drone agents and makes a decision on that data. Simplified, we let the Drone agents do the work, while the Queen computes the result. Title: A CLOSER LOOK AT BROADCAST ENCRYPTION AND TRAITOR TRACING FOR CONTENT PROTECTION Author(s): Hongxia Jin Abstract: In this paper we take a closer look at broadcast encryption and traitor tracing in the context of content protection. In current state-of-art, these are viewed as two separate and orthogonal problems. In this paper we challenge this separation. We presented example that shows it can be insecure if a broadcast encryption scheme offers no traceability. We also show it is insufficient to have a traitor tracing scheme that does not have revocation capability and does not support multi-time tracing. Furthermore we show supporting multi-time tracing may actually mean a traitor tracing scheme also needs to have special broadcast capability. We believe these interconnected issues have been overlooked in research community so far. We hope the evidences we presented in this paper can shed new insights on future research directions in this important area. Title: MOBILE AGENT SECURITY WITH EFFICIENT OBLIVIOUS TRANSFER Author(s): Wataru Hasegawa, Masakazu Soshi and Atsuko Miyaji Abstract: Algesheimer et al. proposed a scheme using secure function evaluation for protecting mobile agents in untrusted environments. In the scheme, Trusted Third Party (TTP) is introduced and it communicates with the execution host of a mobile agent with oblivious transfer''. Unfortunately, from a viewpoint of communication, Algesheimer's scheme is inefficient because it must perform 1-out-of-2 oblivious transfer for each bit of encrypted circuit inputs. Hence Mori et al. proposed a mobile agent security scheme using a new efficient oblivious transfer. However it turns out that their oblivious transfer protocol is insecure in a special situation. Therefore, in this paper we propose secure mobile agent protocols with emphasis on efficient oblivious transfer suitable for secure function evaluation. Title: A PROVABLY SECURE MULTI-RECEIVER IDENTITY-BASED SIGNCRYPTION USING BILINEAR MAPS Author(s): Shivaramakrishnan Narayan and Parampalli Udaya Abstract: In this paper, we present a new, efficient multi-receiver identity (Id) based signcryption scheme based on pre-computation of pairing operations. The scheme uses no pairing operation while performing sign-encrypt and it turns out to be more efficient than all others proposed so far. The scheme provides confidentiality, authenticity, non-repudiation and further, facilitates public verifiability. We provide the security results of our scheme in the random oracle model for message confidentiality and signature unforgeability properties under the multi-receiver security notion. Title: FORMAL ANALYSIS METHODS OF NETWORK SECURITY DESIGN Author(s): Mariusz Stawowski Abstract: An assessment of network security design correctness requires an analysis of many aspects, e.g. security zones correctness, access control protection layers as well as protections tightness against intrusions. Using formal methods based on graph theory in medium up to large-scale networks can greatly speed up and improve accuracy of performing security analysis. The analysis models and methods described in this document allow for quick identification of network security design errors resulted from breaking the “Compartmentalization of Information” and the “Defense-in-Depth” security principles, checking if protections used allow for security incidents handling as well as verification of many other security aspects. The analysis methods developed here can be used during network security design process and also for security assessment of existing computer information systems. Title: ANANONYMOUS WATERMARKING SCHEME FOR CONTENT DISTRIBUTION PROTECTION USING TRUSTED COMPUTING Author(s): Adrian Leung and Geong Sen Poh Abstract: Many Content Distribution Protection (CDP) schemes (e.g.\ Buyer-Seller Watermarking and Asymmetric Fingerprinting) have been proposed to address the problem of illegal distribution of copyrighted content. All of the existing CDP schemes rely on a Trusted Third Party in one way or another to achieve the desired security objectives. In this paper, using the functionalities of Trusted Computing, we present an anonymous CDP watermarking scheme, which minimises the reliance of a Trusted Third Party. Our scheme allows a buyer to anonymously purchase digital content, whilst enabling the content provider to blacklist the buyers that are distributing content illegally. Title: UTILIZING EXTENSION CHARACTER ‘KASHIDA’ WITH POINTED LETTERS FOR ARABIC TEXT DIGITAL WATERMARKING Author(s): Adnan Abdul-Aziz Gutub, Lahouari Ghouti, Alaaeldin A. Amin, Talal M. Alkharobi and Mohammad K. Ibrahim Abstract: This paper exploits the existence of the redundant Arabic extension character, i.e. Kashida. We propose to use pointed letters in Arabic text with a Kashida to hold the secret bit ‘one’ and the un-pointed letters with a Kashida to hold ‘zero’. The method can be classified under secrecy feature coding methods where it hides secret information bits within the letters benefiting from their inherited points. This watermarking technique is found attractive too to other languages having similar texts to Arabic such as Persian and Urdu. Title: INDEPENDENT VOTER VERIFIABILITY FOR REMOTE ELECTRONIC VOTING Author(s): Jordi Puiggalia and Victor Morales Rocha Abstract: Most of the current efforts to implement voter verifiability methods for electronic voting are not suitable for remote electronic voting. Moreover, the remote voting verifiability methods proposed to date are inefficient, do not allow the verification of the presence of the votes after they have been decrypted or they sacrifice voter privacy requirements in order to accommodate the “cast as intended” voter verification objective. We propose a voter verifiability method for remote electronic voting that addresses each of these issues. The method is based on the implementation of cryptographically protected voting receipts and is complemented by the use of an independent verification application which is easy to audit and certify. Title: USING STEGANOGRAPHY TO IMPROVE HASH FUNCTIONS’ COLLISION RESISTANCE Author(s): Emmanouel Kellinis and Konstantinos Papapanagiotou Abstract: Lately, hash function security has received increased attention. Especially after the recent attacks that were presented for SHA-1 and MD5, the need for a new and more robust hash function has become imperative. Even though many solutions have been proposed as replacements, the transition to a new function could be costly and complex. In this paper, we introduce a mode of operation that can be applied to any existing or future hash function in order to improve its collision resistance. In particular, we use steganography, the art of hiding a message into another message, to create a scheme, named Σ-Hash, which enforces the security of hashing algorithms. We will demonstrate how, apart from hash function security, Σ-Hash can also be used for securing Open Source code from tampering attacks and other applications. Title: SECURE COMPUTATION OF COMMON DATA AMONG MALICIOUS PARTNERS Author(s): Sebastian Obermeier and Stefan Bottcher Abstract: A secure calculation of common data $(D_{1}\cap\ldots\cap D_{n})$ of different participants without disclosing $D_{i}$ is useful for many applications and has been studied as the Secure Multiparty Computation problem. However, proposed solutions assume all participants act {}semi-honest'', which means participants may neither alter the protocol execution nor fake database content. In this contribution, we focus on malicious participant behavior and prove that an atomic exchange of common data is not possible under the assumption of malicious participants. We propose a mechanism to calculate the intersection of multiple participants, which does not only reduce the disclosure in case participants cheat by altering the protocol to a negligible amount, it is also resistant against malicious participants that cooperate in order to cheat others. Furthermore, it impedes database content faking, which could be done when using other protocols by participants in order to check if data is contained in the other's databases. Last, we show experimentally the practical usability of our protocol and how the level of trust has an impact on the exchange speed of the intersection. Title: DEVELOPING A MODEL AND A TOOL TO MANAGE THE INFORMATION SECURITY IN SMALL AND MEDIUM ENTERPRISES Author(s): Luís Enrique Sánchez, Daniel Villafranca, Eduardo Fernández-Medina and Mario Piattini Abstract: The maturity and security management systems are essential in order to guarantee the continuity and stability of the companies in the current market situation. However, this requires that enterprises know in every moment their security maturity level and to what extend their information security system must evolve. In small and medium-sized enterprises, the application of security standards has an additional problem, which is the fact that they do not have enough resources to carry out an appropriate management. This security management system must have highly reduced costs for its implementation and maintenance in small and medium-sized enterprises (from here on refered to as SMEs) to be feasible. In this paper, we will put forward our proposal of a maturity model for security management in SMEs and we will briefly analyse other models that exist in the market. This approach is being directly applied to real cases, thus obtaining a constant improvement in its application. Title: A HIGH-LEVEL ASPECT-ORIENTED BASED LANGUAGE FOR SOFTWARE SECURITY HARDENING Author(s): Azzam Mourad, Marc-Andre Laverdiere and Mourad Debbabi Abstract: In this paper, we propose an aspect-oriented language, called SHL, for specifying systematically the security hardening solutions. This language constitutes our new achievement towards developing our security hardening framework. SHL allows the description and specification of security hardening plans and patterns that are used to harden systematically security into the code. It is a minimalist language built on top of the current aspect-oriented technologies that are based on advice-poincut model and can also be used in conjunction with them. The primary contribution of this approach is providing the security architects with the capabilities to perform security hardening of software by applying proven solutions and without the need to have expertise in the security solution domain. At the same time, the security hardening is applied in an organized and systematic way in order not to alter the original functionalities of the software. We explore the viability and relevance of our proposition by applying it into a case study and presenting the experimental results of securing the connections of open source software. Title: EXTENSIBLE ACCESS CONTROL MODEL FOR XML DOCUMENT COLLECTIONS Author(s): Goran Sladić, Branko Milosavljević and Zora Konjović Abstract: This paper presents the XXACF (eXtensible Role-Based XML Access Control Framework) framework for controlling access to XML documents in different environments. The proposed access control definition language and the corresponding software architecture are described. The framework enables defining access control policies on different priority and granularity levels. The XXACF enables the enforcement of access control for different operations on XML documents, as well as different ways of access control enforcement for the same operation. This framework’s configurability facilitates customization of particular implementations according to specific needs. Extensibility of XXACF framework is achieved by the possibility of extending the core functionality for specific requirements and also the addition of the new modules for context-sensitive access control. Title: PRIVACY PRESERVING k-MEANS CLUSTERING IN MULTI-PARTY ENVIRONMENT Author(s): Saeed Samet, Ali Miri and Luis Orozco-Barbosa Abstract: Extracting meaningful and valuable knowledge from databases is often done by various data mining algorithms. Nowadays, databases are distributed among two or more parties because of different reasons such as physical and geographical restrictions. But the most important issue is privacy. Related data is maintained, normally, by more than one organization, each of which wants to keep its individual information private. Therefore, privacy-preserving techniques and protocols are designed to perform data mining on distributed environments when privacy is highly concerned. Cluster analysis is a technique in data mining, by which data can be divided into some meaningful clusters, and it has an important role in different fields such as bio-informatics, marketing, machine learning, climate and medicine. \emph{$k$-means Clustering} is a prominent algorithm in this category which creates a one-level clustering of data. In this paper we introduce privacy-preserving protocols for this algorithm, along with a protocol for \emph{Secure comparison}, known as the \emph{Millionaires' Problem}, as a sub-protocol, to handle the clustering of horizontally or vertically partitioned data among two or more parties. Title: DYNAMIC CONTEXT-AWARE ACCESS CONTROL Use of Resource Hierarchies to Define Fine-grained Adaptable Authorization Policies Author(s): Annett Laube and Laurent Gomez Abstract: Complex access control rules often interfere with the business logic within applications. We show a solution based on strict separation of application and security logic that allows dynamic policy enforcement based on context-information as well as the adaptation of granularity outside the applications. The definition of resource hierarchies driven by application needs and related authorization policies make the granularity for the permissions flexible and adaptable without touching the applications themselves. The explicit notation of authorization policies and the enforcement independent from the application offer a new extensibility and follow the separation of concerns principle. Title: SECURING HEALTHGRID ENVIRONMENTS Author(s): Christos Ilioudis, Dimitrios Baltatzis, George Pangalos and Christos Georgiadis Abstract: Grid technologies promise to change the way that health organizations tackle complex problems by offering unprecedented opportunities for resource sharing and collaboration. Healthgrids are Grid infrastructures comprising applications, services or middleware components that deal with the specific problems arising in the processing of biomedical data. Resources in Healthgrids are databases, computing power, medical expertise and even medical devices. Securing this new environment in Health organizations is a major issue today. Security considerations and more specifically authorization decisions is a critical problem. Personal data is confidential, so access to the information must be restricted to authorized and authenticated persons. Furthermore data must be protected to guarantee its confidentiality and integrity. This work provides a suitable authorization mechanism that facilitates the usage of grid and agent technology in HealthGrid environments. More specifically, our approach applies the RBAC access control model for dynamically assigning security roles to visiting agents on hosts of the HealthGrid environment. Our methodology proposes a flexible role decomposition method, which facilitates the role assignment process. The role decomposition relies on a set of common Attribute Fields, shared between Grid’s hosts, filled with Attribute values that every host evaluates according to its security goals. In any case, every host participating in the grid retains its security policy without altering or compromising its security policy in order to participate in the agent exchange process. The proposed process and the related assignment algorithms have been experimentally implemented and applied in a typical health environment. The results have shown that the proposed framework is applicable and implementable, and can be applied successfully in real life health care environments. Title: PRACTICAL VERIFICATION OF UNTRUSTED TERMINALS USING REMOTE ATTESTATION Author(s): Simone Lupetti and Gianluca Dini Abstract: We present a technique based on Trusted Computing’s remote attestation to enable the user of a public terminal to determine whether its configuration can be considered trustworthy or not. In particular, we show how the user can verify the software status of an untrusted terminal and be securely informed about the outcome of the verification. We present two flavors of this technique, the first where the user makes use of a personal digital device with limited computing capabilities and a remote trusted server that performs the actual verification. In the second instead, the personal device is assumed to have enough computing power (as in the case of smart-phones and PDAs) to autonomously perform the verification procedure. Title: E-BUSINESS SECURITY DESIGN USING PROCESS SECURITY REQUIREMENTS SEPTET Author(s): S. Nachtigal Abstract: In the e-business environment, the traditional business models for information systems security are no longer appropriate, and fit neither the new organisational environment nor the new organisational security needs. Existing security tools and mechanisms, developed upon the traditional perimeter security paradigm, and based on hardware and software products, are not sufficient since they do not relate to specific parameters that characterise the business process. The modern business environment needs different security approach. Based on such a new approach, which is e-process security design paradigm, a methodology to provide security for an e-business organisation is presented here. The methodology makes use of the newly introduced security requirements septet for e-business process. Title: A SECURE JAILING SYSTEM FOR CONFINING UNTRUSTED APPLICATIONS Author(s): Guidovan’t Noordende, Adam Balogh, Rutger Hofman, Frances M.T. Brazier and Andrew S. Tanenbaum Abstract: System call interception based jailing is a well-known method for confining (sandboxing) untrusted binary applications. Existing systems that are implemented using standard UNIX debugging mechanisms are rendered insecure by several race conditions. This paper gives an overview of the most important threats to jailing systems, and presents novel mechanisms for implementing jailing securely on standard UNIX systems. We implemented these solutions on Linux, and achieve competitive performance compared to existing jailing systems. Performance results are provided for this implementation, and for an implementation that uses a special-purpose extension to the Linux kernel designed to improve performance of the jailing system. Title: IMPLEMENTATION AND EVALUATION OF NEW ILLEGAL COPY PROTECTION Protection Against Making a Illegal Copy of a Copy Author(s): Masaki Inamura and Toshiaki Tanaka Abstract: We propose a new method of illegal copy protection, which is adapted to digital contents delivery service, allows for legitimate users to make private copies on arbitrary terminals within the limited times, and requires no secure hardware. Using the method, we can realize two types of services; one is a client-server model over peer-to-peer network, and the other is a broadcast model over multicast network which is similar to existing broadcast. In this paper, we implement the proposed method and evaluate whether our method is feasible from the viewpoint of security and performance.