2009 Third International Conference on Network and System Security

Flooding of harmful information on the Internet seriously endangers the physiological and mental health of teenagers. Due to the user-friendliness of the Internet as well as the difficulty in the authentication for the access of specific categories of information, curbing the transmission of harmful information, i.e., to assure the information content security (ICS), has become a reasonable yet ch... View full abstract»

This paper discusses research activities that investigated the risk associated with USB devices. The research focused on identifying, characterizing and modelling unintended USB channels in contemporary computer systems. Such unintended channels can be used by a USB hardware Trojan horse device to create two way communications with a targeted network endpoint, thus violating the integrity and conf... View full abstract»

Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of Internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to Internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flas... View full abstract»

In its current form, RFID system are susceptible to a range of malevolent attacks. With the rich business intelligence that RFID infrastructure could possibly carry, security is of paramount importance. In this paper, we formalise various threat models due tag cloning on the RFID system. We also present a simple but efficient and cost effect technique that strengthens the resistance of RFID tags t... View full abstract»

In this paper we demonstrate our signature based detector for self-propagating worms. We use a set of worm and benign traffic traces of several endpoints to build benign and worm profiles. These profiles were arranged into separate n-ary trees. We also demonstrate our anomaly detector that was used to deal with tied matches between worm and benign trees. We analyzed the performance of each detecto... View full abstract»

Web mining is used to automatically discover and extract information from Web-related data source such as documents, services and user profiles. Although standard data mining methods are applied for mining on the Web, specific algorithms need to be developed and applied for Web based information processing in Web resources. In our paper, we develop a method to filter the relevant information to us... View full abstract»

This paper presents the architecture design of a high efficient and non-memory Advanced Encryption Standard (AES) crypto core to fit WPAN security requirement. The proposed basis transformation approach from Galois Field (2⁸) to Galois Field GF(((2²)²)²) can significantly reduce the hardware complexity of t... View full abstract»

We present a feasible cryptographically t-private protocol for electronic auctions. Our construction is based on Yao's garbled circuits and pseudorandom number generators (PRNG). Our protocol involves a field of (t+1)² parties for the generation of the garbled circuit and permits an arbitrary large number of bidders. The computational requirements are low: Only t+1 parties o... View full abstract»

Computer networks are vulnerable to attacks, where the network infrastructure itself is targeted. Emerging router designs, which use software-programmable embedded processors, increase the vulnerability to such attacks. We present the design of a secure packet processing platform (SPPP) that can protect these router systems. We use an instruction-level monitoring system to detect deviations in pro... View full abstract»

The security of computer networks has been in the focus of research for years. While several sophisticated systems had been developed in the area of intrusion detection, new challenges arised. Pattern matching systems are not able to cope with high bandwidth (10 Gbps +) when analyzing the whole payload. Furthermore, new attack schemes arise by increasingly complex software and systems. New approac... View full abstract»

Network security is in a daily evolving domain. Every day, new attacks, virus or intrusion techniques are released. Hence, network devices, enterprise servers or personal computers are potential targets of these attacks. Current security solutions like firewalls, intrusion detection systems (IDS) and virtual private networks (VPN) are centralized solutions which rely mostly on the analyze of inbou... View full abstract»

The wormhole attack is considered to be a serious security attack in multihop ad hoc and sensor networks. We propose "DeWorm", a simple protocol to effectively detect wormhole attacks without the need for special hardware and/or strict location or synchronization requirements. DeWorm makes use of discrepancies in routing information between neighbors to detect wormholes. A simulation based analysi... View full abstract»

As an anonymous Internet communication system Tor is popular and famous, being used by lots of users. The security of Tor is based on the authentication protocol. Although the Tor authentication protocol has been proved secure, this paper discovers its security vulnerability through its concurrency analysis, and shows it cannot be securely executed by multiple concurrent sessions. A new session-ke... View full abstract»

Multicast communication in dynamic environments like ad hoc networks are potentially of critical concern. As group members move in and out of the group, in order to preserve confidentiality, it becomes imperative to use cryptographic keys with rekeying mechanism each time a user enters or leaves. Therefore, in dynamic environments rekeying introduces a significant computational and communication o... View full abstract»

The Secure Real-Time Transport Protocol (SRTP) is an Internet standards-track security profile for RTP used to provide confidentiality, integrity and replay protection for RTP traffic. We study the performance of SRTP when it is used to secure VoIP conversations. Experiments are conducted using snom and Twinkle softphones running on Windows and Linux platforms respectively and a bare PC softphone ... View full abstract»