This paper discusses verification of the security against inference attacks on XML databases. First, a security definition called k-secrecy against inference attacks on XML databases is proposed. k-secrecy with an integer k > 1 (or k = ∞) means that attackers cannot narrow down the candidates for the value of the sensitive information to k - 1 (or finite), using the results of given authorized queries and schema information. Secondly, an XML query model such that verification can be performed straightforwardly according to the security definition is presented. The query model can represent practical queries which extract some nodes according to any of their neighboring nodes such as ancestors, descendants, and siblings. Thirdly, another refinement of the verification method is presented, which produces much smaller intermediate results if a schema contains no arbitrarily recursive element. The correctness of the refinement is proved, and the effect of the refinement in time and space efficiency has been confirmed by experiment.

Due to the fast development of Internet and the related IT technologies, it becomes more and more easier to access a large amount of data. k-means clustering is a powerful and frequently used technique in data mining. Many research papers about privacy-preserving k-means clustering were published. In this paper, we analyze the existing privacy-preserving k-means clustering schemes based on the cryptographic techniques. We show those schemes will cause the privacy breach and cannot output the correct results due to the faults in the protocol construction. Furthermore, we analyze our proposal as an option to improve such problems but with intermediate information breach during the computation.

Although software-attack detection via dynamic taint analysis (DTA) supports high coverage of program execution, it prohibitively degrades the performance of the monitored program. This letter explores the possibility of collaborative dynamic taint analysis among members of an application community (AC): instead of full monitoring for every request at every instance of the AC, each member uses DTA for some fraction of the incoming requests, thereby loosening the burden of heavyweight monitoring. Our experimental results using a test AC based on the Apache web server show that speedy detection of worm outbreaks is feasible with application communities of medium size (i.e., 250-500).

Because of an increasing number of security cameras, it is crucial to establish a system that protects the privacy of objects in the recorded images. To this end, we propose a framework of image processing and data hiding for security monitoring and privacy protection. First, we state the requirements of the proposed monitoring systems and suggest possible implementation that satisfies those requirements. The underlying concept of our proposed framework is as follows: (1) in the recorded images, the objects whose privacy should be protected are deteriorated by appropriate image processing; (2) the original objects are encrypted and watermarked into the output image, which is encoded using an image compression standard; (3) real-time processing is performed such that no future frame is required to generate on output bitstream. It should be noted that in this framework, anyone can observe the decoded image that includes the deteriorated objects that are unrecognizable or invisible. On the other hand, for crime investigation, this system allows a limited number of users to observe the original objects by using a special viewer that decrypts and decodes the watermarked objects with a decoding password. Moreover, the special viewer allows us to select the objects to be decoded and displayed. We provide an implementation example, experimental results, and performance evaluations to support our proposed framework.

In this letter, we propose a privacy-preserving authentication protocol with RSA cryptosystem in an RFID environment. For both overcoming the resource restriction and strengthening security, our protocol uses only modular exponentiation with exponent three at RFID tag side, with the padded random message whose length is greater than one-sixth of the whole message length.

We consider the problem of secret key agreement in Gaussian Maurer's Model. In Gaussian Maurer's model, legitimate receivers, Alice and Bob, and a wire-tapper, Eve, receive signals randomly generated by a satellite through three independent memoryless Gaussian channels respectively. Then Alice and Bob generate a common secret key from their received signals. In this model, we propose a protocol for generating a common secret key by using the result of soft-decision of Alice and Bob's received signals. Then, we calculate a lower bound on the secret key rate in our proposed protocol. As a result of comparison with the protocol that only uses hard-decision, we found that the higher rate is obtained by using our protocol.

A mobile node in ad hoc networks may move arbitrarily and act as a router and a host simultaneously. Such a characteristic makes nodes in MANET vulnerable to potential attacks. The black hole problem, in which some malicious nodes pretend to be intermediate nodes of a route to some given destinations and drop packets that pass through it, is one of the major types of attack. In this paper, we propose a distributed and cooperative mechanism to tackle the black hole problem. The mechanism is distributed so that it suits the ad hoc nature of network, and nodes in the protocol cooperate so that they can analyze, detect, and eliminate possible multiple black-hole nodes in a more reliable fashion. Simulation results show that our method achieves a high black hole detection rate and good packet delivery rate, while the overhead is comparatively lower as the network traffic increases.

For many sensor network applications such as military, homeland security, it is necessary for users (sinks) to access sensor networks while they are moving. However, sink mobility brings new challenges to secure routing in large-scale sensor networks. Mobile sinks have to constantly propagate their current location to all nodes, and these nodes need to exchange messages with each other so that the sensor network can establish and maintain a secure multi-hop path between a source node and a mobile sink. This causes significant computation and communication overhead for sensor nodes. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. In this paper, we propose a secure and energy-efficient data dissemination protocol -- Secure COodination-based Data dissEmination (SCODE) -- for mobile sinks in sensor networks. We take advantages of coordination networks (grid structure) based on Geographical Adaptive Fidelity (GAF) protocol to construct a secure and efficient routing path between sources and sinks. Our security analysis demonstrates that the proposed protocol can defend against common attacks in sensor network routing such as replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Our performance evaluation both in mathematical analysis and simulation shows that the SCODE significantly reduces communication overhead and energy consumption while the latency is similar compared with the existing routing protocols, and it always delivers more than 90 percentage of packets successfully.

An expectation for more intelligent Web is recently being reflected through the new research field called Semantic Web. In this paper, related with Semantic Web security, we introduce an RDF triple based access control model having explicit authorization propagation by inheritance and implicit authorization propagation by inference. Especially, we explain an authorization conflict problem between the explicit and the implicit authorization propagation, which is an important concept in access control for Semantic Web. We also propose a novel conflict detection algorithm using graph labeling techniques in order to efficiently find authorization conflicts. Some experimental results show that the proposed detection algorithm has much better performance than the existing detection algorithm when data size and number of specified authorizations become larger.

In a seminal paper of identity based encryption (IBE), Boneh and Franklin [6] mentioned an interesting transform from an IBE scheme to a signature scheme, which was observed by Moni Naor. In this paper, we give formal security treatments for this transform and discover several implications and separations among security notions of IBE and transformed signature. For example, we show for such a successful transform, one-wayness of IBE is an essential condition. Additionally, we give a sufficient and necessary condition for converting a semantically secure IBE scheme into an existentially unforgeable signature scheme. Our results help establish strategies on design and automatic security proof of signature schemes from (possibly weak) IBE schemes. We also show some separation results which strongly support that one-wayness, rather than semantic security, of IBE captures an essential condition to achieve secure signature.

It is known that perfectly secure (1-round, n-channel) message transmission (MT) schemes exist if and only if n ≥ 3t+1, where t is the number of channels that the adversary can corrupt. Then does there exist an almost secure MT scheme for n=2t+1 ? In this paper, we first sum up a number flaws of the previous almost secure MT scheme presented at Crypto 2004. We next show an equivalence between almost secure MT schemes and secret sharing schemes with cheaters. By using our equivalence, we derive a lower bound on the communication complexity of almost secure MT schemes. Finally, we present a near optimum scheme which meets our bound approximately. This is the first construction of provably secure almost secure (1-round, n-channel) MT schemes for n=2t+1.

The code length of Tardos's collusion-secure fingerprint code is of theoretically minimal order with respect to the number of adversarial users (pirates). However, the constant factor should be further reduced for practical implementation. In this article, we improve the tracing algorithm of Tardos's code and propose a 2-secure and short random fingerprint code, which is secure against collusion attacks by two pirates. Our code length is significantly shorter than that of Tardos's code and its tracing error probability is practically small.

Much recent research concentrates on designing an Intrusion Detection System (IDS) to detect the misbehaviors of the malicious node in MANET with ad-hoc and mobility natures. However, without rapid and appropriate IDS response mechanisms performing follow-up management services, even the best IDS cannot achieve the desired primary goal of the incident response. A competent containment strategy is needed to limit the extent of an attack in the Incident Response Life Cycle. Inspired by the T-cell mechanisms in the human immune system, we propose an efficient MANET IDS response protocol (T-SecAODV) that can rapidly and accurately disseminate alerts of the malicious node attacks to other nodes so as to modify their AODV routing tables to isolate the malicious nodes. Simulations are conducted by the network simulator (Qualnet), and the experiment results indicate that T-SecAODV is able to spread alerts steadily while greatly reduce faulty rumors under simultaneous multiple malicious node attacks.

This paper presents a fully self-organized key management scheme for mobile ad hoc networks. Unlike most previous schemes, there is no priori shared secret or no priori trust relationship in the proposed scheme; every node plays the same role and carries out the same function of key management. The proposed scheme consists of (1) Handshaking (HS) and (2) Certificate request/reply (CRR) procedures. In HS, a node acquires the public key of the approaching node via a secure side channel. In CRR, a node requests certificates of a remote node via a radio channel to the nodes that it has HSed. If the number of received valid certificates that contain the same public key exceeds a given threshold, the node accepts the remote node's public key as valid. Security is rigorously analyzed against various known attacks and network costs are intensively analyzed mathematically. Using this analysis, we provide parameter selection guideline to optimize performance and to maintain security for diverse cases. Simulation results show that every node acquires the public keys of all other nodes at least 5 times faster than in a previous scheme.

At Indocrypt 2005, Viet et al.[21], have proposed an anonymous password-authenticated key exchange (PAKE) protocol and its threshold construction both of which are designed for client's password-based authentication and anonymity against a passive server, who does not deviate the protocol. In this paper, we first point out that their threshold construction is completely insecure against off-line dictionary attacks. For the threshold t > 1, we propose a secure threshold anonymous PAKE (for short, TAP) protocol with the number of clients n upper-bounded, such that n 2 -1, where N is a dictionary size of passwords. We rigorously prove that the TAP protocol has semantic security of session keys in the random oracle model by showing the reduction to the computational Diffie-Hellman problem. In addition, the TAP protocol provides unconditional anonymity against a passive server. For the threshold t=1, we propose an efficient anonymous PAKE protocol that significantly improves efficiency in terms of computation costs and communication bandwidth compared to the original (not threshold) anonymous PAKE protocol [21].

The development of network technology reveals the clear trend that mobile devices will soon be equipped with more and more network-based functions and services. This increase also results in more intrusions and attacks on mobile devices; therefore, mobile security mechanisms are becoming indispensable. In this paper, we propose a novel signature matching scheme for mobile security. This scheme not only emphasizes a small resource requirement and an optimal scan speed, which are both important for resource-limited mobile devices, but also focuses on practical features such as stable performance, fast signature set updates and hardware implementation. This scheme is based on the finite state machine (FSM) approach widely used for string matching. An SRAM-based two-level finite state machine (TFSM) solution is introduced to utilize the unbalanced transition distribution in the original FSM to decrease the memory requirement, and to shorten the critical path of the single-FSM solution. By adjusting the boundary of the two FSMs, optimum memory usage and throughput are obtainable. The hardware circuit of our scheme is designed and evaluated by both FPGA and ASIC technology. The result of FPGA evaluation shows that 2,168 unique patterns with a total of 32,776 characters are stored in 177.75 KB SelectRAM blocks of Xilinx XC4VLX40 FPGA and a 3.0 Gbps throughput is achieved. The result of ASIC evaluation with 180 nm-CMOS library shows a throughput of over 4.5 Gbps with 132 KB of SRAM. Because of the small amount of memory and logic cell requirements, as well as the scalability of our scheme, higher performance is achieved by instantiating several signature matching engines when more resources are provided.

The design and analysis of block ciphers is an established field of study which has seen significant progress since the early 1990s. Nevertheless, what remains on an interesting direction to explore in this area is to design block ciphers with provable security against powerful known attacks such as differential and linear cryptanalysis. In this paper we introduce seven new block cipher structures, named Feistel-variant A, B, CLEFIA and MISTY-FO-variant A, B, C, D structures, and show that these structures are provably resistant against differential cryptanalysis. The main results of this paper are that the average differential probabilities over at least 2 rounds of Feistel-variant A structure and 1 round of Feistel-variant B structure are both upperbounded by p2, while the average differential probabilities over at least 5 rounds of CLEFIA, MISTY-FO-variant A, B, C and D structures are upperbounded by p4+2p5, p4, p4, 2p4 and 2p4, respectively, if the maximum differential probability of a round F function is p. We also give provable security for the Feistel-variant A, B and CLEFIA structures against linear cryptanalysis. Our results are attained under the assumption that all of components in our proposed structures are bijective. We expect that our results are useful to design block ciphers with provable security against differential and linear cryptanalysis.

The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

The frequency domain binaural model (FDBM) has been previously proposed to localize multiple sound sources. Since the method requires only two input signals and uses interaural phase and level differences caused by the diffraction generated by the head, flexibility in application is very high when the head is considered as an object. When an object is symmetric with respect to the two microphones, the performance of sound source localization is degraded, as a human being has front-back confusion due to the symmetry in a median plane. This paper proposes to reduce the degradation of performance on sound source localization by a combination of the microphone pair outputs using the FDBM. The proposed method is evaluated by applying to a security camera system, and the results showed performance improvement in sound source localization because of reducing the number of cones of confusion.

The steady approach of advanced nations toward realization of ubiquitous computing societies has given birth to rapidly growing demands for new-generation distributed computing (DC) applications. Consequently, economic and reliable construction of new-generation DC applications is currently a major issue faced by the software technology research community. What is needed is a new-generation DC software engineering technology which is at least multiple times more effective in constructing new-generation DC applications than the currently practiced technologies are. In particular, this author believes that a new-generation building-block (BB), which is much more advanced than the current-generation DC object that is a small extension of the object model embedded in languages C++, Java, and C#, is needed. Such a BB should enable systematic and economic construction of DC applications that are capable of taking critical actions with 100-microsecond-level or even 10-microsecond-level timing accuracy, fault tolerance, and security enforcement while being easily expandable and taking advantage of all sorts of network connectivity. Some directions considered worth pursuing for finding such BBs are discussed.