Abstract: The upcoming deployment of vehicular ad-hoc networks does not only facilitate novel telematics applications, but also poses strong requirements on security. Especially the adoption of active safety applications may raise new threats to road safety if security issues are not properly handled, thus thwarting their initial purpose. In this paper, a special active safety application is considered that enables cooperative fore sighted driving through the exchange of local danger warnings, which are based on individual observations and refer to the current road condition. From a security point of view, the decision whether or not such an application should rely on a reported hazard, is a crucial issue, which cannot be completely protected by conventional security measures. We propose an additional security mechanism based on an information centric evaluation of the plausibility of received hazard messages. We developed four decision methods, which are based on voting schemes, and evaluated them by simulation using two attacks trying to manipulate the decision process by distributing false information. Our results indicate that the proposed information centric evaluation of remote observations is a reasonable means to increase the stability and security of a cooperative local danger warning service

Abstract: Securing wireless channels necessitates authenticating communication partners. For spontaneous interaction, authentication must be efficient and intuitive. One approach to create interaction and authentication methods that scale to using hundreds of services throughout the day is to rely on personal, trusted, mobile devices to interact with the environment. Authenticating the resulting device-to-device interactions requires an out-of-band channel that is verifiable by the user. We present a protocol for creating such an out-of-band channel with visible laser light that is secure against man-in-the-middle attacks even when the laser transmission is not confidential. A prototype implementation shows that an appropriate laser channel can be constructed with simple off-the-shelf components

Abstract: Remote electronic voting over the Internet is a promising concept to afford convenience to voters and to increase election turnouts. However, before employing electronic voting systems in regular elections, problems such as coercion and vote selling have to be solved. Juels, Catalano and Jakobsson introduced a strong security requirement that deals with theses concerns. Coercion resistance improves on the former security notion of receipt freeness by taking additional real-life threats into account. In this paper, we present a coercion-resistant election scheme with a linear work factor. The scheme is based on the previous proposal of Juels et al., which exhibited a quadratic work factor, and employs Smith's idea to achieve a speedup to linear work. It, however, overcomes the drawbacks of these preceding solutions. We also present an evaluation of the scheme and identify the drawbacks and the real world aspects related to the scheme

Abstract: As aging and very expensive programs put more pressure on health and social care systems, an increase in the need for electronic healthcare records can be observed, because they promise massive savings and better clinical quality. However, patients and commissioners for data protection have legitimate concerns about the privacy and confidentiality of the stored data. Although the concept of pseudonymization allows an association with a patient only under specified and controlled circumstances, existing approaches have major vulnerabilities. This paper provides a new architecture for the pseudonymization of medical data that combines primary and secondary use in one system and thus provides a solution to vulnerabilities of existing approaches

Abstract: Trust is inherently related to risk, but for trust assessment to be integrated with the management of the risks involved in trust based cooperation, the exact relation must be well understood. Existing literature on trust management is neither clear nor unambiguous on this issue. This paper discusses notions of trust as presented within the disciplines of sociology and economics for the purpose of motivating trust management. A critical survey of state of the art literature on trust management is provided, where weaknesses and ambiguities with respect to clarifying the notion of trust are discussed. An analysis and explanation of the exact relationship between risk and trust is presented, and implications of the subjectivity of trust relations are accounted for

Abstract: We present a pattern system/or security requirements engineering, consisting of security problem frames and concretized security problem frames. These are special kinds of problem frames that serve to structure, characterize, analyze, and finally solve software development problems in the area of software and system security. We equip each frame with formal preconditions and postconditions. The analysis of these conditions results in a pattern system that explicitly shows the dependencies between the different frames. Moreover, we indicate related frames, which are commonly used together with the considered frame. Hence, our approach helps security engineers to avoid omissions and to cover all security requirements that are relevant for a given problem

Abstract: Node compromise is a serious threat in wireless sensor networks. An adversary can use compromised nodes to inject false data into the network forging events to deceive the base station. Furthermore, an adversary can cause serious damage by injecting a large amount of false messages to deplete the scarce energy resources of the forwarding en-route sensor nodes. In this paper, we propose a secure ticket-based en-route filtering scheme (STEF) that drops false messages en-route. We propose a ticket concept where reply messages are only forwarded if they contain a valid ticket originally issued by the base station. Messages containing no ticket, or an replayed ticket, are immediately filtered out by not compromised sensor nodes. The ticket concept is based on lightweight one-way functions. This enables every en-route node to verify the tickets. Furthermore, our scheme does not need symmetric key sharing between message generating nodes and en-route nodes, which results in a high resiliency against node compromises. Our security and performance analysis shows that STEF provides a high security level and is very efficient in saving energy. Furthermore, the required storage capacity on the sensor nodes is very low

Abstract: Online shopping using electronic payment scheme has gained a lot of popularity in recent years. In an electronic payment scheme using normal credit cards there is no way to genuinely identify owner of the credit card. Credit card fraud is the fastest growing crime all over the world. Any effort to plug the security hole especially for online payment is considered worthwhile. RFID enabled credit cards are becoming increasingly popular as contactless credit cards. We envision a future where RFID credit cards will be used for online shopping. RFID system has tremendous potential to render electronic payments more secure than normal credit cards. The word RFID enabled credit cards may bring in mixed passion, enthusiasm and perhaps even rage! This is partly paranoia and partly reality. The reality is that an intruder can read RFID cards without the user even noticing it. This brings in a zone of discomfort and leads to paranoia. Certain interactivity should exist to bring back this comfort to the user. This paper tries to make an effort in that direction. In this paper we propose mobile phone based architecture for secured electronic payments using RFID credit cards

Abstract: Identity theft through phishing attacks has become a major concern for Internet users. Typically, phishing attacks aim at luring the user to a faked Web site to disclose personal information. Existing solutions proposed against this kind of attack can, however, hardly counter the new generation of sophisticated malware phishing attacks, e.g., pharming Trojans, designed to target certain services. This paper aims at making the first steps towards the design and implementation of a security architecture that prevents both classical and malware phishing attacks. Our approach is based on the ideas of compartmentalization for isolating applications of different trust level, and a trusted wallet for storing credentials and authenticating sensitive services. Once the wallet has been setup in an initial step, our solution requires no special care from users for identifying the right Web sites while the disclosure of credentials is strictly controlled. Moreover, a prototype of the basic platform exists and we briefly describe its implementation

Abstract: Privacy appears as a major issue for pervasive computing applications. Several models have been proposed to address privacy challenges. Successful design requires awareness of the technology's users and that their desires and concerns are understood. This is difficult as few empirical researches exist about potential pervasive users that designers can use. Complicating design further is the fact that pervasive systems are typically embedded or invisible, making it difficult for users to know when these devices are present and collecting data. As users have a limited understanding of the technology several privacy, design, and safety issues are raised. This paper discusses how privacy might be preserved in a pervasive computing environment. It presents some research developments in these areas to address privacy concerns. Open issues and challenges are also examined

Abstract: The formidable difficulty in securing systems stems in large part from the increasing complexity of the systems we build but also the degree to which we now depend on information systems. Complex systems cannot be fully verified under all possible conditions. Self cleansing intrusion tolerance (SCIT) servers go through periodic cleaning. SCIT can be used to create secure and robust cluster of servers without the impossible requirement of having perfect security on each server in the cluster. In this paper, we identify six SCIT security primitives that must be satisfied. We present a SCIT hardware enhanced (SCIT/HES) implementation that guarantees the incorruptibility of SCIT operations

Abstract: Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how to prevent them. In this paper we present a process for software security that is based on vulnerability cause graphs, a formalism we have developed for modeling the causes of software vulnerabilities. The purpose of the software security process is to evolve the software development process so that vulnerabilities are prevented. The process we present differs from most current approaches to software security in its high degree of adaptability and in its ability to evolve in step with changing threats and risks. This paper focuses on how to apply the process and the criteria that have influenced the process design

Abstract: Radio frequency identification (RFID) technologies have been used by the military to gain in-transit visibility and improve inventory management. The advantages of using RFID to track assets over using barcode have been broadly recognized. However, recent research has proven that RFID is vulnerable to attacks. This brings a challenge at a time when RFID systems are being employed in various applications, including military supply chain systems. In this paper, underlying vulnerabilities of RFID system are analyzed, different attacks that can be made against RFID system are illustrated, and countermeasures against the attacks are recommended. The objective of this article is to secure military logistics by identifying the common threats to RFID systems

Abstract: The effectiveness of current anti-spam systems is limited by the ability of spammers to adapt to new filtering techniques and the lack of incentive for mail domains to filter outgoing spam. This paper describes a new approach to spam protection based on distributed trust management. This is motivated by the fact that the SMTP mail infrastructure is managed in a distributed way by a community of mail domain administrators. A trust overlay architecture and a new protocol is presented. The TOP AS protocol specifies how experiences and recommendations are communicated between a spam filter at each mail domain and its associated trust manager, and between trust managers of different mail servers. A technique for improving mail filtering using these trust measures is also described. Initial simulations indicate the potential of this approach to improve rates of false positives and false negatives in anti-spam systems

Abstract: In previous approaches, it's generally assumed that all radio frequency identification (RFID) tags belong to a single RFID domain system (we name this as RFID single domain system). To date, most researches in the RFID single domain system have been on authentication protocols against a variety of attacks. This paper considers the security and privacy problems regarding that RFID tags used by different two or more RFID domains (we name this as RFID multi-domain system). We divided the security and privacy mechanisms in RFID multi-domain system into 3 conceptual parts: RFID forehand system security, RFID backend system security, and RFID inter-domain system security. First, we review RFID forehand and backend system security issues. Second, we present a security framework in RFID multi-domain system. Third, we propose and evaluate authentication and authorization for RFID inter-domain system with a case study

Abstract: The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies - potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules - easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies

Abstract: Only the most trivial computer system can be expected to meet its requirements if those requirements are not specified. Despite the widespread use of electronic voting (evoting), no requirements catalogue exists that expresses the requirements for evoting systems with enough precision to be checkable. Nor do existing catalogues take evaluation techniques and certification procedures into account. This paper takes the first step towards the development of a new catalogue with corresponding assessment procedures, concentrating on a strict subset of evoting systems

Abstract: Dependable mobile ad-hoc networks are being designed to provide reliable and continuous service despite the failure of some of their components. One of the basic building blocks that have been identified for such fault tolerant systems is the failure detection service which aims at providing some information on which hosts have crashed. In this paper, we present a new implementation of a failure detection service for wireless ad-hoc and sensor systems that is based on an adaptation of a gossip-style failure detection protocol and the heartbeat failure detector. We show that our failure detector is eventually perfect - that is, it satisfies both properties: strong completeness and eventual strong accuracy. Strong completeness means that there is a time after which every faulty mobile is permanently suspected by every fault-free host. While, eventual strong accuracy refers to the fact that no host will be suspected before it crashes

Abstract: We propose a hybrid trust model for enhancing security in distributed applications by combining the "hard" and "soft" trust relationships. The motivation is to compensate for the drawbacks associated with individual hard trust and soft trust models. We develop a formal hybrid trust model for specifying the hybrid trust relationships and associated operations. The new model provides a flexible way for specifying the security relevant trust requirements which compensate the drawbacks of the individual trust models while preserving their advantages. We provide application guidelines on how the hybrid trust relationships can be applied to achieve mutual improvements between the individual models

Abstract: This paper first discusses security issues for data warehousing. In particular, issues on building a secure data warehouse, secure data warehousing technologies as well as design issues are discussed. Our design of a secure data warehouse that enforces an extended RBAC policy is described next. Finally directions for secure data warehouses are discussed

Abstract: Security represents a crucial aspect in the development of data warehouses (DWs), since they contain confidential data. It becomes therefore necessary to specify security and audit requirements for the multidimensional modelling, that cannot be directly transferred to the relational model of the DW. The standard framework for software development model driven architecture (MDA) allows us to define transformations between models by proposing query/view/transformations (QVT). This proposal allows the definition of formal, elegant and unequivocal transformations between platform independent model (PIM) and platform specific model (PSM). This paper employs QVT to establish a set of relations that allows us to transform security information embedded in the DWs multidimensional conceptual model to a relational logical scheme

Abstract: The catchword "compliance" dominates the actual debate about identity management and information security like few before. Companies need to comply with a variety of internal and external standards and regulations like the US SOX Act. Identity management is seen as a main provider of compliance in modern companies. However, its organisational aspects are underestimated in many projects, lacking a comprehensive approach to introduce in-house identity management. This work is based on the experiences gained from industry projects using identity management functionalities to strengthen security and to reach a high level of compliance. We develop a structured process-oriented methodology for introducing an identity management infrastructure for organisations using drivers from IT security management to evaluate, rank, and implement subprojects. The methodology consists of an iterative process which enables even large and unstructured organisations to reach a suitable and profitable level of identity management by emphasising on organisational aspects rather than taking a merely technical approach

Abstract: As session initiation protocol is becoming widely used for the current IP telephony services due to its simplicity and powerful functions, vulnerabilities it exposes make it susceptible to various attacks especially signal based SIP-specific attacks. Based on the security issues of SIP, in this paper, we propose the design of an intrusion detection system combined with misuse and anomaly detection for these threats by a feedback mechanism. A timed HCPN model is utilized and suited to drive and simulate the IDS for SIP with four machines. Also some detection solutions for specific attacks are provided like two recall methods for CANCEL attack and so on

Abstract: This paper presents the study of structural cohesion which is discussed in social network analysis (SNA), but can also be used in several other important application areas including investigative data mining for destabilizing terrorist networks. Structural cohesion is defined as the number of actors who, if removed from a group, would disconnect the group. In this paper we discuss structural cohesion concepts, such as cliques, n-cliques, n-clans and k-plex to determine familiarity, robustness and reachability within subgroups of the 9/11 terrorist network. Moreover we also propose a methodology of detecting critical regions in covert networks; removing/capturing those nodes will disrupt most of the network

Abstract: Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development

Abstract: E-democracy is a necessity in this era of computers and information technology. E-voting is one of the most significant parts of e-democracy, which refers to the use of computers or computerized voting equipment to cast ballots in an election. This is a study on e-voting requirements specifically pointing out its implementation in Turkey. Nowadays, the Turkish Government has begun to test an e-voting system, which has been developed by a private company for Turkish electoral needs. Since there is neither technical nor academic comprehensive documentation available regarding the system, we are not sure about that it may or may not be a satisfactory solution to Turkish electoral needs. The aim of this paper is to define an extensive set of requirements that any e-voting system, which is planned to be used instead of paper-based voting system in the countries that have representative democracy so as in Turkey, should satisfy

Abstract: Adding security functions in existing Web application servers is now vital for the IS of companies and organizations. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With aspect-oriented programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS) that are common attacks in Web servers. We experiment this aspect with the AspectJ language and the JBoss AOP framework. With this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP

Abstract: The stability of a virtual organization breeding environment (VBE) requires the right balance of trust level among its members. Particularly for industry-based large-size VBEs and considering the global economy, organizations are now faced with the growing: value of information, uncertainties, and risks surrounding most businesses. As a result, creating a virtual organization (VO) within the VBE environment is becoming challenging and difficult. Establishing trust relationships among organizations in the VBE is now a promising facilitator for fluid VO creations. A priori to establishing trust relationships among member organizations however, trust levels of involved organizations must be properly assessed. In order to properly assess trust level of organizations in VBEs, trust elements and trust relationships must be thoroughly characterized. This paper presents a three-stage approach for identifying and analyzing trust elements. It also presents the general trust elements for three main trust objectives in VBEs, namely for creating trust: among VBE members, of the member to the VBE administration, and of the external stakeholder (e.g., a customer) to the VBE

Abstract: The telecommunications environment is evolving into next generation networks (NGN). On an NGN, telecommunications services are recreated on IP networks, this creates a demand on standardization bodies to adapt and meet the needs of these emerging networks. Securing the service environment for eBusiness and the underlying network are crucial areas cited in the eEurope action plan. Standardization provides an important means for securing the NGN and establishing trust in its services and infrastructure in order to enable the development of modern public services. In response to this, we have developed a threat, vulnerability and risk assessment (eTVRA) method and tool for use in standardisation. Using the eTVRA method and tool, the threats to NGNs can be analyzed and a set of recommended countermeasures identified that when implemented will reduce the overall risk to users of NGNs. In this paper we present the eTVRA method and tool along with the results of its application to the use of enhanced number (ENUM) (Eastlake, 1999) and SIP (Rosenberg et al., 2002) in the NGN