By Topic

Security Technology, 1991. Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on

Date 1-3 Oct. 1991

Filter Results

Displaying Results 1 - 25 of 50
  • Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on Security Technology (Cat. No.91CH3031-2)

    Save to Project icon | Request Permissions | PDF file iconPDF (21 KB)  
    Freely Available from IEEE
  • Distributed audit with secure remote procedure calls

    Page(s): 154 - 160
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (580 KB)  

    The authors have designed and implemented an experimental secure remote procedure call (RPC) mechanism and an RPC interface for a distributed audit mechanism running on AIX version 3 on the RISC System/6000. Based on the secure RPC mechanism and the network file system, the authors have designed and implemented a high-level, protocol-transparent interface for a distributed audit mechanism with centralized control. In addition, they implemented a user-friendly interface for distributed audit with Motif widgets on the X Window system. It is noted that the present experimental secure RPC shows a fairly simple alternative to building secure RPCs with an authentication protocol without modifying the RPC runtime and interface. Using RPCs not only significantly reduces the efforts for programming, but also bypasses several technical details such as replayed transactions, which are taken care of by RPC runtime View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure communication networks based on the public-key cryptosystem in GF(2m)

    Page(s): 120 - 125
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (424 KB)  

    The application of the Massey-Omura lock (MOL) to obtain data encryption and digital signatures in intelligent networks is discussed. MOL is a mathematical padlock based on field exponentiation in GF(2m) with normal basis representation. If a special mathematical MOL processor is available, the encryption-decryption rate can be accelerated significantly. Recent results on the analysis and realization of MOL are presented View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RETISS: a real time security system for threat detection using fuzzy logic

    Page(s): 161 - 167
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (500 KB)  

    A real-time security system (RETISS) for threat detection is described, pointing out security violations in the target system under control. RETISS is based on the hypothesis that a correlation exists between anomalous user behavior and threats. Security rules have been enforced to express this correlation and to detect and evaluate the probability of a given threat, based on the level of danger of the occurrences of the anomalies symptomatic for the threat. Levels of danger of all the anomalies are then fuzzy combined to express the probability of the threat. RETISS is independent of any particular system and application environment. Moreover, RETISS runs on a machine different from that of the target system in order to be protected against attacks from users of the target system View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer viruses: ways of reproduction in MS-DOS

    Page(s): 168 - 176
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (596 KB)  

    The methods used by computer viruses to reproduce themselves in IBM PC-compatibles operating under MS-DOS are studied. The results can be of use for classification of viruses and the creation of anti-virus tools. Viruses are examined under the following headings: irritating viruses, viruses that damage files, viruses that damage the file system and viruses that injure the hardware View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security subsystems application/evaluation guide in General Services Administration

    Page(s): 235 - 245
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (628 KB)  

    The US General Services Administration (GSA) provides physical security systems at GSA facilities to protect against burglary, theft, sabotage, espionage and attack. The security systems program entails systems analysis, design, installation and maintenance in GSA's facilities by engineers and technicians. GSA's physical security philosophy is to increase the time required to gain unauthorized access by providing one or more layers of protection. The authors describe the methodology used in developing application, selection, and evaluation criteria for security subsystems. The criteria are in a tabular format to assist security system program personnel in providing balanced and cost-effective systems that are acceptable to the facility and accommodates operational needs. The `Security Systems Design Guide', developed by GSA to assist security engineers in design and construction programming, is described View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A strategy for transforming public-key cryptosystems into identity-based cryptosystems

    Page(s): 68 - 72
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (288 KB)  

    Proposes a general strategy for modifying public-key cryptosystems such that public-key files are no longer necessary. Instead, the users' identity codes are used as the public keys. Their plaintexts are encrypted by using some public information and the receiver's identity code. The securities of the modified cryptosystems are shown to be as good as the securities of the original cryptosystems View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptographic authentication of passwords

    Page(s): 126 - 130
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (320 KB)  

    A password authentication scheme based on El Gamal's (1985) public key cryptosystem and signature scheme is proposed. This scheme permits each user to choose passwords and identities individually. The password is used as the user's secret key. Using the users public key and identity, the computer system can generate a set of test patterns and store them in a verification table. In the test pattern generation procedure, users do not need to submit their secret key. In the authentication procedure, the system does not need to use the system's secret key. Thus the system's secret key and users' secret key can be well protected View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A case study on hunting a brilliant hacker

    Page(s): 177 - 180
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (196 KB)  

    In December 1989, a computer intruder broke into the computer systems in Academia Sinica, Taipei. Instead of trying to keep the intruder out, the approach was taken of allowing him access and tracing his activities. Instead of using printers, personal computer and hard disk were used to record the intruder's activities. The trace was harder than expected; it took nearly two months. The search for the intruder was stopped for two reasons: the first was that he was not harmful-he only wanted free computer and communication resources; the second was that not much help could be obtained from the telecommunications bureau and security department View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Passive location of mobile cellular telephone terminals

    Page(s): 221 - 225
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (344 KB)  

    The strengths and weaknesses are discussed of various elements of possible methods for determining the location of cellular telephones using the North American AMPS (Advance Mobile Phone System) analog cellular telephone standard which require no modifications or assistance from the mobile units. Each element suffers from multipath effects and requires different levels of hardware addition at the cell sites. It is found that the combined use of interferometric and SAT (supervisory audio tone) tone ranging techniques may be useful for inferring the locations of mobile cellular telephones. The use of contours of constant field strength is less desirable because of variations between mobile units, variations in emissions from mobile units, and ambient environmental considerations. As with most UHF communications systems, multipath effects will afflict each of the location techniques discussed. Interference from mobile telephones operating in nearby cells on the same frequency as the target mobile telephone will be sources of corruption to the various measurements View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A private key cryptosystem based upon enforced random substitution scheme

    Page(s): 319 - 324
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (312 KB)  

    Proposes a private key cryptosystem in which a specially designed permutation table is used as an enciphering/deciphering key. By the permutation table, an enforced random substitution scheme substitutes the characters in a plaintext message. It is hard to guess the correct plaintext characters from known ciphertext characters. The secure measurement and some possible attacks on the proposed cryptosystem are also discussed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The cost of security

    Page(s): 192 - 196
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (240 KB)  

    The author proposes concepts that could help in assessing the economic impact of computer security measures. The Parker-Benson mode is considered, and attention is given to such issues as the broadening of cost-benefit analysis (CBA) and information vs. security economics. It is concluded that it is possible to afford the difficult task of demonstrating the cost-effectiveness of security measures by broadening traditional CBA techniques. It is suggested that a new approach to security is necessary. Preventive, detective, and corrective measures should not be regarded as a further burden. Very often, they characterize the uniqueness of a processor or a product with respect to its competitors View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An efficient probabilistic public-key block encryption and signature scheme based on El-Gamal's scheme

    Page(s): 145 - 148
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (216 KB)  

    A modified El Gamal scheme is presented which provides both secrecy and signature simultaneously with a high information rate of w/w+2, where w is a predetermined number of plaintext blocks to be sent. The scheme provides a better information rate than the original El Gamal scheme does, and thus is very efficient to use in secure data communications. The security of the scheme depends on the difficulty of solving the discrete logarithms View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A topology-based matching algorithm for fingerprint authentication

    Page(s): 84 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (284 KB)  

    A proper representation of the ridge pattern on a fingerprint is addressed. The representation must be such that it supports fingerprint matching. A nonink fingerprint input device using an optical prism is considered. A ridge pattern based on a structural model of minutiae is developed. Finally, a fingerprint matching method via tree matching is given. This method is shown to be invariant under translation and rotation, and it does not depend on the use of a prespecified core point. Experimental results indicate that this matching method is quite feasible. However, minutiae associated with whorls and noisy regions are troublesome and unstable View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Utilization of high-power microwave sources in electronic sabotage and terrorism

    Page(s): 16 - 20
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (308 KB)  

    High-power microwave (HPM) sources have been under investigation for several years as potential weapons for a variety of sabotage, terrorism, counter-security system, and combat applications. The key points to recognize are the insidious nature of HPM and the many areas in which it can impact on security technology. Computers and other equipment can be damaged without user recognition of the cause. HPM has the capability to penetrate not only radio front-ends but also the most minute shielding penetrations throughout the equipment. The potential exists for significant damage to security and other devices and circuits, and even injury to humans. Different HPM threats are described and specific protective measures are outlined View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An optical fiber multisensor network for security applications

    Page(s): 271 - 280
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (372 KB)  

    Reports an investigation of the performance of an optical fiber multisensor network using a simple frequency-domain multiplexing technique. The major limitation of this system is phase-error-induced crosstalk. Theory suggests that this error can be minimized by carefully designing the operational parameters (sensor loop lengths and modulation frequencies) to make the determinant of the operation matrix large. This has been experimentally demonstrated. For a security network monitoring a wide area, one wants to use a larger number of sensors in a system. The proposed method to minimize crosstalk makes this feasible, so that the system will be more practical for actual applications View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Yet another approach for secure broadcasting based upon single key concept

    Page(s): 47 - 54
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (312 KB)  

    Proposes a cryptosystem to solve the problem of broadcasting in a network. The cryptosystem has the following advantages: (1) only one ciphertext is sent out; (2) the operation of enciphering is performed only once; (3) the keys which are held by each user are the same as those of a public key cryptosystem: (4) the length of ciphertext is shorter than that previously proposed; (5) the sender can arbitrarily select the receivers who are requested to know the message: (6) digital signatures can easily be implemented: and (7) the security of the cryptosystem is the same as that of the RSA scheme View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trends towards the optimum danger detection system

    Page(s): 253 - 260
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (812 KB)  

    Based on examples of fire and intrusion detection systems, the author discusses current developments and trends for improving detection techniques in order to overcome the problems of deceptive alarms. Trends in the direction of improved aesthetics of danger detection systems, particularly the miniaturization of detectors and wireless transmission are also covered. Finally, the issues of reliability and product costs are addressed. Together, these topics represent the main directions towards an optimum danger detection system View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A single-frequency duplex/multiplex security communication system

    Page(s): 231 - 234
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (288 KB)  

    A full duplex/multiplex security communication system with single radio carrier frequency is described. Totally different from traditional simplex or double-frequency-full-duplex radio techniques, this novel communication system utilizes time compression and expansion techniques and uses the idea of time slot allocation for multiplexing. By this scheme, full-duplex/multiplex communication system can be established on a single carrier frequency. With conventional radio techniques, it will be quite complicated to establish a full triplex or quadruplex communication system. With the proposed scheme, it is not difficult to implement this kind of system. The intrinsic security characteristic of this system is attractive. The signal compression algorithms provide various levels of security. Segmenting time slots and synchronizing signals provide another level of complexity View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluation of General Services Administration's risk assessment methodology

    Page(s): 325 - 332
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (280 KB)  

    Security surveys must identify and consider any possible risk factors which might affect the security of a building, its tenants, and/or contents. Utilizing these factors and available office automation, spreadsheet software an algorithm called the risk assessment matrix (RAM) was developed to calculate risk levels associated with the characteristics of the building, resulting in generation of reports on recommended countermeasures and cost summaries for the recommended countermeasures. The authors describe the results of the evaluation of RAM in terms of the complexity of its methodology, adequacy of threat and target assessment, and protection system adequacy assessment. The evaluation results should assist management in objectively allocating resources to those areas where risk is greatest View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Threshold identification

    Page(s): 73 - 76
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (224 KB)  

    In many applications, one needs to identify a user's organization rather than his individual identity. A threshold identification scheme is a scheme in which the proof of the group identity can be identified if the members in the group who agree to prove their group identity anonymously is larger than tg(⩽n, the total number of the members). In this paper, the authors propose a threshold identification scheme based on the El Gamal signature scheme and the Schnorr identification scheme. The proposed scheme is secure under the assumption that computing the discrete logarithm is infeasible. When the threshold value of a group is chosen as one, the threshold identification is a member authentication scheme View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Public-key ID-based cryptosystem

    Page(s): 142 - 144
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (156 KB)  

    It is shown how a chosen-public-key attack can compromise the ID-based cryptosystem of S. Tsujii and T. Itoh (1989), as well as most of the existing public-key cryptosystems. The authors present a scheme which can withstand the chosen-public-key attack, based on the concept of an cryptosystem. The security of the scheme is equivalent to factoring the product of two large primes or solving the discrete logarithm problem. It enciphers data using the receiver's ID directly without the help of a third party View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A new cryptosystem using matrix transformation

    Page(s): 131 - 138
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (412 KB)  

    An improvement of the Hill cipher is proposed. In the Hill cipher, a randomly generated nonsingular matrix is used as an encryption key, and the inverse of the matrix is used as the decryption key. The weakness of Hill cipher is that the matrix may be revealed under known-plaintext attack. In the proposed cryptosystem a plaintext message is first partitioned into some suitable length of blocks and each block b concatenates with a random string r and a special control symbol c as r.||c||.b The new string is converted to a vector. The components of the vector are positive integers. To overcome the drawbacks of the Hill cipher, a more secure number system with different bases and an enforced transformation of the enciphering matrix are provided View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identification of data, devices, documents and individuals

    Page(s): 197 - 218
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1660 KB)  

    The author mainly examines the information integrity aspects of the problem of identification, although some of the applications are primarily concerned with the physical aspects of identification. He is concerned with indirect identification, where the verifier (who may be either a person or a device) is dependent on information provided by the object of the identification (who again may be either a person or a device) and perhaps some supplemental information from another source. Aspects of the identification of individuals, devices, and documents are examined, with appropriate protocols given View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A seal imprint processing system for telephone customers' transaction

    Page(s): 100 - 103
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (252 KB)  

    Image processing, verification, and compression techniques are integrated to construct a telephone customer maintenance subsystem in which a legitimate transaction is carried out after the step of verifying the genuineness of the seal imprint on the request form. The key contents includes a distance or similarity metric, matching algorithm, and seal coding. The distance or similarity measure between seals is based on a generalized Euclidean distance which is insensitive to stroke width, minor spatial deformation, broken lines, etc. A block Huffman coding technique is used to reduce the storage of seal imprints. A reasonably good identification rate and 40% storage reduction of sample seals demonstrate that the proposed approach is effective. A 58% storage reduction can be attained when a flexible arithmetic coding method is used View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.