By Topic

Security & Privacy, IEEE

Issue 2 • Date March-April 2006

Filter Results

Displaying Results 1 - 24 of 24
  • [Front cover]

    Publication Year: 2006 , Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (1506 KB)  
    Freely Available from IEEE
  • [Inside front cover]

    Publication Year: 2006 , Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (1524 KB)  
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2006 , Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (1886 KB)  
    Freely Available from IEEE
  • IEEE Computer Society Celebrates Two 60-Year Anniversaries

    Publication Year: 2006 , Page(s): 3
    Save to Project icon | Request Permissions | PDF file iconPDF (287 KB)  
    Freely Available from IEEE
  • The Impending Debate

    Publication Year: 2006 , Page(s): 4 - 5
    Save to Project icon | Request Permissions | PDF file iconPDF (1104 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Masthead

    Publication Year: 2006 , Page(s): 6
    Save to Project icon | Request Permissions | PDF file iconPDF (1088 KB)  
    Freely Available from IEEE
  • Internet War Games: Power of the Masses

    Publication Year: 2006 , Page(s): 7
    Save to Project icon | Request Permissions | PDF file iconPDF (41 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2006 , Page(s): 8 - 13
    Save to Project icon | Request Permissions | PDF file iconPDF (640 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Case study: online banking security

    Publication Year: 2006 , Page(s): 14 - 20
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (350 KB) |  | HTML iconHTML  

    A description of attack scenarios over a two-year period illustrates several key security issues with Internet banking systems in Norway. Given the banks' security-by-obscurity policy, online customers knew little about security levels and falsely believed their assets were safe View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Internet banking authentication

    Publication Year: 2006 , Page(s): 21 - 29
    Cited by:  Papers (11)  |  Patents (24)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (544 KB) |  | HTML iconHTML  

    This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A contextual framework for combating identity theft

    Publication Year: 2006 , Page(s): 30 - 38
    Cited by:  Papers (7)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (358 KB) |  | HTML iconHTML  

    Identity theft is on the rise - as is the resulting damage to consumers and countries. In this article, the authors propose a framework to identify stakeholders and the interactive relationships that play multiple roles in combating identity theft View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing embedded systems

    Publication Year: 2006 , Page(s): 40 - 49
    Cited by:  Papers (23)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (396 KB) |  | HTML iconHTML  

    A top-down, multiabstraction layer approach for embedded security design reduces the risk of security flaws, letting designers maximize security while limiting area, energy, and computation costs View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying the common criteria in systems engineering

    Publication Year: 2006 , Page(s): 50 - 55
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (339 KB) |  | HTML iconHTML  

    The National Institute of Standards and Technology has proposed using the common criteria and system-level protection profiles (SLPPs) to specify security requirements in large systems, such as those used in air traffic management. This article summarizes experience with SLPP and security targets for the US Federal Aviation Administration's National Airspace System. The authors review the FAA efforts, highlight the problems encountered, and offer suggestions for future work, calling for more research on linking systems, software, and security requirements engineering with SLPP; clearer ties between security specifications and system certification; and better guidance on the appropriate use of SLPP as a prerequisite to widespread use View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A warning to industry - fix it or lose it

    Publication Year: 2006 , Page(s): 56 - 60
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (132 KB) |  | HTML iconHTML  

    As part of its security analysis and the Industry Trends series, Morgan Stanley has identified the endpoint as critical for winning the security war rather than just fighting hapless battles. For the Internet to be a truly reliable and trusted commerce mechanism, protecting a transaction's source is imperative. Other than protecting the data itself, endpoint integrity is at this point the most critical element in getting back on track View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Who owns your computer? [digital rights management]

    Publication Year: 2006 , Page(s): 61 - 63
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (60 KB) |  | HTML iconHTML  

    Sony's much-debated choice to use rootkit-like technology to protect intellectual property highlights the increasingly blurry line between who can, should, or does control interactions among computational devices, algorithms embodied in software, and data upon which they act. With respect to policy and defense, two key questions emerge: When systems or computational elements are combined, whose policy and expectation dominates? What sorts of defenses are appropriate, and in which situations? The challenge to educators is to provide the experiences, and seek the understanding, that let others make better choices when such conflicts arise in the future View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Randomness in cryptography

    Publication Year: 2006 , Page(s): 64 - 67
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (921 KB) |  | HTML iconHTML  

    Although more formal definitions of randomness exist, a colloquial one will suffice here: a random process is one whose consequences are unknown. Intuitively, this is why randomness is crucial in cryptographic applications - because it provides a way to create information that an adversary can't learn or predict. It's then the task of a good protocol designer to leverage this power in the best possible way to protect data and communication. In this paper, we'll look at some basic uses of randomness in cryptography and briefly review the process of securely generating randomness View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to think about security

    Publication Year: 2006 , Page(s): 68 - 71
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (88 KB) |  | HTML iconHTML  

    Learning how to think about security means adopting a different mindset than we've had in the past. As a community, software developers have been thinking too much like "good guys" and thus ended up developing insecure software because they failed to predict attack scenarios. The only way to effectively develop good security in software is to learn to think like the "bad guys." Thinking like the adversary helps us to better identify and mitigate threats View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New threats and attacks on the World Wide Web

    Publication Year: 2006 , Page(s): 72 - 75
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (882 KB) |  | HTML iconHTML  

    Ten years ago, very few networks had a firewall; today, they're ubiquitous. The newest target is the workstation: client-side attacks have increased because direct attacks on servers aren't so easy any more. Moreover, as new defenses are raised, information flows are increasingly embedded into Web applications, making them extremely valuable as well, and, thus, the next target. This article describes some of these new threats View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The end of end-to-end security? [Internet security]

    Publication Year: 2006 , Page(s): 76 - 79
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (124 KB) |  | HTML iconHTML  

    In 1984, a year after the Arpanet switched from using the Network Control Protocol to using the TCP/IP protocol suite, Jerry Saltzer, David Reed, and Dave Clark expressed what became the core concept of the Internet in a short paper titled "End-to-End Arguments in System Design." This philosophy has been followed for more than two decades. This paper explains both the dynamic generative effect of the Internet and its security issues View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Should indexing be fair use? The battle over Google Book Search

    Publication Year: 2006 , Page(s): 80 - 83
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (64 KB) |  | HTML iconHTML  

    In late 2004, Google announced as part of its Library Project that it would scan millions of books into a searchable online database accessible to anyone using Google Book Search (http://books.google.com). In response, the US Authors Guild and the Association of American Publishers (AAP) sued Google, claiming its book scanning is "massive copyright infringement". Google says its indexing is a legitimate fair use. As in all such discussions, two different questions arise: What does the law say? What would be good public policy? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adopting an enterprise software security framework

    Publication Year: 2006 , Page(s): 84 - 87
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (68 KB) |  | HTML iconHTML  

    Most organizations no longer take for granted that their deployed applications are secure. But even after conducting penetration tests, network and hosting security personnel spend considerable time chasing incidents. Your organization might be one of the many that have realized the "secure the perimeter" approach doesn't stem the tide of incidents because the software it's building and buying doesn't resist attack. A new approach offers help across the enterprise View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptographic hash standards: where do we go from here?

    Publication Year: 2006 , Page(s): 88 - 91
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (391 KB) |  | HTML iconHTML  

    Successful attacks against the two most commonly used cryptographic hash functions, MD5 and SHA-1, have triggered a kind of feeding frenzy in the cryptographic community. Many researchers are now working on hash function attacks, and we can expect new results in this area for the next several years. This article discusses the SHA-1 attack and the US National Institute of Standards and Technology's (NIST's) plans for SHA-1 and hash functions in general View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Security & Privacy 2006 Editorial Calendar

    Publication Year: 2006 , Page(s): 92
    Save to Project icon | Request Permissions | PDF file iconPDF (1060 KB)  
    Freely Available from IEEE
  • [Back inside cover]

    Publication Year: 2006 , Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (1181 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu