Information security applications : 8th International Workshop, WISA 2007 Jeju Island, Korea, August 27-29, 2007 : revised selected papers

This book constitutes the refereed proceedings of the 8th International Workshop on Information Security Applications, WISA 2007, held in Jeju Island, Korea, August 27-29, 2007.The 27 revised full papers presented were carefully selected during two rounds of reviewing and improvement from 95 submiss...

Full description

Saved in:
Bibliographic Details
Main Authors Sehun, Kim, Yung, Moti, Lee, Hyung-Woo
Format eBook Book
LanguageEnglish
Published Berlin Springer 2008
Springer Berlin / Heidelberg
Edition1
SeriesLecture notes in computer science
Subjects
Computer security
Computer security > International cooperation > Congresses
Computer security-Congresses
Congresses
Data protection
Data protection > International cooperation > Congresses
Online AccessGet full text
ISBN9783540775348
354077534X

Cover

Table of Contents:
  • Distortion Based K-Anonymity -- Optimizing Quality Levels and Development Costs for Developing an Integrated Information Security System* -- ICRep: An Incentive Compatible Reputation Mechanism for P2P Systems* -- Author Index
  • Intro -- Preface -- Organization -- Table of Contents -- Universal .T Pairing Algorithm over Arbitrary Extension Degree -- Convertible Undeniable Proxy Signatures: Security Models and Efficient Construction -- Secret Signatures: How to Achieve Business Privacy Efficiently? -- Implementation of BioAPI Conformance Test Suite Using BSP Testing Model -- Information Hiding in Software with Mixed Boolean- Arithmetic Transforms -- Geometrically Invariant Image Watermarking in the DWT Domain -- Implementation of LSM-Based RBAC Module for Embedded System -- Iteration Bound Analysis and Throughput Optimum Architecture of SHA- 256 ( 384,512) for Hardware Implementations -- A Compact Architecture for Montgomery Elliptic Curve Scalar Multiplication Processor -- Windows Vault: Prevention of Virus Infection and Secret Leakage with Secure OS and Virtual Machine -- An Architecture Providing Virtualization-Based Protection Mechanisms Against Insider Attacks -- Detecting Motifs in System Call Sequences -- Comparative Studies in Key Disagreement Correction Process on Wireless Key Agreement System -- Breaking 104 Bit WEP in Less Than 60 Seconds -- Efficient Implementation of the Pairing on Mobilephones Using BREW -- Security Analysis of MISTY1 -- A Generic Method for Secure SBox Implementation -- On the Security of a Popular Web Submission and Review Software (WSaR) for Cryptology Conferences -- Authorization Constraints Specification of RBAC -- Dynamic Access Control Research for Inter- operation in Multi- domain Environment Based on Risk -- A Compositional Multiple Policies Operating System Security Model -- Longer Randomly Blinded RSA Keys May Be Weaker Than Shorter Ones -- Differential Power Analysis of HMAC Based on SHA- 2, and Countermeasures -- Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC -- Risk &amp
  • The Risk of the Inter-operation in Multi-domains
  • Intro -- Title Page -- Preface -- Organization -- Table of Contents -- Universal \eta_T Pairing Algorithm over Arbitrary Extension Degree -- Introduction -- Tate Pairing Over Supersingular Curve with Characteristic Three -- Tate Pairing -- Duursma-Lee Algorithm -- \eta_T Pairing -- Proposed Explicit Algorithms -- \eta_T Pairing for Arbitrary n -- Universal \eta_T Pairing -- Implementation Results -- Proofs of Proposition and Algorithm -- Proof of Algorithm 1 -- Proof of Proposition 1 -- Conclusion -- Some Lemmas -- Convertible Undeniable Proxy Signatures: Security Models and Efficient Construction -- Introduction -- Preliminaries -- Bilinear Maps -- Complexity Assumptions -- Formal Definitions of Convertible Undeniable Proxy Signatures -- Outline of Convertible Undeniable Proxy Signatures -- Adversaries and Oracles -- Completeness -- Non-transferability -- Unforgeability -- Invisibility -- Soundness -- Our Proposed Scheme -- Concrete Scheme -- Security Analysis of the Proposed Scheme -- Conclusion -- Secret Signatures: How to Achieve Business Privacy Efficiently? -- Introduction -- Definitions -- Definition of Secret Signature Scheme -- Security Definitions -- General Implementation -- DL-Based Implementation of Secret Signature Scheme -- Proving the Validity of Secret Signature -- General Proof Protocol -- Anonymous Proof Protocol -- Comparison of Features -- Comparison of Efficiency -- Applications of Secret Signatures -- Conclusion -- Proving the Equality of Two Discrete Logarithms -- OR Proving the Equality of Two Discrete Logarithms -- Implementation of BioAPI Conformance Test Suite Using BSP Testing Model -- Introduction -- Conformance Test Suite for BioAPI: Methods and Models [7] -- Conformance Testing Methods -- Conformance Testing Models -- Implementation of CTS for BioAPI BSP -- Experimental Results
  • Motif Detection: Terms and Definitions -- The Motif Tracking Algorithm -- Detection of System Call Patterns -- Results -- System Call Motifs Identified by the MTA -- Sensitivity to Changes in the Symbol Length s -- Sensitivity to Changes in the Alphabet Size a -- Summary Discussion of Results -- Future Work -- Conclusion -- Comparative Studies in Key Disagreement Correction Process on Wireless Key Agreement System -- Introduction -- Wireless Key Agreement System -- System Configuration -- Key Generation -- Security Evaluation Index -- Evaluation Experiments and Simulations -- Experimental Condition -- Security Evaluation without Key Disagreement Correction Process -- Comparison of Error-Correcting Codes Concerning Key Disagreement Correction Process by Computer Simulation -- Conclusion -- Breaking 104 Bit WEP in Less Than 60 Seconds -- Introduction -- Notation -- The Stream Cipher RC4 -- Klein's Attack on RC4 -- Extension to Multiple Key Bytes -- Obtaining Sufficient Amounts of Key Stream -- Our Attack on WEP -- Key Ranking -- Handling Strong Keys -- A Passive Version -- Breaking Implementations Using Larger WEP Keys -- Experimental Results -- Robustness of the Attack -- Related and Further Work -- Conclusion -- Efficient Implementation of the Pairing on Mobilephones Using BREW -- Introduction -- Algorithms for Implementing the Pairing -- The Elements Representation in \mathbb F_{3^m} -- Arithmetic in Finite Field \mathbb F_{3^m} -- Arithmetic in Extended Field \mathbb F_{3^{3m}} and \mathbb F_{3^{6m}} -- Tate Pairing -- \eta_T Pairing -- Implementation of the Pairing on BREW -- Experimental Environment and Analysis of the Program -- Optimized Multiplication for BREW -- Further Discussion on Speed-Up -- Implementation Result -- Conclusion -- Final Exponentiation for Pairing -- Security Analysis of MISTY1 -- Introduction -- Preliminaries
  • Conclusions and Future Works -- Information Hiding in Software with Mixed Boolean-Arithmetic Transforms -- Introduction -- Motivating Scenarios -- Naïve Code -- Hiding Constants from Static Analysis -- Hiding Constants and Algorithms from Dynamic Analysis -- Mixed Boolean-Arithmetic (MBA) Transforms -- Basic Definitions -- Linear MBA Identities and Expressions -- Permutation Polynomials and Other Invertible Functions -- Code Transforms Via Zero and Invertible MBA Functions -- Protection Methods -- Simple Constant Hiding Using MBA Transforms -- Algorithm and Data Hiding Example: Software Watermarking -- Security of MBA Transforms -- Conclusion -- Example of Key Hiding in an MBA Polynomial -- Geometrically Invariant Image Watermarking in the DWT Domain -- Introduction -- Invariant Features to Geometric Transformations -- Geometric Transformations -- Invariance of the Histogram shape in the Spatial Domain -- The Histogram Shape Invariance in the DWT Domain -- Experimental Testing -- Proposed Watermarking Algorithm -- Watermark Insertion -- Watermark Recovery -- Experimental Results -- Imperceptibility -- Robustness -- Concluding Remarks -- Implementation of LSM-Based RBAC Module for Embedded System -- Introduction -- Standard of Role-Based Access Control -- Design and Implementation of L-RBAC -- Performance Overhead -- Example of Application -- Conclusion -- Iteration Bound Analysis and Throughput Optimum Architecture of SHA-256 (384,512) for Hardware Implementations -- Introduction -- Related Works -- The Iteration Bound Analysis and Transformations -- DFG Representation -- The Iteration Bound Analysis -- The Retiming Transformation -- The Unfolding Transformation -- Iteration Bound Analysis and Throughput Optimum Architecture of SHA2 -- DFG of SHA2 Compressor -- DFG of SHA2 Expander -- Implementation and Synthesis Results -- Conclusion
  • A Compact Architecture for Montgomery Elliptic Curve Scalar Multiplication Processor -- Introduction -- Background -- López-Dahab's Montgomery Scalar Multiplication -- Modular Arithmetic Logic Unit (MALU) and Elliptic Curve Processor Architecture -- Implementation Consideration -- Common Z Projective Coordinate System -- Proposing System Architecture -- Arithmetic Logic Unit (ALU) Architecture -- Circular Shift Register File Architecture -- Overall System Architecture -- Register File Management for Algorithm Implementation -- Synthesis Results -- Conclusion -- Windows Vault: Prevention of Virus Infection and Secret Leakage with Secure OS and Virtual Machine -- Introduction -- Windows Vault -- Concepts -- Overall Architecture -- Platform OS -- Gateways -- Performance Evaluation -- Security Considerations -- Attacks from External Workstation/Network to Internal Workstation -- Attacks by User -- Vulnerability of Gateways and Enhancements -- Another Data Category: Unsafe Secret -- Usability of Network Applications -- Sending Message to External Network -- Web Browsing -- Related Works -- Conclusions -- References -- An Architecture Providing Virtualization-Based Protection Mechanisms Against Insider Attacks -- Introduction -- Background -- Trusted Computing -- Virtualization -- Example Scenario -- Threat Analysis -- Attacks on the Client -- Requirements for the Protection Architecture -- Protection Architecture -- Protection Layer 4: TPM and Hardware -- Protection Layer 3: Hypervisor and Management VM -- Protection Layer 2: Open VM and Trusted VM -- Protection Layer 1: Document Editor -- Attestation Protocol -- Evaluation of the Protection Architecture -- Related Work -- Conclusions and Future Work -- Detecting Motifs in System Call Sequences -- Introduction -- Related Work -- Intrusion Detection and System Calls
  • Notation -- Higher Order Differential Property -- Weakness of Key Schedule -- Basic Idea -- Attack Equation -- Complexity -- Low Order of S-Box -- Basic Idea -- Attack Equation -- Complexity -- Conclusions -- A Generic Method for Secure SBox Implementation -- Introduction and Motivations -- Secure Implementation of Non-linear Functions in the Literature -- State of the Art of the Generic Methods -- Single-Mask Protection Mode versus Multi-mask Protection Mode -- The New S-Box Secure Calculation Method -- Our Proposal -- Comparison with Other Generic Methods -- Security Analysis -- Preliminaries -- Evaluation Methodology -- Proof of Security -- Conclusion -- Application to AES -- On the Security of a Popular Web Submission and Review Software (WSaR) for Cryptology Conferences -- Introduction -- WSaR and Its Security Features -- Password Strength -- Password Storage for Conference Chair and PC Members -- Input Sanitization -- Resistance to Bypass of Access Control Checks Through Forced Browsing -- Security Issues and Enhancements -- Browser Caching -- Constant Salt String for Reviewer and Chair Passwords -- Storage of Submission Passwords -- Password Policy and Strength Checking -- Absence of File Integrity and Binding -- Protocol Sketch for Password Distribution Via Email -- Concluding Remarks -- Storage and Display of Submissions' Digests -- Conferences That Have Used or Are Using WSaR -- Related Work -- Authorization Constraints Specification of RBAC -- Introduction -- Role-Based Constraints Language (RCL 2000) -- Basic Components -- Additional Elements -- Syntax of RCL 2000 -- Formal Semantics of RCL2000 -- Expressive Power of RCL2000 -- Static SOD -- Dynamic SOD -- Conclusion -- References -- Dynamic Access Control Research for Inter-operation in Multi-domain Environment Based on Risk -- Introduction -- Related Works