Suchen und Finden
Preface
5
Contents
6
Contributors
8
Secure Metering Schemes
11
1 Introduction
11
2 State of the Art
15
2.1 Client Authentication
15
2.2 Micropayments
15
2.3 Pricing via Processing
16
2.4 Threshold Computation of a Function
16
2.5 Secret Sharing
17
3 General Framework
17
3.1 Assumptions and Requirements
18
3.2 Complexity Measures
20
4 Unconditionally Secure Metering Schemes
20
4.1 Threshold Metering Schemes
21
4.1.1 An Entropy Based Model
23
4.2 Metering Schemes with Pricing
25
4.3 Metering Schemes for General Access Structures
28
5 Computationally Secure Metering Schemes
33
5.1 Naor and Pinkas Scheme
33
5.2 Ogata–Kurosawa Scheme
35
5.3 Hash-Based Scheme
36
6 Conclusions
38
References
41
A Cryptographic Framework for the Controlled Release Of Certified Data
43
1 Introduction
43
2 A Cryptographic Framework for the Controlled Release of Certified Data
45
2.1 A Framework of Cryptographic Primitives
46
2.2 Cryptography for the Controlled Release of Certified Data
48
3 Example Applications of the Framework
50
3.1 An Anonymous Credential System with Anonymity Revocation
51
3.2 Anonymous e-cash
51
4 Concrete Framework
52
4.1 Preliminaries
53
4.1.1 Notation
53
4.1.2 Bi-Linear Maps
53
4.2 Commitment Scheme
54
4.2.1 Pedersen's Commitment Scheme
54
4.2.2 An Integer Commitment Scheme
54
4.2.3 Proving the Length of a Discrete Logarithm
55
4.3 The SRSA-CL Signature Scheme and Its Protocols
55
4.3.1 The SRSA-CL Signature Scheme
56
4.3.2 Obtaining of a Signature on Committed Messages
57
4.3.3 Prove Knowledge of a Signature on Committed Messages
58
4.4 The BM-CL Signature Schemes and Its Protocols
58
4.4.1 The Signature Scheme
58
4.4.2 Obtaining of a Signature on Committed Messages
59
4.4.3 Prove Knowledge of a Signature on Committed Messages
60
4.5 The CS Encryption and Verifiable Encryption
61
4.5.1 The Encryption Scheme
61
4.5.2 Verifiable Encryption of Discrete Logarithms
62
5 Bibliographic Notes
63
References
64
Scalable Group Key Management for Secure Multicast: A Taxonomy and New Directions
67
1 Introduction
67
2 A Taxonomy of Group Rekeying Protocols
69
2.1 Stateful Protocols
69
2.2 Stateless Protocols
72
2.3 Reliable Key Distribution
75
2.4 Self-Healing Key Distribution
77
2.4.1 Polynomial-Based Self-Healing
77
2.4.2 Self-Healing SDR
79
2.5 Rekeying Optimization
80
2.6 Group Rekeying in Ad-hoc and Sensor Networks
80
2.6.1 Group Rekeying for Ad-hoc Networks
81
2.6.2 Group Rekeying for Sensor Networks
82
3 New Research Directions
83
References
84
Web Forms and Untraceable DDoS Attacks
87
1 Introduction
87
2 Related Work
90
3 The Attack
92
3.1 Description of Vulnerability
92
3.2 Finding the Victim
92
3.3 Phase I: Harvesting Suitable Forms
93
3.4 Phase II: Automatically Filling Forms
94
3.5 Poorly Behaved Sites
94
3.6 Well Behaved Sites
95
3.7 On the Difficulty of Tracing an Attacker
95
4 Experimental Data
96
4.1 Experimental Setup
96
4.2 Results
97
5 Defense Mechanisms
101
5.1 Prevention of Attacks
101
5.2 Detection and Management of Attacks
102
5.3 Synergy Between Defense of Launch Pads and Victims
103
6 Conclusion
104
References
105
Mechanical Verification of Cryptographic Protocols
107
1 Introduction
107
2 Security Protocols
108
3 Flaws in Security Protocols
109
3.1 The Needham–Schroeder Public Key Protocol
109
3.2 Lowe's Attack
110
4 Existing Protocol Verification Methods
111
4.1 State Based Methods
112
4.2 Rule Based Methods
113
5 A Knowledge Based Verification Framework
116
5.1 Basic Notations and Data Structures
116
5.2 Action Functions and Predicates
117
5.3 Assumptions
117
5.4 Rules
118
6 Verifying Needham–Schroeder–Lowe Protocol Mechanically
120
6.1 Modelling the Protocol
120
6.2 Some Important Lemmas
121
6.3 Secrecy of Nonces
122
6.4 Proving Guarantee for B
123
6.5 Proving Guarantee for A
124
6.6 Summary
124
References
124
Routing Security in Ad Hoc Wireless Networks
127
1 Introduction to Ad Hoc Wireless Networks
128
2 Overview of Routing Protocols in Ad Hoc Wireless Networks
129
2.1 Proactive Routing Protocols
130
2.2 Reactive Routing Protocols
131
2.3 Hybrid Routing Protocols
132
2.4 Broadcasting in Ad Hoc Wireless Networks
133
3 Security Services and Challenges in Ad Hoc Wireless Networks
134
4 Security Attacks on Routing Protocols in Ad Hoc Wireless Networks
135
4.1 Attacks Using Impersonation
136
4.2 Attacks Using Modification
136
4.3 Attacks Using Fabrication
137
4.4 Replay Attacks
138
4.5 Denial of Service
138
5 Security Mechanisms and Solutions for Routing Protocols in Ad Hoc WirelessNetworks
139
5.1 Secure Efficient Ad hoc Distance Vector
140
5.2 ARIADNE
140
5.3 Security Aware Routing
141
5.4 Secure Routing Protocol
142
5.5 Secure Routing Protocol for Ad Hoc Networks
143
5.6 Security Protocols for Sensor Network
144
5.7 Cooperation Of Nodes Fairness In Dynamic Ad-hoc NeTworks
144
5.8 Defense Mechanisms Against Rushing Attacks
145
5.9 Defense Mechanisms Against Wormhole Attacks
146
5.10 Defense Mechanisms Against Sybil Attacks
147
5.11 Security Mechanisms for Broadcast Operation
148
6 Conclusions
149
References
151
Insider Threat Assessment: Model, Analysis and Tool
153
1 Introduction
153
1.1 Summary of Contributions
155
1.2 Chapter Organization
156
2 Insider Threat: A Review
156
3 Modeling Insider Threat
157
3.1 Model Overview
157
3.2 The Min-Hack Problem
159
4 Modeling Methodology and Applications
161
4.1 Practical Considerations
161
4.2 Illustrations
163
5 Threat Analysis
166
5.1 On the Complexity of Analyzing Key Challenge Graphs
166
5.1.1 Approximation Algorithms and Approximation Ratios
167
5.1.2 Minimum Label Coverp
167
5.1.3 Minimum Monotone Satisfying Assignment
168
5.1.4 Reducing MMSA to Min-Hack
169
5.1.5 Reducing Label-Cover to Min-Hack
171
5.1.6 Reducing PCP to Min-Hack
174
5.2 Threat Analysis Algorithms
177
5.3 Algorithm Benchmarking
178
6 Related Work
180
6.1 Formal Models
180
6.2 Security Audit Tools
181
6.3 Metrics
182
7 Conclusion And Future Work
182
References
183
Toward Automated Intrusion Alert Analysis
185
1 Introduction
185
2 Correlating Intrusion Alerts Based on Prerequisites and Consequences of Attacks
187
2.1 Prerequisite and Consequence of Attacks
188
2.2 Hyper-Alert Type and Hyper-Alert
188
3 Analyzing Intensive Alerts
194
3.1 Alert Aggregation and Disaggregation
195
3.1.1 Alert Aggregation
195
3.1.2 Alert Disaggregation
197
3.2 Focused Analysis
198
3.3 Clustering Analysis
199
3.4 Frequency Analysis
200
3.5 Link Analysis
200
3.6 Association Analysis
202
3.7 Discussion
203
4 Learning Attack Strategies from Correlated Alerts
203
4.1 Attack Strategy Graph
204
4.2 Learning Attack Strategies
206
4.3 Dealing with Variations of Attacks
207
4.3.1 Automatic Generalization of Hyper-Alert Types
210
5 Related Work
210
6 Conclusion
213
References
213
Conventional Cryptographic Primitives
217
1 Introduction
218
2 Attacks
218
2.1 Cryptanalytic Attacks
218
2.1.1 Classification According to Means
219
2.1.2 Classification According to Result
219
2.2 Side-Channel Attacks
219
2.2.1 Power Attacks
220
2.2.2 Timing Attacks
220
2.2.3 Error Message Attacks
220
2.2.4 Conclusions
220
2.3 Implications
221
3 Stream Ciphers
221
3.1 The One-Time Pad
221
3.2 Description
222
3.3 Requirements
222
3.4 Usage
223
3.5 Example Stream Ciphers
223
3.5.1 Linear Feedback Shift Registers
223
3.5.2 RC4
223
3.5.3 SEAL
224
3.5.4 Stream Ciphers with Integrity Mechanisms
224
4 Block Ciphers
224
4.1 The Substitution Cipher
224
4.2 Description
225
4.3 Requirements
226
4.4 Usage: Modes of Operation
227
4.4.1 Electronic Code Book (ECB)
227
4.4.2 Cipher Block Chaining (CBC)
227
4.4.3 Counter Mode (CTR)
228
4.5 Example Block Ciphers
228
4.5.1 DES
228
4.5.2 3-DES
229
4.5.3 AES
229
5 Hash Functions
230
5.1 Requirements
230
5.2 Breaking a Hash Function
230
5.3 Usage
231
5.3.1 Digital Signature Schemes
231
5.3.2 Storage of Sensitive Information
231
5.4 Example Hash Functions
232
5.4.1 The MD4-Family
232
5.4.2 Block Cipher Based Designs
232
6 Message Authentication Codes
233
6.1 Description
233
6.2 Requirements
233
6.3 Examples
234
6.3.1 CBC–MAC
234
6.3.2 HMAC
234
6.3.3 Universal Hash Functions
235
7 Outlook
235
References
236
Efficient Trapdoor-Based Client Puzzle Against DoS Attacks
239
1 Introduction
239
2 Related Work
242
2.1 Contribution
243
2.2 Organization of the Chapter
243
3 Preliminary
243
3.1 Trapdoor One-Way Function
243
3.2 Security Assumption
244
4 Definition
244
5 The DLP-Based Client Puzzle Scheme
246
5.1 Algorithm
246
5.2 System Description
247
5.3 Security Consideration
249
5.4 Remark
252
6 System Configuration
254
7 Discussion
255
8 Conclusion
257
References
258
Attacks and Countermeasures in Sensor Networks: A Survey
261
1 Introduction
261
2 Physical Layer
262
2.1 Attacks in the Physical Layer
262
2.1.1 Device Tampering
263
2.1.2 Eavesdropping
263
2.1.3 Jamming
263
2.2 Countermeasures in the Physical Layer
264
2.2.1 Access Restriction
264
2.2.2 Encryption
264
3 MAC Layer
266
3.1 Attacks in the MAC Layer
266
3.1.1 Traffic Manipulation
266
3.1.2 Identity Spoofing
267
3.2 Countermeasures in the MAC Layer
267
3.2.1 Misbehavior Detection
267
3.2.2 Identity Protection
269
4 Network Layer
270
4.1 Attacks in the Network Layer
270
4.1.1 False Routing
270
4.1.2 Packet Replication
272
4.1.3 Black Hole
273
4.1.4 Sinkhole
273
4.1.5 Selective Forwarding
273
4.1.6 Wormhole
274
4.2 Countermeasures in Network Layer
274
4.2.1 Routing Access Restriction
274
4.2.2 False Routing Information Detection
275
4.2.3 Wormhole Detection
275
5 Application Layer
276
5.1 Attacks in the Application Layer
276
5.1.1 Clock Skewing
276
5.1.2 Selective Message Forwarding
277
5.1.3 Data Aggregation Distortion
277
5.2 Countermeasures in the Application Layer
278
5.2.1 Data Integrity Protection
278
5.2.2 Data Confidentiality Protection
278
6 Discussion
278
7 Conclusion
279
References
279
Index
283
Alle Preise verstehen sich inklusive der gesetzlichen MwSt.