By Topic

Internet Security (WorldCIS), 2011 World Congress on

Date 21-23 Feb. 2011

Filter Results

Displaying Results 1 - 25 of 64
  • [Front cover]

    Publication Year: 2011, Page(s): c1
    IEEE is not the copyright holder of this material | PDF file iconPDF (15 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2011, Page(s): 2
    IEEE is not the copyright holder of this material | PDF file iconPDF (20 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s):3 - 6
    IEEE is not the copyright holder of this material | PDF file iconPDF (35 KB)
    Freely Available from IEEE
  • Session 1: Internet security

    Publication Year: 2011, Page(s): 8
    IEEE is not the copyright holder of this material | PDF file iconPDF (22 KB)
    Freely Available from IEEE
  • A novel network platform for secure and efficient malware collection based on reconfigurable hardware logic

    Publication Year: 2011, Page(s):9 - 14
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (750 KB) | HTML iconHTML

    With the growing diversity of malware, researchers must be able to quickly collect many representative samples for study. This can be done, e.g., by using honeypots. As an alternative to software-based honeypots, we propose a singlechip honeypot appliance that is entirely hardware-based and thus significantly more resilient against compromising attacks. Additionally, it can easily keep up with net... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform

    Publication Year: 2011, Page(s):15 - 20
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    DDoS attacks are one of the top security problems affecting networks and disrupting services to legitimate users. The first vital step in dealing with this problem is the network's ability to detect such attacks. To that end, it is important that an intrusion detection mechanism be able to differentiate between real DDoS traffic and Flash Crowds traffic, the latter of which constitutes sudden burs... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Assessing the Portuguese Web applications security

    Publication Year: 2011, Page(s):21 - 26
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (281 KB) | HTML iconHTML

    Portugal has recently deployed an important number of governmental services to the World Wide Web. Concurrently, major services in Universities, Health Care, and most Public entities are also following this trend. For 2011, the Portuguese government will take these measures even further in the scope of a technological upgrade plan for Portugal. This will make Web applications, more than ever, one ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 2: Middleware support for networking

    Publication Year: 2011, Page(s): 27
    IEEE is not the copyright holder of this material | PDF file iconPDF (22 KB)
    Freely Available from IEEE
  • An AODE-based intrusion detection system for computer networks

    Publication Year: 2011, Page(s):28 - 35
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (697 KB) | HTML iconHTML

    Detecting anomalous traffic on the Internet has remained an issue of concern for the community of security researchers over the years. Advances in computing performance, in terms of processing power and storage, have allowed the use of resource-intensive intelligent algorithms, to detect intrusive activities, in a timely manner. Naïve Bayes is a statistical inference learning algorithm wit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Autonomous agents for Testing and Verification of Softwares after Deployment over Network

    Publication Year: 2011, Page(s):36 - 41
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (227 KB) | HTML iconHTML

    Setting up the software in the distributed environments has become an essential undertaking, and on the other hand, keep an eye on the reliability and the usability of software during its operational state is a crucial part. For this purpose organizations hire a person whose responsibility is to ensure the malicious state of software which is hectic, time consuming and incurs cost. In this era, Ag... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Self-organizing feature maps for User-to-Root and Remote-to-Local network intrusion detection on the KDD Cup 1999 dataset

    Publication Year: 2011, Page(s):42 - 47
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (136 KB) | HTML iconHTML

    The problem of network intrusion detection is one that is ever-changing, ever-evolving, and is always in need of improvement. Society-at-large relies on computer networks everyday for tasks ranging from online banking to e-commerce, social networking, news, gambling, and just about anything else. As such, society demands that these networks remain secure. In order to maintain security the systems ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 3: Security, trust and privacy

    Publication Year: 2011, Page(s): 48
    IEEE is not the copyright holder of this material | PDF file iconPDF (21 KB)
    Freely Available from IEEE
  • Internet-based management and consumption of digital assets

    Publication Year: 2011, Page(s):49 - 53
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (90 KB) | HTML iconHTML

    The selling and buying of digital products via Internet not only saves business cost and time, but also makes it possible for us to control the usage of media remotely by the interaction between the client and server. The digital content is encrypted and packed with the client controller program into an all-in-one package. When the client opens the package, controller program starts to run, access... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The concept of Secure Mobile Wallet

    Publication Year: 2011, Page(s):54 - 58
    Cited by:  Papers (1)
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (65 KB) | HTML iconHTML

    This paper describes our concept, design and current implementation of the Secure Mobile Wallet. Mobile Wallet is an application stored in mobile phones providing to subscribers the possibility to perform various mobile financial transactions. In our approach Secure Mobile Wallet is stored and running in the Javacard SIM chip, called UICC. It comprises several Javacard applets supporting several t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A new and efficient approach to protect AES against differential power analysis

    Publication Year: 2011, Page(s):59 - 66
    Cited by:  Papers (1)
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (361 KB) | HTML iconHTML

    Developed by Paul Kocher, Joshua Jaffe, and Benjamin Jun in 1999, Differential Power Analysis (DPA) represents a unique and powerful cryptanalysis technique. Insight into the encryption and decryption behavior of a cryptographic device can be determined by examining its electrical power signature. This paper describes a novel approach for implementation of the AES algorithm which provides a signif... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 4: Cryptography

    Publication Year: 2011, Page(s): 67
    IEEE is not the copyright holder of this material | PDF file iconPDF (22 KB)
    Freely Available from IEEE
  • Simple power analysis attacks using chosen message against ECC hardware implementations

    Publication Year: 2011, Page(s):68 - 72
    Cited by:  Papers (1)
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (122 KB) | HTML iconHTML

    Chosen-message simple power analysis (SPA) attacks were powerful against public-key cryptosystem based on modular exponentiation, due to the special results of modular square and modular multiplication for input pair X and - X. However, the characteristics can not be applied to public-key cryptosystems based on scalar multiplications. This paper proposes novel chosen-message side-channel analysis ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hardware implementation of arithmetic for elliptic curve cryptosystems over GF(2m)

    Publication Year: 2011, Page(s):73 - 78
    Cited by:  Papers (1)
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (944 KB) | HTML iconHTML

    The Elliptic Curve Cryptography covers all relevant asymmetric cryptographic primitives like digital signatures and key agreement algorithms. In the present work, we develop a design of elliptic curve operations over binary Fields GF(2m). The function used for this purpose is the scalar multiplication kP which is the core operation of ECCs. Where k is an integer and P is a point on an e... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Removing directory servers from anonymous communication systems using ID-Based Encryption to improve scalability

    Publication Year: 2011, Page(s):79 - 84
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (176 KB) | HTML iconHTML

    Since the problem of disclosing personal information on the Internet continues to increase, many anonymous communication systems have been studied. Such systems usually use directory servers to manage public keys of participant nodes. However, this reduces anonymity because the query messages for the directory servers can give adversaries route information of anonymous communication channels. To s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 5: Data security

    Publication Year: 2011, Page(s): 85
    IEEE is not the copyright holder of this material | PDF file iconPDF (21 KB)
    Freely Available from IEEE
  • Security extensions of Windows environment based on FIPS 201 (PIV) smart card

    Publication Year: 2011, Page(s):86 - 92
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    This paper describes security extensions of various Windows components based on usage of FIPS 201 (PIV) smart cards. Compared to some other similar solutions, this system has two significant advantages: first, smart cards are based on FIPS 201 standard and not on some proprietary technology; second, smart card security extensions represent an integrated solution, so the same card is used for secur... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Giving you back control of your data digital signing practical issues and the eCert solution

    Publication Year: 2011, Page(s):93 - 99
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (209 KB) | HTML iconHTML

    As technologies develop rapidly, digital signing is commonly used in eDocument security. However, unaddressed issues exist. An eCertificate system represents the problem situation, and therefore is being used as case study, in a project called eCert, to research for the solution. This paper addresses these issues, explores the gap between current tools and the desired system, through analysis of t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A survey of static software watermarking

    Publication Year: 2011, Page(s):100 - 107
    Cited by:  Papers (1)
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (649 KB) | HTML iconHTML

    Software watermarks, which can be used to identify the intellectual property owner of a piece software, are broadly divided into two categories: static and dynamic. Static watermarks are embedded in the code and/or data of a computer program, whereas dynamic watermarking techniques store a watermark in a program's execution state. In this paper, we present a survey of the known static software wat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 6: Software architectures

    Publication Year: 2011, Page(s): 108
    IEEE is not the copyright holder of this material | PDF file iconPDF (22 KB)
    Freely Available from IEEE
  • A software application to analyze the effects of temporal and environmental metrics on overall CVSS v2 score

    Publication Year: 2011, Page(s):109 - 113
    IEEE is not the copyright holder of this material | Click to expandAbstract | PDF file iconPDF (65 KB) | HTML iconHTML

    The Common Vulnerability Scoring System (CVSS) is an emerging standard for scoring the impact of vulnerabilities. The CVSS base score has been widely adopted by the industry as a framework for exchanging general vulnerability information, while CVSS temporal and environmental scores, which estimate the effect of vulnerabilities within specific environments, is yet to become part of routine IT risk... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.