By Topic

Security & Privacy, IEEE

Issue 1 • Date Jan.-Feb. 2012

Filter Results

Displaying Results 1 - 25 of 27
  • [Front cover]

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (7238 KB)  
    Freely Available from IEEE
  • "Oakland" 2012 in San Francisco! [IEEE Symposium on Security and Privacy Symposium and Workshops]

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (479 KB)  
    Freely Available from IEEE
  • Table of contents

    Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (4749 KB)  
    Freely Available from IEEE
  • Happy Anniversary!

    Page(s): 3 - 4
    Save to Project icon | Request Permissions | PDF file iconPDF (2064 KB)  
    Freely Available from IEEE
  • [Masthead]

    Page(s): 5
    Save to Project icon | Request Permissions | PDF file iconPDF (131 KB)  
    Freely Available from IEEE
  • Lost Decade or Golden Era: Computer Security since 9/11

    Page(s): 6 - 10
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (329 KB)  

    In the 10 years since 9/11, the cybersecurity threat has evolved significantly, and every sector of the US economy has become more dependent than ever on the Internet. Today, major security breaches dominate headlines on a weekly basis. Intrusion campaigns such as "Operation Shady Rat" (disclosed by McAfee in August) and "Nitro" (disclosed by Symantec in October) show a systematic compromise of every significant sector of the economy, including technology, industrial manufacturing, defense, financial services, and government and nongovernmental organizations. In addition to the systematic compromises of these sectors, we've also seen hints and speculation of cyberwarfare operations including Stuxnet, Duqu, and the recent loss and capture of the US RQ-170 Sentinel spy drone over Iran. But over the same 10-year time period, security technology has arguably improved incrementally, with innovation occurring in some areas. The question the authors attempt to address in this point/counterpoint article is whether we're better off today in security than we were 10 years ago. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Silver Bullet talks with Deborah Frincke

    Page(s): 11 - 14
    Save to Project icon | Request Permissions | PDF file iconPDF (1213 KB)  
    Freely Available from IEEE
  • Security, Privacy, and Policy Roundup

    Page(s): 15 - 17
    Save to Project icon | Request Permissions | PDF file iconPDF (571 KB)  
    Freely Available from IEEE
  • Advertisement - Digital Computer

    Page(s): 18
    Save to Project icon | Request Permissions | PDF file iconPDF (2697 KB)  
    Freely Available from IEEE
  • Authentication - Are We Doing Well Enough? [Guest Editors' Introduction]

    Page(s): 19 - 21
    Save to Project icon | Request Permissions | PDF file iconPDF (3892 KB)  
    Freely Available from IEEE
  • The Future of Authentication

    Page(s): 22 - 27
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2218 KB)  

    As part of this special issue on authentication, guest editors Richard Chow, Markus Jakobsson, and Jesus Molina put together a roundtable discussion with leaders in the field, who discuss here their views on the biggest problems in authentication, potential solutions, and the direction in which the field is moving. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Research Agenda Acknowledging the Persistence of Passwords

    Page(s): 28 - 36
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2443 KB)  

    Despite countless attempts and near-universal desire to replace them, passwords are more widely used and firmly entrenched than ever. The authors' exploration leads them to argue that no silver bullet will meet all requirements-not only will passwords be with us for some time, but in many instances, they're the solution that best fits the scenario of use. Among broad authentication research directions to follow, they first suggest better means to concretely identify actual requirements (surprisingly overlooked to date) and weight their relative importance in target scenarios. Second, for scenarios where passwords appear to be the best-fit solution, they suggest designing better means to support them. The authors also highlight the need for more systematic research and how the premature conclusion that passwords are dead has led to the neglect of important research questions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Training Johnny to Authenticate (Safely)

    Page(s): 37 - 45
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2830 KB)  

    The authors present the results of a long-term user study of site-based login mechanisms that train users to log in safely. Interactive site-identifying images received 70 percent detection rates, which is significantly better than the 20 percent received by the typical login ceremony. They also found that combining login bookmarks with interactive images and nonworking buttons or links (called negative training functions) achieved the best detection rates (82 percent) and overall resistance rates (93 percent). Because interactive custom images provide effective user training against phishing, the authors extended its authentication usages. The authors present an adaptive authentication mechanism based on recognition of multiple custom images, which can be used for different Web and mobile authentication scenarios. The mechanism relies on memorization of the custom images on each primary login, adaptively increasing the authentication difficulty on detection of impersonation attacks, and recognizing all images for fallback authentication. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic Identity Cards for User Authentication—Promise and Practice

    Page(s): 46 - 54
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3328 KB)  

    Electronic identity (elD) cards promise to supply a nationwide user authentication mechanism. The core technology seems ready for mass deployment, but application issues might hamper elD adoption. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improving the Automation of Security Information Management: A Collaborative Approach

    Page(s): 55 - 59
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1580 KB)  

    Many preventive security measures purport to protect networks from cyber intrusions. These adopted measures can generate a large amount of information that should be stored and analyzed to enable responses to detected attacks. Security information and event managers (SIEMs) are indispensable for collecting all of a system's security-related information in a central repository. This can then provide trend analysis and lead analysts to adopt appropriate actions. A collaborative work approach lets SIEMs of different trusted domains share alarms and their countermeasures. By sharing alarms and adopted measures in domains with similar profiles, the authors hope to enhance a global view of the security and facilitate decision making for security-domain administrators. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Making Successful Security Decisions: A Qualitative Evaluation

    Page(s): 60 - 68
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (524 KB)  

    How do IT security managers make decisions in the absence of empirical data, and how do they know these decisions are successful? Some security managers seem more successful at making decisions than others. Are they guessing, or are they using some tacit knowledge? To address these questions, a study employed open-ended interviews with highly regarded, experienced security practitioners. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Nanocomputing: Small Devices, Large Dependability Challenges

    Page(s): 69 - 72
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1351 KB)  

    Nanoscale digitization will be an essential lever to foster the emerging cyberphysical systems. Thanks to the widespread presence of IT and communication capabilities far beyond today's Internet and wireless networking capabilities, future highly pervasive embedded systems will feature smart objects (sensors and actuators) fully merged with the environment in which they're deployed. This will result in enhanced ambient services spanning the everyday life of citizens, thus improving our quality of life, increasing awareness of resources and the environment, and enriching the user experience. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Teaching Cybersecurity with DeterLab

    Page(s): 73 - 76
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (529 KB)  

    The DETER project aims to advance cybersecurity research and education. Over the past seven years, the project has focused on improving and redefining the methods, technology, and infrastructure for developing cyberdefense technology. The project's research results are put into practice by DeterLab, a public, free-for-use experimental facility available to researchers and educators worldwide. Educators can use DeterLab's exercises to teach cybersecurity technology and practices. This use of DeterLab provides valuable feedback on DETER innovations and helps grow the pool of cybersecurity innovators and cyberdefenders. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • This Time, It's Personal: Recent Discussions on Concepts of Personal Information

    Page(s): 77 - 79
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (200 KB)  

    Under privacy regulation, what exactly is personal information? This is an important concept in a changing landscape of technology and information disclosure, in which it's becoming increasingly easier to identify and reidentify individuals. Legal scholars have provided some insights into the evolving nature of personal information and how we might incorporate notions of identifiability risk into regulation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic Identities Need Private Credentials

    Page(s): 80 - 83
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1917 KB)  

    For transactions on the Internet, user authentication typically involves usernames and passwords. When creating an account, users often must provide additional personal information. Usually, this is a list of self-claimed attributes such as name, address, or birth date. Only a few attributes such as email address and credit card information have some mechanism to authenticate them. Solutions such as the Security Assertion Markup Language, OpenID, or X.509 certificates let users authenticate and transfer attributes, certified by an issuer, to a relying party in a more trusted way. However, these technologies still have considerable security and privacy concerns. Private credentials are a superior solution. With them, issuers don't have to be involved during authentication. Also, users disclose only those attributes required by the relying parties and can do so without being easily tracked across their transactions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Moving 2 Mishap: M2M's Impact on Privacy and Safety

    Page(s): 84 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (278 KB)  

    The rapidly evolving technology of embedded cellular devices has led to weaknesses that attackers could exploit to compromise our privacy and safety. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Your Memory Is Now a Vendor Service

    Page(s): 88 - 90
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2192 KB)  

    We no longer provide the context for anything we do, so the systems we deal with provide it for us. This implies that they know more about us and we have less privacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Optimizing Product Improvement Spending with Third-Party Security Consultants

    Page(s): 91 - 93
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (578 KB)  

    Companies should try to match security consultancies or even individual consultants to specific projects. To do this, get to know the consultants-in particular, their skills, experience, and interests. Attend security conferences to be aware of their latest research. Beyond this, look for softer skills, such as good communication skills, and an understanding of the challenges that product teams face. Also, develop relationships with consultancies that can grow along with your changing security needs. These steps can improve security and optimize the outlay of your product improvement dollars. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Power. Law.

    Page(s): 94 - 95
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB)  

    Research on networks is an area that we should watch more closely than any other. Perhaps more important than the borrowing of techniques, however, is paying close attention to the ferment over whether new network designs with security in mind are worth the societal price and effort to actually implement in a world that already has a considerable sunk investment in structure. How networks build themselves does have considerable influence on our field of practice. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • More or Less

    Page(s): 96
    Save to Project icon | Request Permissions | PDF file iconPDF (633 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu