123 results
Search Results
102. A Statistical Model for Detecting Abnormality in Static-Priority Scheduling Networks with Differentiated Services.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Ming Li, and Wei Zhao
- Abstract
This paper presents a new statistical model for detecting signs of abnormality in static-priority scheduling networks with differentiated services at connection levels on a class-by-class basis. The formulas in terms of detection probability, miss probability, probabilities of classifications, and detection threshold are proposed. Keywords: Anomaly detection, real-time systems, traffic constraint, static-priority scheduling networks, differentiated services, time series. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
103. SoIDPS: Sensor Objects-Based Intrusion Detection and Prevention System and Its Implementation.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, SeongJe Cho, Hye-Young Chang, HongGeun Kim, and WoongChul Choi
- Abstract
In this paper, we propose an intrusion detection and prevention system using sensor objects that are a kind of trap and are accessible only by the programs that are allowed by the system. Any access to the sensor object by disallowed programs or any transmission of the sensor object to outside of the system is regarded as an intrusion. In such case, the proposed system logs the related information on the process as well as the network connections, and terminates the suspicious process to prevent any possible intrusion. By implementing the proposed method as Loadable Kernel Module (LKM) in the Linux, it is impossible for any process to access the sensor objects without permission. In addition, the security policy will be dynamically applied at run time. Experimental results show that the security policy is enforced with negligible overhead, compared to the performance of the unmodified original system. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
104. A New Network Anomaly Detection Technique Based on Per-Flow and Per-Service Statistics.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Waizumi, Yuji, Kudo, Daisuke, Kato, Nei, and Nemoto, Yoshiaki
- Abstract
In the present network security management, improvements in the performances of Intrusion Detection Systems(IDSs) are strongly desired. In this paper, we propose a network anomaly detection technique which can learn a state of network traffic based on per-flow and per-service statistics. These statistics consist of service request frequency, characteristics of a flow and code histogram of payloads. In this technique, we achieve an effective definition of the network state by observing the network traffic according to service. Moreover, we conduct a set of experiments to evaluate the performance of the proposed scheme and compare with those of other techniques. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
105. Sampling Distance Analysis of Gigantic Data Mining for Intrusion Detection Systems.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Yong-Chang Jiao, Yong Zeng, and Jianfeng Ma
- Abstract
Real-Time intrusion detection system (IDS) based on traffic analysis is one of the highlighted topics of network security researches. Restricted by computer resources, real-time IDS is computationally infeasible to deal with gigantic operations of data storage and analyzing in real world. As a result, the sampling measurement technique in a high-speed network becomes an important issue in this topic. Sampling distance analysis of gigantic data mining for IDS is shown in this paper. Based on differential equation theory, a quantitative analysis of the effect of IDS on the network traffic is given firstly. Secondly, a minimum delay time of IDS needed to detect some kinds of intrusions is analyzed. Finally, an upper bound of the sampling distance is discussed. Proofs are given to show the efficiency of our approach. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
106. An Immune System Inspired Approach of Collaborative Intrusion Detection System Using Mobile Agents in Wireless Ad Hoc Networks.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Ki-Won Yeom, and Ji-Hyung Park
- Abstract
Many single points of failure exist in an intrusion detection system (IDS) based on a hierarchical architecture that does not have redundant communication lines and the capability to dynamically reconfigure relationships in the case of failure of key components. To solve this problem, we propose an IDS inspired by the human immune system based upon several mobile agents. The mobile agents act similarly to white blood cells of the immune system and travel from host to host in the network to detect any intrusions. As in the immune system, intrusions are detected by distinguishing between "self" and "non-self", or normal and abnormal process behavior respectively. In this paper we present our model, and show how mobile agent and artificial immune paradigms can be used to design efficient intrusion detection systems. We also discuss the validation of our model followed by a set of experiments we have carried out to evaluate the performance of our model using realistic case studies. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
107. Insider Impersonation-MIM Attack to Tripartite Key Agreement Scheme and an Efficient Protocol for Multiple Keys.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Lihua Wang, Okamoto, Takeshi, Takagi, Tsuyoshi, and Okamoto, Eiji
- Abstract
In this paper, we introduce the definition of insiderimpersonation -MIM attack for tripartite key agreement schemes and show that almost all of the proposed schemes are not secure under this attack. We present a new protocol which is much more efficient than the existential secure protocol [13] in terms of computational efficiency and transmitted data size. Moreover, our protocol is the first scheme for multiple keys which means that not only a large number of keys but also various kinds of keys can be generated by applying our scheme. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
108. Efficient Compilers for Authenticated Group Key Exchange.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Qiang Tang, and Mitchell, Chris J.
- Abstract
In this paper we propose two compilers which are designed to transform a group key exchange protocol secure against any passive adversary into an authenticated group key exchange protocol with key confirmation which is secure against any passive adversary, active adversary, or malicious insider. We show that the first proposed compiler gives protocols that are more efficient than those produced by the compiler of Katz and Yung. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
109. A Token-Based Single Sign-On Protocol.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Li Hui, and Shen Ting
- Abstract
A token based single sign-on protocol for distribution systems is proposed in this paper. When a user C logs on a system, a centralized authentication server A will authenticate C and issue C a token which is signed by A and includes a session key generated by A as well as a time stamp. C can use the token to access any application server S.S will send the C's request to the A. Then A will verify the validity of the token. There are two advantages of this protocol: 1) Time synchronization between severs S and the user C is not necessary. 2) All authentication state information such as session key is stored in the token rather than in the memory of A, thus the performance of A can be promoted effectively.We have used SVO logic to do formal analysis of this protocol. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
110. An Identity-Based Threshold Signcryption Scheme with Semantic Security.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Changgen Peng, and Xiang Li
- Abstract
This paper designs a secure identity-based threshold signcryption scheme from the bilinear pairings. The construction is based on the recently proposed signcryption scheme of Libert and Quisquater [6]. Our scheme not only has the properties of identity-based and threshold, but also can achieve semantic security under the Decisional Bilinear Diffie-Hellman assumption. It can be proved secure against forgery under chosen message attack in the random oracle model. In the private key distribution protocol, we adopt such method that the private key associated with an identity rather than the master key is shared. In the threshold signcryption phase, we provide a new method to check the malicious members. This is the first identity-based threshold signcryption scheme that can simultaneously achieve both semantic security and others security, such as unforgeability, robustness, and non-repudiation. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
111. Efficient ID-Based Proxy Signature and Proxy Signcryption Form Bilinear Pairings.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Qin Wang, and Zhenfu Cao
- Abstract
In this paper, based on bilinear pairings, we would like to construct an identity based proxy signature scheme and an identity based proxy signcryption scheme without secure channel. We also analyze the two proposed schemes from efficiency point of view and show that they are more efficient than the existed ones. What's more, our proposed schemes satisfy all of the security requirements to proxy signature and proxy signcryption schemes assuming the CDH problem and BDH problem are hard to solve. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
112. On the Security of Some Password-Based Key Agreement Schemes.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Qiang Tang, and Mitchell, Chris J.
- Abstract
In this paper we show that three potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from some of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these security vulnerabilities. Finally, we propose means to remove these security vulnerabilities. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
113. The Running-Mode Analysis of Two-Party Optimistic Fair Exchange Protocols.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Yuqing Zhang, Zhiling Wang, and Bo Yang
- Abstract
In this paper, we present a method of running-mode to analyze the fairness of two-party optimistic fair exchange protocols. After discussing the premises and assumptions of analysis introduced in this technique, we deduce all the possible running modes that may cause attack on the protocols. Then we illustrate our technique on the Micali's Electronic Contract Signing Protocol (ECS1), and the checking results show that there are three new attacks on the protocol. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
114. An Efficient Certificateless Signature Scheme.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Gorantla, M. Choudary, and Saxena, Ashutosh
- Abstract
Traditional certificate based cryptosystem requires high maintenance cost for certificate management. Although, identity based cryptosystem reduces the overhead of certificate management, it suffers from the drawback of key escrow. Certificateless cryptosystem combines the advantages of both certificate based and identity based cryptosystems as it avoids the usage of certificates and does not suffer from key escrow. In this paper, we propose a pairing based certificateless signature scheme that is efficient than the existing scheme. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
115. ID-Based Restrictive Partially Blind Signatures.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Xiaofeng Chen, Fangguo Zhang, and Shengli Liu
- Abstract
Restrictive blind signatures allow a recipient to receive a blind signature on a message not know to the signer but the choice of message is restricted and must conform to certain rules. Partially blind signatures allow a signer to explicitly include necessary information (expiration date, collateral conditions, or whatever) in the resulting signatures under some agreement with receiver. Restrictive partially blind signatures incorporate the advantages of these two blind signatures. The existing restrictive partially blind signature scheme was constructed under certificate-based (CA-based) public key systems. In this paper we follow Brand's construction to propose the first identity-based (ID-based) restrictive blind signature scheme from bilinear pairings. Furthermore, we first propose an ID-based restrictive partially blind signature scheme, which is provably secure in the random oracle model. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
116. Error Oracle Attacks on Several Modes of Operation.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Fengtong Wen, Wenling Wu, and Qiaoyan Wen
- Abstract
In [7] Vaudenay demonstrated side-channel attacks on CBC-mode encryption, exploiting a "valid padding" oracle. His work showed that several uses of CBC-mode encryption in well-known products and standards were vulnerable to attack when an adversary was able to distinguish between valid and invalid ciphertexts. In [2][5] [6], Black, Paterson,Taekeon et al.generalized these attacks to various padding schemes of CBC-mode encryption and multiple modes of operation. In this paper, we study side-channel attacks on the CFB, CBC
CBC, CFB CFB, CBC CBC CBC, CFB CFB CFB modes under the error oracle models, which enable an adversary to determine the correct message with knowledge of ciphertext. It is shown that an attacker can exploit an oracle to efficiently extract the corresponding position plaintext bits of any block if the target plaintext contains some fixed bits in a known position of one block. [ABSTRACT FROM AUTHOR] - Published
- 2005
- Full Text
- View/download PDF
117. Cryptanalysis of a Cellular Automata Cryptosystem.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Jingmei Liu, Xiangguo Cheng, and Xinmei Wang
- Abstract
In this paper we show that the new Cellular Automata Cryptosystem (CAC) is insecure and can be broken by chosen-plaintexts attack with little computation. We also restore the omitted parts clearly by deriving the rotating number δ of plaintext bytes and the procedure of Major CA. The clock circle Δ of Major CA and the key SN are also attacked. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
118. Special Distribution of the Shortest Linear Recurring Sequences in Z /(p) Field.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Qian Yin, Yunlun Luo, and Ping Guo
- Abstract
In this paper, the distribution of the shortest linear recurring sequences in Z /(p) is studied. It is found that the shortest linear recurrent length is always equal to n / 2 when n is even and is always equal to n / 2+1 when n is odd for any sequence whose length is n. In other words, the shortest linear recurring length is always equal to the half of the length of the given sequence. The probability of finding the distribution of the shortest linear recurring length of two sequences in Z / (p) field is also given. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
119. On the Security of Condorcet Electronic Voting Scheme.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Yoon Cheol Lee, and Doi, Hiroshi
- Abstract
In this paper, we focus on the Condorcet voting scheme in which each voter votes with the full order of the candidates according to preference, and the result of the election is determined by one-on-one comparisons between each candidate. We propose the Condorcet electronic voting scheme that is secure, universally verifiable and satisfying one-on-one comparison privacy. Furthermore the result of the election can be determined without revealing the order of the candidates which each voter specified. We use a matrix to represent the order of all the candidates according to preference, and satisfy one-on-one comparison privacy using homomorphic property. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
120. Design of a New Kind of Encryption Kernel Based on RSA Algorithm.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Ping Dong, Xiangdong Shi, and Jiehui Yang
- Abstract
Fast realization of RSA algorithm by hardware is a significant and challenging task. In this paper an ameliorative Montgomery algorithm that makes for hardware realization to actualize the RSA algorithm is proposed. This ameliorative algorithm avoids multiplication operation, which is easier for hardware realization. In the decryption and digital signature process, a combination of this ameliorative Montgomery algorithm and the Chinese remainder theorem is applied, which could quadruple the speed of the decryption and digital signature compared to the encryption. Furthermore, a new hardware model of the encryption kernel based on the ameliorative Montgomery is founded whose correctness and feasibility is validated by Verilog HDL in practice. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
121. FMS Attack-Resistant WEP Implementation Is Still Broken.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Ohigashi, Toshihiro, Shiraishi, Yoshiaki, and Morii, Masakatu
- Abstract
In this paper, we present an attack to break WEP that avoids weak IVs used in the FMS attack. Our attack is a known IV attack that doesn't need the specific pattern of the IVs. This attack transforms most IVs of WEP into weak IVs. If we attempt to avoid all weak IVs used in our attack, the rate at which IVs are avoided is too large to use practical. When using a 128-bit session key, the efficiency of our attack is 272.1 in the most effective case. This implies that our attack can recover a 128-bit session key within realistically possible computational times. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
122. An ID-Based Optimistic Fair Signature Exchange Protocol from Pairings.
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Chunxiang Gu, Yuefei Zhu, and Yajuan Zhang
- Abstract
ID-based public key cryptosystem can be a good alternative for certificate-based public key setting. The protocol for fair exchange of signatures can be widely used in signing digital contracts, e-payment and other electronic commerce. This paper proposes an efficient ID-based verifiably encrypted signature scheme from pairings. Using this new scheme as kernel, we provide an efficient ID-based optimistic fair signature exchange protocol. We offer arguments for the fairness, efficiency and security proof of our new protocol. Our new protocol provides an efficient and secure solution for the problem of fair exchange of signatures in ID-based cryptosystem. [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
123. A Fast Inversion Algorithm and Low-Complexity Architecture over GF(2m).
- Author
-
Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, Yong-Chang Jiao, Sosun Kim, Nam Su Chang, Chang Han Kim, Young-Ho Park, and Jongin Lim
- Abstract
The performance of public-key cryptosystems is mainly appointed by the underlying finite field arithmetic. Among the basic arithmetic operations over finite field, the multiplicative inversion is the most time consuming operation. In this paper, a fast inversion algorithm over GF(2m) with the polynomial basis representation is proposed. The proposed algorithm executes in about 27.5% or 45.6% less iterations than the extended binary gcd algorithm (EBGA) or the montgomery inverse algorithm (MIA) over GF(2163), respectively. In addition, we propose a new hardware architecture to apply for low-complexity systems. The proposed architecture takes approximately 48.3% or 24.9% less the number of reduction operations than [4] or [8] over GF(2239), respectively. Furthermore, it executes in about 21.8% less the number of addition operations than [8] over GF(2163). [ABSTRACT FROM AUTHOR]
- Published
- 2005
- Full Text
- View/download PDF
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.