By Topic

Network and Information Systems Security (SAR-SSI), 2011 Conference on

Date 18-21 May 2011

Filter Results

Displaying Results 1 - 25 of 44
  • [Title page]

    Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (67 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Page(s): ii
    Save to Project icon | Request Permissions | PDF file iconPDF (114 KB)  
    Freely Available from IEEE
  • Foreward

    Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (78 KB)  
    Freely Available from IEEE
  • Conference Committee

    Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (86 KB)  
    Freely Available from IEEE
  • Technical Program Committee Members/Reviewers

    Page(s): v
    Save to Project icon | Request Permissions | PDF file iconPDF (68 KB)  
    Freely Available from IEEE
  • Sponsors

    Page(s): vi
    Save to Project icon | Request Permissions | PDF file iconPDF (114 KB)  
    Freely Available from IEEE
  • A First Approach to Detect Suspicious Peers in the KAD P2P Network

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (369 KB) |  | HTML iconHTML  

    Several large scale P2P networks are based on a distributed hash table. They all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, DDoS, pollution, etc.). However, no study so far considered the actual deployment of such attacks. We propose a first approach to detect suspicious peers in the KAD P2P network. First, we describe and evaluate our crawler which can get an accurate view of the network. Then, we analyze the distances between the peers and the contents indexed in the DHT to detect suspicious peers. Our results show that hundreds of KAD entries are clearly under attack during our measurements. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Framework Using IBC Achieving Non-Repudiation and Privacy in Vehicular Network

    Page(s): 1 - 6
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (514 KB) |  | HTML iconHTML  

    In vehicular communications, a balance between privacy and anonymity from one side and responsibility and non repudiation from the other side is very important. In this paper, a security framework for VANETs to achieve privacy and non-repudiation is proposed. We present the safety requirements in the context of accident and reporting problem. We build a platform to provide security to safety messages in an accident scenario based on Identity-based cryptography (IBC). An analytical evaluation and performance measurement are achieved to validate this platform. This study confirms that identity-based cryptography and elliptic curves are very useful to make light communications. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A New Convergent Identity System Based on EAP-TLS Smart Cards

    Page(s): 1 - 6
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (467 KB) |  | HTML iconHTML  

    This paper presents a new identity system, named SSL-Identity, working with EAP-TLS smart cards. It details an innovative technology based on tiny SSL stacks deployed in billions of such devices embedded in USB dongles or mobile phones, and comments first experimental results. SSL-Identity is convergent because it works in fixed and mobile environment. It claims a strong mutual authentication between user and authentication server. We present the identity lifecycle in which a secure device is manufactured and then linked to one or several user's identities. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Novel Traceback Approach for Direct and Reflected ICMP Attacks

    Page(s): 1 - 5
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (347 KB) |  | HTML iconHTML  

    Different approaches have been proposed to locate the source of a denial of service attack, but these techniques are unable to traceback the source of a reflective attack e.g. SMURF attack. They need a large amount of packets to traceback direct attacks. We propose in this study a new approach based on the behavior of the ICMP protocol. Our approach locates the source of a direct and a reflective ICMP denial of service attacks, using few attack packets. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Posterior Distribution for Anti-Spam Bayesian Statistical Model

    Page(s): 1 - 6
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (180 KB) |  | HTML iconHTML  

    This paper deals with Bayesian models applied to anti-spam. In our previous work involved in mathematically modeling the behavior of spam, we worked on defining the priors distributions that summarize the behavior of spam. In this paper, taking into account certain priors distributions and we define the posterior distributions that summarize the probability that a received message is spam. These laws a priori and a posteriori certainly help improve the spam detection and increase the reliability decision. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Risk Propagation Based Quantitative Assessment Methodology for Network Security - Aeronautical Network Case Study

    Page(s): 1 - 9
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (567 KB) |  | HTML iconHTML  

    Recently, risk assessment has been considered as an essential technique in evaluating the security of network information systems. Many proposals have been made in this area in order to provide new approaches to allow administrators and engineers to analyze the impact of any attack that could target their systems. Nevertheless, there is a lack of quantitative techniques and methods which take into account the inherent characteristics of a network such as interconnection between nodes. This paper presents an original risk assessment approach based on risk propagation and network node correlation to provide relevant and accurate results. Each parameter involved in the risk assessment process is quantified then the overall approach is described in detail. At the end of the paper, the network security assessment methodology is applied to a satellite-based system architecture we designed for an industrial project entitled FAST (Fiber-like Aircraft Satellite Telecommunications). This project is co-funded by the Aerospace Valley pole and the French government (Direction Generale de la Competitivite, de l'Industrie et des Services - DGCIS, Fonds Unique Interministeriel - FUI) and aims to provide bi-directional satellite communication services on commercial aircraft worldwide. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Secure Web Service-Based Platform for Wireless Sensor Network Management and Interrogation

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (662 KB) |  | HTML iconHTML  

    A Wireless Sensor Network (WSN) is composed of small, low cost and low energy consumption devices called sensors. Those sensors are deployed in a monitored area. They capture measurements related to the monitored phenomenon (temperature, humidity...) and send them through a multi-hop routing to a sink node that delivers them to a Base Station for use and decision making. WSN are used in several fields ranging from military applications to civilian ones, for security, home automation and health care... Up to now, most of the works focused on designing routing protocols to address energy consumption issue, fault tolerance and security. In this paper, we address the issue of secure management and interrogation of WSN through Internet mainly. In our work, we designed and implemented a generic approach based on Web Services that builds a standardized interface between a WSN and external networks and applications. Our approach uses a gateway that offers a synthesis of Web Services offered by the WSN assuring its interrogation and management. Furthermore, Authentication, Authorization and Accounting mechanism has been implemented to provide security services and a billing system for WSN interrogation. We designed our architecture as a generic framework. Then, we instantiated it for two use cases. Furthermore, we designed, implemented and tested Directed Service Oriented Diffusion (DSOD), a Service Oriented routing protocol for WSN. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Semantic Information Model Based on the Privacy Legislation

    Page(s): 1 - 6
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (298 KB) |  | HTML iconHTML  

    Users' concerns regarding their privacy have a negative impact on their confidence into e-services, and tend to slow down the widespread adoption of online services. Until today, the protection of personal data is mainly left to the legislation by means of guidelines. This paper aims to increase the perceived control by users over their data and to bring down into the technological reality the legislative data protection principles. To do so, it discusses the main concepts involved in the legislative privacy principles, and deduces a privacy semantic information model, i.e. a privacy ontology. This model serves to build users' privacy preferences and SP's privacy policies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Integrated Session Table for Security and QoS

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (556 KB)  

    Packet classification is the process of matching multiple packet header fields against a possibly large set of filters to find a matching rule. Packet classification was implemented in several application areas such as service differentiation, firewalls, QoS and secure routing. In this paper, we extend the firewall session table to speed up QoS marking process, and thus, to save QoS Classification time. Our proposed algorithm and system have been implemented in the kernel of NetBSD. Experimental tests show that the new implementation can save about 10 isec per packet if a QoS classification of 10000 filters is used. Moreover, the new implementation needs just less than 0.5 isec to mark packet regardless of the size of the filtering rules. To evaluate the performance of our new implementation with respect to the QoS characteristics, we measured four important QoS metrics (throughput, packet loss rate, delay and jitter) and compared them with the classical implementation. We finally demonstrate that a significant enhancement is remarked using our new algorithm. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis Vulnerabilities in Smart Card Web Server

    Page(s): 1 - 5
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (697 KB) |  | HTML iconHTML  

    Since its beginning, smart cards have involved. They are used nowaday by million of users and provide more opportunities. You can integrate it a web server. Java Card 2.2 smart card Web Server does not support the TCP/IP protocol, a new communication protocol has been created between the card and the mobile : the BIP protocol (Bearer Independent protocol). This protocol managed the security of the communication, it should be flawless. To verify protocol security, we use fuzzing technic. Work on the fuzzing shown that many security flaws on application or protocol may be discovered when invalid data is injected. We use this method in black box with an accurate analysis on the BIP protocol to test its vulnerability to attacks. We will see its implementation have some differences with the specification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic Generation of Vulnerability Tests for the Java Card Byte Code Verifier

    Page(s): 1 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (158 KB) |  | HTML iconHTML  

    The byte code verifier is an essential component of the Java Card security platform. Test generation to assess its implementation is mandatory, however, comprehensive test plans are too intricate to be handmade. Therefore, automating their generation is an interesting avenue. Our approach is based on formal methods, an important asset to find a preamble, a postamble, or the entire set of test cases for each instruction. The proposed vulnerability tests confirm that a behavior rejected by the model is also rejected by its implementation. Our results show that the techniques put forward achieve such a goal, through a simplified language. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Botnets: Lifecycle and Taxonomy

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (195 KB) |  | HTML iconHTML  

    The new threat of the Internet, but little known to the 'general public' is constituted by botnets. Botnets are networks of infected computers, which are headed by a pirate called also 'Attacker' or 'Master'. The botnets are nowadays mainly responsible for large-scale coordinated attacks. The attacker can ask the infected computers called 'Agents' or 'Zombies' to perform all sorts of tasks for him, like sending spam, performing DDoS attacks, phishing campaigns, delivering malware, or leasing or selling their botnets to other fraudsters anywhere. In this paper we present a classification that reflects the life cycle and current resilience techniques of botnets, distinguishing the propagation, the injection, the control and the attack phases. Then we study the effectiveness of the adopted taxonomy by applying it to existing botnets to study their main characteristics. We conclude by the upcoming steps in our research. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Decisive Heuristics to Differentiate Legitimate from Phishing Sites

    Page(s): 1 - 9
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (239 KB) |  | HTML iconHTML  

    Phishing attacks are a major concern for preserving Internet users privacy, especially when most of them lead to financial data theft by combining both social engineering and spoofing techniques. As blacklists are not the most effective in detecting phishing sites because of their short lifetime, heuristics appears as a privileged way at time 0. Several previous studies discussed the different types of phishing characteristics that can help defining heuristics tests, as well as comparing them to blacklists. In our paper, we studied heuristics using a different approach. Based on the characteristics of phishing URLs and webpages, we defined 20 heuristics tests and implemented them in our own active anti-phishing toolbar (Phishark). Then, we tested the heuristics effectiveness and determined which heuristics are decisive to differentiate legitimate from phishing sites. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Document Tracking - On the Way to a New Security Service

    Page(s): 1 - 5
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (310 KB) |  | HTML iconHTML  

    This paper proposes a new security service that provides reliable technologies for traitor tracing. As current systems do not provide sufficient options to find out who distributed a document in an unauthorized way, an approach for solving this security gap is proposed. Existing security concepts will be extended by a new service based on reliable tracking data embedding. Additionally, a new method to hide the structure of data is introduced. Summarized, the proposed scheme enhances security against attacks from authorized personnel who have got into legal possession of confidential information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic Malware Detection by Similarity Measures between Behavioral Profiles: An Introduction in French

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (755 KB) |  | HTML iconHTML  

    In we have proposed a advance code obfuscation technique for metamorphic codes. In we have shown that the detection of such obfuscated codes was a problem for classical nowadays static detection tools. In this new paper, written in French, we focus on a new dynamic detection approach which allows to detect variants produced by our metamorphic engine. In addition, our approach can detect unknown malware as long as their behavior approaches that of a known malware. For this, we propose to use a measure of similarity between program behaviors. This measure is obtained by lossless compression of execution traces in terms of system calls. This article describes our approach in detail and provides experimental results of detection, first on our own metamorphic sample codes, secondly and more broadly, on a public 5000-malware database. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enhanced Authentication Protocol in IMS Environment

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (942 KB) |  | HTML iconHTML  

    The IMS (IP Multimedia Subsystem) architecture is the key control for next generation networks (NGN). IMS gives network operators the opportunity to extend their services, including voice and multimedia communications and deliver them in new environments with new goals. Its security is paramount, especially authentication. In IMS, authentication is divided into two phases a PS (Packet-Switch) domain-level with the 3GPP-AKA protocol, and a second at IMS level using the IMS-AKA protocol. The latter is based on 3GPP-AKA, which leads to a large duplication of steps between the two phases. Some Works have tried to reduce this duplication and increase the IMS-AKA efficacy, but they add new vulnerabilities to IMS-AKA. The aim of this paper is to solve the security problems of IMS-AKA while maintaining good efficacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Federated Claims Based Authentication and Access Control in the Vehicular Networks

    Page(s): 1 - 6
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (542 KB) |  | HTML iconHTML  

    The emergence of the vehicular networks has led automakers and researchers to develop connected embedded applications to exchange messages as part of road safety and entertainment. Secondly, the security has become a vital prerequisite for the deployment of such networks. In terms of controlling access to resources, more heterogeneous solutions are proposed based on X.509 certificates, Kerberos tickets, Password techniques, etc. This technologies heterogeneity pushes us to find a solution in order to federate the existing techniques and even future ones. WS- Federation is one of the keys aiming to solve this problem but only suitable for SOAs based on Web Services technology. Consequently, our approach was to integrate native distributed vehicular applications in a SOA and then apply the WS-* security- related Web services specifications while checking the federated access control to resources through WS-Federation and the notion of the claims. The result is a communicative architecture based on the ESB (Enterprise Service Bus) pattern that we baptized VSB (Vehicular Served Bus). View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Financial Critical Infrastructure: A MAS Trusted Architecture for Alert Detection and Authenticated Transactions

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1948 KB) |  | HTML iconHTML  

    Banking and financial system constitute a critical service for our economy. Being able to foreseen real time attacks and failures on financial institutions network is a crucial challenge. In order to face those problems, research tends to elaborate alert mechanisms in order to support risk assessment, analysis and mitigation solution for real time decision-making processes. Our previous works had proposed a multi-agent based architecture to support that alert mechanism. This architecture exploited the Multi-agent system technology and proposes a static assignment of functions to agents. This static assignment was a weakness because isolating an agent or breaking the communication channel between two of them created serious damage on the crisis management. In this paper, we complete our previous works and make mobile the assignment of functions to agents. Our approach exploits the concept of agent responsibility that we assigned dynamically to agent taking into consideration the agent trust.This mobile assignement is illustrated by a case study that aims at adopting agent's secret key according to the sensibility of the financial context. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (468 KB) |  | HTML iconHTML  

    This paper presents the KAOS2RBAC approach for Security Requirements Engineering. Starting from functional requirements, linked to a data model, the approach first identifies high level security goals. It then refines these security goals into security requirements linked to the functional model. Finally, these security requirements lead to the design of access control rules. An informal verification step checks that the rules give enough permission to enable all functional requirements. The approach takes benefit of the KAOS notations to link functional and non-functional goals, agents, data, and access control rules in a single requirements model. This enables traceability between security goals and the resulting access control rules. The approach is illustrated by a case study: an information system for medical urgency, taken from a real project. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.