Abstract: This paper proposes an easy-to-use instruction hiding
method to protect software from malicious reverse engineering
attacks. Given a source program (original) to be protected, the
proposed method (1) takes its modified version (fake) as an input,
(2) differences in assembly code instructions between original and
fake are analyzed, and, (3) self-modification routines are introduced
so that fake instructions become correct (i.e., original instructions)
before they are executed and that they go back to fake ones after
they are executed. The proposed method can add a certain amount
of security to a program since the fake instructions in the resultant
program confuse attackers and it requires significant effort to discover
and remove all the fake instructions and self-modification routines.
Also, this method is easy to use (with little effort) because all a user
(who uses the proposed method) has to do is to prepare a fake source
code by modifying the original source code.
Abstract: This paper presents a novel method that allows an
agent host to delegate its signing power to an anonymous mobile
agent in such away that the mobile agent does not reveal any information about its host-s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service
provision. The solution introduces a verification server to verify the
signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The solution incorporates
three methods: Agent Signature Key Generation method, Agent
Signature Generation method, Agent Signature Verification method.
The most notable feature of the solution is that, in addition to allowing secure and anonymous signature delegation, it enables
tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed solution are analyzed, and the solution is compared with the most related work.
Abstract: ebXML (Electronic Business using eXtensible
Markup Language) is an e-business standard, sponsored by
UN/CEFACT and OASIS, which enables enterprises to exchange
business messages, conduct trading relationships, communicate
data in common terms and define and register business
processes. While there is tremendous e-business value in the
ebXML, security remains an unsolved problem and one of the
largest barriers to adoption. XML security technologies emerging
recently have extensibility and flexibility suitable for security
implementation such as encryption, digital signature, access
control and authentication.
In this paper, we propose ebXML business transaction models
that allow trading partners to securely exchange XML based
business transactions by employing XML security technologies.
We show how each XML security technology meets the ebXML
standard by constructing the test software and validating messages
between the trading partners.
Abstract: The paper deals with results of a project “Interoperability Workplaces to Support Teaching of Security Management in a Computer Network". This project is focused on the perspectives and possibilities of "new approaches" to education, training and crisis communication of rescue teams in the Czech Republic. It means that common technologies considering new perspectives are used to educate selected members of crisis management. The main part concentrates on possibilities of application of new technology and computer-aided tools to education and training of Integrated Rescue System teams.This project uses the COST principle for the creation of specialized centers and for all communication between these workplaces.
Abstract: Although, it is a long time that human know about
the importance of environment in life, but at the last decade of 20
century, the space that was full of hot scientific, collegial and
political were made in environmental challenge, So much that, this
problem not only disarrange the peace and security of life, but also it
has threatened human existence. One of the problems in last years
that are significant for authorities is unsatisfactory achieved results
against of using huge cost for magnificent environmental projects.
This subject leads thinker to this thought that for solving the
environmental problems it is needed new methods include of
sociology, ethics and philosophic, etc. methods apart of technical
affairs. Environment ethics is a new branch of philosophic ethics
discussion that discusses about the ethics relationship between
humans and universe that is around them. By notifying to the above
considered affairs, in today world, necessity of environmental ethics
for environment management is reduplicated. In the following the
article has been focused on environmental ethics role and
environmental management methods and techniques for developing
it.
Abstract: After the terrorist attack on September 11, 2001 in
U.S., the container security issue got high attention, especially by U.S.
government, which deployed a lot of measures to promote or improve
security systems. U.S. government not only enhances its national
security system, but allies with other countries against the potential
terrorist attacks in the future. For example CSI (Container Security
Initiative), it encourages foreign ports outside U.S. to become CSI
ports as a part of U.S. anti-terrorism network. Although promotion of
the security could partly reach the goal of anti-terrorism, that will
influence the efficiency of container supply chain, which is the main
concern when implementing the inspection measurements. This paper
proposes a quick estimation methodology for an inspection service
rate by a berth allocation heuristic such that the inspection activities
will not affect the original container supply chain. Theoretical and
simulation results show this approach is effective.
Abstract: Voice over Internet Protocol (VoIP) is a form of voice
communication that uses audio data to transmit voice signals to the
end user. VoIP is one of the most important technologies in the
World of communication. Around, 20 years of research on VoIP,
some problems of VoIP are still remaining. During the past decade
and with growing of wireless technologies, we have seen that many
papers turn their concentration from Wired-LAN to Wireless-LAN.
VoIP over Wireless LAN (WLAN) faces many challenges due to the
loose nature of wireless network. Issues like providing Quality of
Service (QoS) at a good level, dedicating capacity for calls and
having secure calls is more difficult rather than wired LAN.
Therefore VoIP over WLAN (VoWLAN) remains a challenging
research topic. In this paper we consolidate and address major
VoWLAN issues. This research is helpful for those researchers wants
to do research in Voice over IP technology over WLAN network.
Abstract: As a by-product of its "cyberspace" status, electronic
commerce is global, encompassing a whole range of B2C
relationships which need to be approached with solutions provided at
a local level while remaining viable when applied to global issues.
Today, the European Union seems to be endowed with a reliable
legal framework for consumer protection. A question which remains,
however, is enforcement of this protection. This is probably a matter
of time and awareness from both parties in the B2C relationship.
Business should realize that enhancing trust in the minds of
consumers is more than a question of technology; it is a question of
best practice. Best practice starts with the online service of high
street banks as well as with the existence of a secure, user-friendly
and cost-effective payment system. It also includes the respect of
privacy and the use of smart cards as well as enhancing privacy
technologies and fair information practice. In sum, only by offering
this guarantee of privacy and security will the consumer be assured
that, in cyberspace, his/her interests will be protected in the same
manner as in a traditional commercial environment.
Abstract: On existing online shopping on the web, SSL and
password are usually used to achieve the secure trades. SSL shields
communication from the third party who is not related with the trade,
and indicates that the trader's web site is authenticated by one of the
certification authority. Password certifies a customer as the same
person who has visited the trader's web site before, and protects the
customer's privacy such as what the customer has bought on the site.
However, there is no forensics for the trades in those cased above.
With existing methods, no one can prove what is ordered by
customers, how many products are ordered and even whether
customers have ordered or not. The reason is that the third party has to
guess what were traded with logs that are held by traders and by
customers. The logs can easily be created, deleted and forged since
they are electronically stored. To enhance security with digital
forensics for electronic commerce on the web, I indicate a secure
method with cellular phones.
Abstract: The VoIP networks as alternative method to traditional PSTN system has been implemented in a wide variety of structures
with multiple protocols, codecs, software and hardware–based
distributions. The use of cryptographic techniques let the users to have a secure communication, but the calculate throughput as well as the QoS parameters are affected according to the used algorithm. This
paper analyzes the VoIP throughput and the QoS parameters with
different commercial encryption methods. The measurement–based
approach uses lab scenarios to simulate LAN and WAN
environments. Security mechanisms such as TLS, SIAX2, SRTP,
IPSEC and ZRTP are analyzed with μ-LAW and GSM codecs.
Abstract: Lighting is not only important for the safety of traffic,
but also it is very important for the protection of pedestrians.
Improvement on visibility in a long distance, lighting, signing,
reduces considerably the risk of accidents in crosswalks. This paper
evaluates different aspects of crosswalks including signing and
lighting to improve road safety.
Abstract: Culture and family structure provide a sense security.
Further, the chrono, macro and micro contexts of development
influence developmental transitions and timetable particularly owing
to variations in the macrosystem associated with non normative life
events like migration. Migration threatens family links, security and
attachment bonds. Rising migratory trends have prompted an
increased interest in migration consequences on familial bonds,
developmental autonomy, socialization process, and sense of
security. This paper takes a narrative approach and applies the
attachment paradigm from a lifespan perspective, to examine the
settlement experiences of an India-born migrant student in Sydney,
Australia. It focuses on her quest to preserve family ties; her remote
secure base; her continual struggle to balance dependency and
autonomy, a major developmental milestone. As positional parental
power is culturally more potent in the Indian society, the paper
therefore raises some important concerns related to cultural
expectations, adaptation, acculturative stress and sense of security.
Abstract: Both image steganography and image encryption have
advantages and disadvantages. Steganograhy allows us to hide a
desired image containing confidential information in a covered or
host image while image encryption is decomposing the desired image
to a non-readable, non-comprehended manner. The encryption
methods are usually much more robust than the steganographic ones.
However, they have a high visibility and would provoke the attackers
easily since it usually is obvious from an encrypted image that
something is hidden! The combination of steganography and
encryption will cover both of their weaknesses and therefore, it
increases the security. In this paper an image encryption method
based on sinc-convolution along with using an encryption key of 128
bit length is introduced. Then, the encrypted image is covered by a
host image using a modified version of JSteg steganography
algorithm. This method could be applied to almost all image formats
including TIF, BMP, GIF and JPEG. The experiment results show
that our method is able to hide a desired image with high security and
low visibility.
Abstract: This paper describes a paradigmatic approach to develop architecture of secure systems by describing the requirements from four different points of view: that of the owner, the administrator, the user, and the network. Deriving requirements and developing architecture implies the joint elicitation and describing the problem and the structure of the solution. The view points proposed in this paper are those we consider as requirements towards their contributions as major parties in the design, implementation, usage and maintenance of secure systems. The dramatic growth of the technology of Internet and the applications deployed in World Wide Web have lead to the situation where the security has become a very important concern in the development of secure systems. Many security approaches are currently being used in organizations. In spite of the widespread use of many different security solutions, the security remains a problem. It is argued that the approach that is described in this paper for the development of secure architecture is practical by all means. The models representing these multiple points of view are termed the requirements model (views of owner and administrator) and the operations model (views of user and network). In this paper, this multiple view paradigm is explained by first describing the specific requirements and or characteristics of secure systems (particularly in the domain of networks) and the secure architecture / system development methodology.
Abstract: Recently, Denial of Service(DoS) attacks and Distributed DoS(DDoS) attacks which are stronger form of DoS attacks from plural hosts have become security threats on the Internet. It is important to identify the attack source and to block attack traffic as one of the measures against these attacks. In general, it is difficult to identify them because information about the attack source is falsified. Therefore a method of identifying the attack source by tracing the route of the attack traffic is necessary. A traceback method which uses traffic patterns, using changes in the number of packets over time as criteria for the attack traceback has been proposed. The traceback method using the traffic patterns can trace the attack by matching the shapes of input traffic patterns and the shape of output traffic pattern observed at a network branch point such as a router. The traffic pattern is a shapes of traffic and unfalsifiable information. The proposed trace methods proposed till date cannot obtain enough tracing accuracy, because they directly use traffic patterns which are influenced by non-attack traffics. In this paper, a new traffic pattern matching method using Independent Component Analysis(ICA) is proposed.
Abstract: Active network was developed to solve the problem of
the current sharing-based network–difficulty in applying new
technology, service or standard, and duplicated operation at several
protocol layers. Active network can transport the packet loaded with
the executable codes, which enables to change the state of the network
node. However, if the network node is placed in the sharing-based
network, security and safety issues should be resolved. To satisfy this
requirement, various security aspects are required such as
authentication, authorization, confidentiality and integrity. Among
these security components, the core factor is the encryption key. As a
result, this study is designed to propose the scheme that manages the
encryption key, which is used to provide security of the
comprehensive active directory, based on the domain.
Abstract: The home in these days has not one computer connected to the Internet but rather a network of many devices within the home, and that network might be connected to the Internet. In such an environment, the potential for attacks is greatly increased. The general security technology can not apply because of the use of various wired and wireless network, middleware and protocol in digital home environment and a restricted system resource of home information appliances. To offer secure home services home network environments have need of access control for various home devices and information when users want to access. Therefore home network access control for user authorization is a very important issue. In this paper we propose access control model using RBAC in home network environments to provide home users with secure home services.
Abstract: The number of the companies accepting RFID in Korea
has been increased continuously due to the domestic development of
information technology. The acceptance of RFID by companies in
Korea enabled them to do business with many global enterprises in a
much more efficient and effective way. According to a survey[33,
p76], many companies in Korea have used RFID for inventory or
distribution manages. But, the use of RFID in the companies in Korea
is in the early stages and its potential value hasn-t fully been realized
yet. At this time, it would be very important to investigate the factors
that affect RFID acceptance. For this study, many previous studies
were referenced and some RFID experts were interviewed. Through
the pilot test, four factors were selected - Security Trust, Employee
Knowledge, Partner Influence, Service Provider Trust - affecting
RFID acceptance and an extended technology acceptance
model(e-TAM) was presented with those factors. The proposed model
was empirically tested using data collected from employees in
companies or public enterprises. In order to analyze some
relationships between exogenous variables and four variables in TAM,
structural equation modeling(SEM) was developed and SPSS12.0 and
AMOS 7.0 were used for analyses. The results are summarized as
follows: 1) security trust perceived by employees positively
influences on perceived usefulness and perceived ease of use; 2)
employee-s knowledge on RFID positively influences on only
perceived ease of use; 3) a partner-s influence for RFID acceptance
positively influences on only perceived usefulness; 4) service provider
trust very positively influences on perceived usefulness and perceived
ease of use 5) the relationships between TAM variables are the same as
the previous studies.
Abstract: Linear cryptanalysis methods are rarely used to improve the security of chaotic stream ciphers. In this paper, we apply linear cryptanalysis to a chaotic stream cipher which was designed by strictly using the basic design criterion of cryptosystem – confusion and diffusion. We show that this well-designed chaos-based stream cipher is still insecure against distinguishing attack. This distinguishing attack promotes the further improvement of the cipher.
Abstract: Discrimination between different classes of environmental
sounds is the goal of our work. The use of a sound recognition
system can offer concrete potentialities for surveillance and
security applications. The first paper contribution to this research
field is represented by a thorough investigation of the applicability
of state-of-the-art audio features in the domain of environmental
sound recognition. Additionally, a set of novel features obtained by
combining the basic parameters is introduced. The quality of the
features investigated is evaluated by a HMM-based classifier to which
a great interest was done. In fact, we propose to use a Multi-Style
training system based on HMMs: one recognizer is trained on a
database including different levels of background noises and is used
as a universal recognizer for every environment. In order to enhance
the system robustness by reducing the environmental variability, we
explore different adaptation algorithms including Maximum Likelihood
Linear Regression (MLLR), Maximum A Posteriori (MAP)
and the MAP/MLLR algorithm that combines MAP and MLLR.
Experimental evaluation shows that a rather good recognition rate
can be reached, even under important noise degradation conditions
when the system is fed by the convenient set of features.