Real-time applications are indispensable for conducting research and business in government, industry, and academic organizations. Recently, real-time applications with security requirements increasingly emerged in large-scale distributed systems such as Grids. However, the complexities and specialties of diverse security mechanisms dissuade users from employing existing security services for their applications. To effectively tackle this problem, in this paper we propose a security middleware (SMW) model from which security-sensitive real-time applications are enabled to exploit a variety of security services to enhance the trustworthy executions of the applications. A quality of security control manager (QSCM), a centerpiece of the SMW model, has been designed and implemented to achieve a flexible trade-off between overheads caused by security services and system performance, especially under situations where available resources are dynamically changing and insufficient. A security-aware scheduling mechanism, which plays an important role in QSCM, is capable of maximizing quality of security for real-time applications running in distributed systems as large-scale as Grids. Our empirical studies based on real world traces from a supercomputing center demonstratively show that the proposed model can significantly improve the performance of Grids in terms of both security and schedulability.

Recently, Chien et al. proposed an efficient timestamp-based remote user authentication scheme using smart cards. The main merits include: (1) user-independent server, i.e., there is no password or verification table kept in the server; (2) users can freely choose their passwords; (3) mutual authentication is provided between the user and the server; and (4) lower communication and computation cost. In this paper, we show that Chien et al.'s scheme is insecure against forgery attack because one adversary can easily pretend to be a legal user, pass the server's verification and login to the remote system successfully. An improved scheme is proposed that can overcome the security risk while still preserving all the above advantages.

Security protocols flaws represent a substantial portion of security exposures of data networks. In order to evaluate security protocols against any attack, formal methods are equipped with a number of techniques. Unfortunately, formal methods are applicable for static state only, and don't guarantee detecting all possible flaws. Therefore, formal methods should be complemented with dynamic protection. Anomaly detection systems are very suitable for security protocols environments as dynamic activities protectors. This paper presents an intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against security protocols.

Digital watermarking used for fingerprinting may receive a collusion attack; two or more users collude, compare their data, find a part of embedded watermarks, and make an unauthorized copy by masking their identities. In this paper, assuming that at most c users collude, we give a characterization of the fingerprinting codes that have the best security index in a sense of "(c,p/q)-secureness" proposed by Orihara et al. The characterization is expressed in terms of intersecting families of sets. Using a block design, we also show that a distributor of data can only find asymptotically a set of c users including at least one culprit, no matter how good fingerprinting code is used.

Contribution of this paper is twofold: First we introduce weaknesses of two Mix-nets claimed to be robust in the literature. Since such flaws are due to their weak security definitions, we then present a stronger security definition by regarding a Mix-net as a batch decryption algorithm of a CCA secure public-key encryption scheme. We show two concrete attacks on the schemes proposed in [1] and [2]. The scheme in [1] loses anonymity in the presence of a malicious user even though all servers are honest. The scheme in [2] also loses anonymity through the collaboration of a malicious user and the first server. In the later case the user can identify the plaintext sent from the targeted user by invoking two mix sessions at the risk of the colluding server receiving an accusation. We also point out that in a certain case, anonymity is violated solely by the user without colluding to any server. Heuristic repairs are provided for both schemes.

We propose a new security class, called plaintext simulatability, defined over the public-key encryption schemes. The notion of plaintext simulatability (denoted PS) is similar to the notion of plaintext awareness (denoted PA) defined in [3], but it is "properly" a weaker security class for public-key encryption. It is known that PA implies the class of CCA2-secure encryption (denoted IND-CCA2) but not vice versa. In most cases, PA is "unnecessarily" strong--In such cases, PA is only used to study that the public-key encryption scheme involved meets IND-CCA2, because it looks much easier to treat the membership of PA than to do "directly" the membership of IND-CCA2. We show that PS also implies IND-CCA2, while preserving such a technical advantage as well as PA. We present two novel CCA2-secure public-key encryption schemes, which should have been provided with more complicated security analyses. One is a random-oracle version of Dolev-Dwork-Naor's encryption scheme [8],[9]. Unlike the original scheme, this construction is efficient. The other is a public-key encryption scheme based on a strong pseudo-random permutation family [16] which provides the optimal ciphertext lengths for verifying the validity of ciphertexts, i.e., (ciphertext size) = (message size) + (randomness size). According to [19], such a construction remains open. Both schemes meet PS but not PA.

This paper provides an overview of identity management with emphasis on the federated approaches, covering related standard specifications, and security and privacy considerations. Actual business cases, ranging from B2E to B2C in different industries, such as mobile communications, gaming, and digital TV are introduced. The Liberty Alliance identity frameworks are used as a concrete example to illustrate federated identity management technologies. Moreover, other approaches, such as SAML, shibboleth and WS-Federation, are compared.

This paper proposes a coordinator for workflow management systems (WFMSs). It is a basic module for developing WFMSs. It is also a coordinator to coordinate multiple WFMSs. The coordinator provides functions to facilitate executing workflows and to ensure secure access of workflow information. Facilitating workflow execution is well-known, but ensuring secure access of workflow information is identified as important only recently. Although many models ensure secure workflow information access, they fail to offer the features we need. We thus developed a new model for the control. This paper presents the coordinator its access control model.

SAS-2 is an alternative of a one-time password authentication protocol SAS, and is developed in order to reduce overhead due to the use of hash functions. The idea of both algorithms is sharing a similar secret number called the verifier that allows a client to be authenticated and that is changed for each new session. However, some of the combinations proposed in [1] to transmit the verifier may contain a security flaw, and the insecure combination results in vulnerability to impersonation attacks.

In 2002, Yeh, Shen, and Hwang proposed a one-time password authentication scheme using smart cards. However, Tsuji et al. and Ku et al. showed that it is vulnerable to the stolen verifier attack. Therefore, this paper proposes an improved one-time password authentication scheme, which not only keeps the security of the scheme of Yeh-Shen-Hwang but also can withstand the stolen verifier attack.

This paper proposes a model for access control within object-oriented systems. The model is based on RBAC (role-based access control) and is called DRBAC (dynamic RBAC). Although RBAC is powerful in access control, the original design of RBAC required that user-role assignments and role-permission assignments should be handled statically (i.e., the assignments should be handled by human beings). Nevertheless, the following dynamic features are necessary in access control within a software system: (a) managing dynamic role switching, (b) avoiding Trojan horses, (c) managing role associations, and (d) handling dynamic role creation and deletion. DRBAC offers the dynamic features. This paper proposes DRBAC.

A distributed network-oriented Intrusion Detection System (IDS) is a mechanism which detects misuse accesses to an intra-network by distributed IDSs on the network with decomposed attack scenarios. However, there are only ad hoc algorithms for determining a deployment of distributed IDSs and a partition of the attack scenarios. In this paper, we formally define this problem as the IDS partition deployment problem and design an efficient algorithm for a simplified version of the problem by graph theoretical techniques.

To offer location based services, service providers need to have access to Location Information (LI) regarding the users which they wish to serve; this is a potential privacy threat. We propose the use of constraints, i.e. statements limiting the use and distribution of LI, that are securely bound to the LI, as a means to reduce this threat. Constraints may themselves reveal information to any potential LI user--that is, the constraints themselves may also be a privacy threat. To address this problem we introduce the notion of a LI Preference Authority (LIPA). A LIPA is a trusted party which can examine LI constraints and make decisions about LI distribution without revealing the constraints to the entity requesting the LI. This is achieved by encrypting both the LI and the constraints with a LIPA encryption key, ensuring that the LI is only revealed at the discretion of the LIPA.

As a specific signature, the nominative proxy signature scheme is a method in which the designated proxy signer generates a nominative signature and transmits it to a verifier, instead of the original signer. Recently, Seo et al. proposed a nominative proxy signature scheme for mobile communication and claimed that the scheme hash non-repudiation. However, after analyzing the scheme, we show that the scheme is insecure and cannot provide non-repudiation, note that a malicious original signer can forge the proxy signer to sign on any message. Finally, we also present a modification version of the scheme to repair the security flaw.

Recently, the integration of wired and wireless networks has become an interesting issue. The introduction of extending Mobile IP to mobile ad hoc networks not only helps the mobile nodes connect to the Internet but also broadens the scope of the ad hoc networks and increases their application. However, these hybrid schemes faces several security problems from the inherent weakness of ad hoc routing. In this paper, we propose a hybrid authentication scheme of Mobile IP assistance for ad hoc routing security. The regular Mobile IP registration scheme has been refined to an ad hoc key-aided version and now incorporates a novel routing packet authentication mechanism in the ad hoc routing operation. A distinct character of this hybrid scheme is that a Mobile Agent can form a secure ad hoc network where the mobile hosts can be authorized and authenticated by the refined Mobile IP registration scheme. In these findings, we shall propose that the mobile hosts can follow a novel routing packet authentication mechanism to secure the routing packets by using the cryptography of the simple geometric properties of lines. Since the novel routing authentication mechanism does not need digital signatures for completing the routing packet integrity, in this hybrid authentication scheme, the cryptographic computation cost on the mobile hosts' side is relatively minimized.

This paper presents an overview of four on-going European research projects in the field of mobile and wireless communications leading to the next generations of wireless communications. The projects started in 2004. They investigate requirements and definition of access technology, network architecture, antennas and propagation, security, services, applications and socio-economic impact.

A signature-matching co-processor in 130 nm CMOS technology for application in the network-security field is presented. Two key search technologies, implemented with fully-parallel CAM-based search cores, enable the removal of misused packets from Giga-bit-per-second (G-bps) networks in real-time without disturbing the normal network traffic. The first technology is a thorough search through packet header as well as payload in byte-shifting manner and is capable of detecting viruses, even if they are hidden at an arbitrary position within the packet. A 1.125 Mbit ternary CAM, operated at the speed of 125 Mega-searches per second (M-sps), integrates the primary lookup table for thorough packet search. The second technology applies an additional relational search with programmable logical operations to detect recently appearing more complicated misused packets. A small 192-bit binary CAM operated at 31.25 M-sps is also included for this purpose. Power dissipation, being a major concern of CAM-based application-specific LSIs, is addressed in the light of the signature-matching application, which has a high probability of multiple matches and which doesn't require to mask individual bits of the search word. Consequently, two application-driven power-reduction methods are implemented, namely an improved pipelined search for efficiently reducing power even in the case of a large number of multiple matches, and a search-line encoding for cutting search-line related power dissipation. As a result the signature-matching co-processor features low power dissipation between 0.4 W and 1.1 W for the best case and the worst case search configurations, respectively.

Up to present, proposed are many multi-signature schemes in which signers use respective moduli in the signature generation process. The FDH-based schemes are proposed by Mitomi et al. and Lysyanskaya et al.. The PSS-based schemes are proposed by Kawauchi et al. and Komano et al.. The FDH-based schemes have the advantage that the signature size is independent of the number of the signers. However, since the signature generation algorithm is deterministic, it has a bad reduction rate as a defect. Consequently, the signers must unfortunately use the keys large enough to keep the security. On the other hand, in the PSS-based schemes, good reduction rates can be obtained since the signature generation algorithms are probabilistic. However, the size of the random component shall overflow the security parameter, and thereby the signature size shall grow by the total size of the random components used the signers. That means, if the size of the random component is smaller, the growth of the signature size can be kept smaller. In this paper, we propose new probabilistic multi-signature scheme, which can be proven secure despite that smaller random components are used. We compare the proposed scheme and two existing schemes. Finally, we conclude that the proposed scheme is so-called optimal due to.

When an application code is downloaded from an unknown server to the mobile device, it is important to authenticate the code. Usually, code execution is overlapped with downloading to reduce transfer/invocation delay. In this letter, we present an efficient code authentication scheme that permits overlapping of execution and downloading when the sequence of code execution is determined during the execution time. The proposed scheme is based on authentication trees. Compared with the tree chaining scheme, the proposed scheme has lower communication overhead and shorter average verification delay. Also, the computation cost of the proposed scheme on the receiver is much smaller than that of the tree chaining scheme.

The DNSSECbis data model has key introduction follow the delegation chain, thus requiring a zone's parent to become secure before a zone itself can be secured. Ultimately this leads to non-deployability since the root zone will probably not be secured any time soon. We describe an early deployment aid for DNSSECbis whereby key introduction can be done via cooperating third parties.