Your search keyword '"Foo, Ernest"' showing total 17 results

1. Automated detection-in-depth in industrial control systems.

Author

Jadidi, Zahra, Foo, Ernest, Hussain, Mukhtar, and Fidge, Colin

Subjects

*INDUSTRIAL controls manufacturing, *DENIAL of service attacks, *PROGRAMMABLE controllers, *ANOMALY detection (Computer security), *INTERNET security, *INTELLIGENT buildings

Abstract

Legacy industrial control systems (ICSs) are not designed to be exposed to the Internet and linking them to corporate networks has introduced a large number of cyber security vulnerabilities. Due to the distributed nature of ICS devices, a detection-in-depth strategy is required to simultaneously monitor the behaviour of multiple sources of ICS data. While a detection-in-depth method leads to detecting attacks, like flooding attacks in earlier phases before the attacker can reach the end target, most research papers have focused on anomaly detection based on a single source of ICS data. Here, we present a detection-in-depth method for an ICS network. The new method is called automated flooding attack detection (AFAD) which consists of three stages: data acquisition, pre-processing, and a flooding anomaly detector. Data acquisition includes data collection from different sources like programmable logic controller (PLC) logs and network traffic. We then generate NetFlow data to provide light-weight anomaly detection in ICS networks. NetFlow-based analysis has been used as a scalable method for anomaly detection in high-speed networks. It only analyses packet headers, and it is an efficient method for detecting flooding attacks like denial of service attacks, and its performance is not affected by encrypted data. However, it has not been sufficiently studied in industrial control systems. Besides NetFlow data, ICS device logs are a rich source of information that can be used to detect abnormal behaviour. Both NetFlow traffic and log data are processed in our pre-processing stage. The third stage of AFAD is anomaly detection which consists of two parallel machine learning analysis methods, which respectively analyse the behaviours of device logs and NetFlow records. Due to the lack of enough labelled training datasets in most environments, an unsupervised predictor and an unsupervised clustering method are respectively used in the anomaly detection stage. We validated our approach using traffic captured in a factory automation dataset, Modbus dataset, and SWAT dataset. These datasets contain physical and network level normal and abnormal data. The performance of AFAD was compared with single-layer anomaly detection and with other studies. Results showed the high precision of AFAD in detecting flooding attacks. [ABSTRACT FROM AUTHOR]

Published

2022

2. An unsupervised method for social network spammer detection based on user information interests.

Author

Koggalahewa, Darshika, Xu, Yue, and Foo, Ernest

Subjects

SOCIAL networks, SPAM email, ONLINE social networks, PEER acceptance, SOCIAL acceptance

Abstract

Online Social Networks (OSNs) are a popular platform for communication and collaboration. Spammers are highly active in OSNs. Uncovering spammers has become one of the most challenging problems in OSNs. Classification-based supervised approaches are the most commonly used method for detecting spammers. Classification-based systems suffer from limitations of "data labelling", "spam drift", "imbalanced datasets" and "data fabrication". These limitations effect the accuracy of a classifier's detection. An unsupervised approach does not require labelled datasets. We aim to address the limitation of data labelling and spam drifting through an unsupervised approach.We present a pure unsupervised approach for spammer detection based on the peer acceptance of a user in a social network to distinguish spammers from genuine users. The peer acceptance of a user to another user is calculated based on common shared interests over multiple shared topics between the two users. The main contribution of this paper is the introduction of a pure unsupervised spammer detection approach based on users' peer acceptance. Our approach does not require labelled training datasets. While it does not better the accuracy of supervised classification-based approaches, our approach has become a successful alternative for traditional classifiers for spam detection by achieving an accuracy of 96.9%. [ABSTRACT FROM AUTHOR]

Published

2022

3. Authentication strategies in vehicular communications: a taxonomy and framework.

Author

Rezazadeh Baee, Mir Ali, Simpson, Leonie, Boyen, Xavier, Foo, Ernest, and Pieprzyk, Josef

Subjects

MOBILE communication systems, TAXONOMY, CYBERTERRORISM, COMMUNICATION patterns, COMMUNICATION strategies

Abstract

In intelligent vehicular networks, vehicles have enhanced sensing capabilities and carry computing and communication platforms to enable new versatile systems known as Vehicular Communication (VC) systems. Vehicles communicate with other vehicles and with nearby fixed equipment to support different applications, including those which increase driver awareness of the surroundings. This should result in improved safety and may optimize traffic. However, VC systems are vulnerable to cyber attacks involving message manipulation. Research aimed at tackling this problem has resulted in the proposal of multiple authentication protocols. Several existing survey papers have attempted to classify some of these protocols based on a limited set of characteristics. However, to date there is no generic framework to support the comparison of these protocols and provide guidance for design and evaluation. Most existing classifications either use computation complexity of cryptographic techniques as a criterion, or they fail to make connections between different important aspects of authentication. This paper provides such a framework, proposing a new taxonomy to enable a consistent means of classifying authentication schemes based upon seven main criteria. The main contribution of this study is a framework to enable protocol designers and investigators to adequately compare and select authentication schemes when deciding on particular protocols to implement in an application. Our framework can be applied in design, making choices appropriate for the intended context in both intra-vehicle and inter-vehicle communications. We demonstrate the application of our framework using two different types of case study: individual analysis and hypothetical design. Additionally, this work makes several related contributions. We present the network model, outline the applications, list the communication patterns and the underlying standards, and discuss the necessity of using cryptography and key management in VC systems. We also review the threats, authentication, and privacy requirements in vehicular networks. [ABSTRACT FROM AUTHOR]

Published

2021

4. Finding Anomalies in SCADA Logs Using Rare Sequential Pattern Mining.

Author

Rahman, Anisur, Xu, Yue, Radke, Kenneth, and Foo, Ernest

Published

2016

5. Analysis of two authorization protocols using Colored Petri Nets.

Author

Seifi, Younes, Suriadi, Suriadi, Foo, Ernest, and Boyd, Colin

Subjects

PETRI nets, COMPUTER systems, ELECTRONIC systems, COMPUTER software, COMPUTER security, INFORMATION technology security, NETS (Mathematics)

Abstract

To prevent unauthorized access to protected trusted platform module (TPM) objects, authorization protocols, such as the object-specific authorization protocol (OSAP), have been introduced by the trusted computing group (TCG). By using OSAP, processes trying to gain access to the protected TPM objects need to prove their knowledge of relevant authorization data before access to the objects can be granted. Chen and Ryan's 2009 analysis has demonstrated OSAP's authentication vulnerability in sessions with shared authorization data. They also proposed the Session Key Authorization Protocol (SKAP) with fewer stages as an alternative to OSAP. Chen and Ryan's analysis of SKAP using ProVerif proves the authentication property. The purpose of this paper was to examine the usefulness of Colored Petri Nets (CPN) and CPN Tools for security analysis. Using OSAP and SKAP as case studies, we construct intruder and authentication property models in CPN. CPN Tools is used to verify the authentication property using a Dolev-Yao-based model. Verification of the authentication property in both models using the state space tool produces results consistent with those of Chen and Ryan. [ABSTRACT FROM AUTHOR]

Published

2015

6. The Power of Hands-On Exercises in SCADA Cyber Security Education.

Author

Sitnikova, Elena, Foo, Ernest, and Vaughn, Rayford B.

Published

2013

7. Privacy Compliance Verification in Cryptographic Protocols.

Author

Suriadi, Suriadi, Ouyang, Chun, and Foo, Ernest

Published

2012

8. Modeling and Verification of Privacy Enhancing Protocols.

Author

Suriadi, Suriadi, Ouyang, Chun, Smith, Jason, and Foo, Ernest

Abstract

Privacy enhancing protocols (PEPs) are a family of protocols that allow secure exchange and management of sensitive user information. They are important in preserving users΄ privacy in today΄s open environment. Proof of the correctness of PEPs is necessary before they can be deployed. However, the traditional provable security approach, though well established for verifying cryptographic primitives, is not applicable to PEPs. We apply the formal method of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various security properties of PIEMCP using state space analysis techniques. This investigation provides us with preliminary insights for modeling and verification of PEPs in general, demonstrating the benefit of applying the CPN-based formal approach to proving the correctness of PEPs. [ABSTRACT FROM AUTHOR]

Published

2009

9. A User-Centric Protocol for Conditional Anonymity Revocation.

Author

Suriadi, Suriadi, Foo, Ernest, and Smith, Jason

Abstract

This paper presents and evaluates an improved anonymity revocation protocol. This protocol can be used to strengthen anonymity revocation capability in a privacy-enhancing identity management system. This protocol is user-centric, abuse-resistant, and it provides enforceable conditions fulfillment. We assume the existence of 1 honest referee out of t designated referees (t > 1) chosen by users, and no collusion between users and referees. The security and performance of this protocol are evaluated. [ABSTRACT FROM AUTHOR]

Published

2008

10. A Secure E-Tender Submission Protocol.

Author

Fischer-Hübner, Simone, Furnell, Stevel, Lambrinoudakis, Costas, Du, Rong, Boyd, Colin, and Foo, Ernest

Abstract

There is fundamental difference between a simple e-tender box and a traditional physical tender box. Access to the e-tender box has become a private activity in contrast with the public access to a traditional tender box. A significant opportunity is therefore created for malicious business collusion by use of a simple e-tender box even though it may have cryptographic keys. This indicates that a different approach to the e-tender box is needed. This paper presents a secure e-tender submission protocol to address the advanced security requirements in e-tender submission. The principles of commitment schemes have been applied to the protocol design to prevent submission time dispute and collusion between favoured parties. The protocol is assumed to run under the condition that all tendering parties (principal and tenderers) are dishonest players. The security analysis shows that the protocol meets its security goals under well known colluding scenarios. [ABSTRACT FROM AUTHOR]

Published

2006

11. Ubiquitous Authorization Scheme Based on Device Profile.

Author

Xiaobo Zhou, Sokolsky, Oleg, Lu Yan, Eun-Sun Jung, Zili Shao, Yi Mu, Dong Chun Lee, Daeyoung Kim, Young-Sik Jeong, Cheng-Zhong Xu, Tham, Kevin, Looi, Mark, and Foo, Ernest

Abstract

The range of devices that are capable of connecting to data networks has been on a rise in recent times. From the perspective of an administrator, controlling access to data networks, via these devices, usually includes the creation of separate login credentials. This leads to an administrative nightmare, from both the user and administrator’s point of view. This paper proposes a novel approach to this problem and offers a single-sign-on system, where the user’s authorisation is based on the login credentials of the user, and the profile of the device the user is using. An instance of this design is presented with SESAME, to demonstrate the usefulness of the design, and also practicality for implementation. [ABSTRACT FROM AUTHOR]

Published

2006

12. Examining the DoS Resistance of HIP.

Author

Meersman, Robert, Tari, Zahir, Herrero, Pilar, Tritilanunt, Suratose, Boyd, Colin, Foo, Ernest, and Nieto, Juan Manuel González

Abstract

We examine DoS resistance of the Host Identity Protocol (HIP) and discuss a technique to deny legitimate services. To demonstrate the experiment, we implement a formal model of HIP based on Timed Petri Nets and use a simulation approach provided in CPN Tools to achieve a formal analysis. By integrating adjustable puzzle difficulty, HIP can mitigate the effect of DoS attacks. However, the inability to protect against coordinated adversaries on a hash-based puzzle causes the responder to be susceptible to DoS attacks at the identity verification phase. As a result, we propose an enhanced approach by employing a time-lock puzzle instead of a hash-based scheme. Once the time-lock puzzle is adopted, the effect of coordinated attacks will be removed and the throughput from legitimate users will return to the desirable level. [ABSTRACT FROM AUTHOR]

Published

2006

13. Designing Secure E-Tendering Systems.

Author

Katsikas, Sokratis, Lopez, Javier, Pernul, Günther, Du, Rong, Foo, Ernest, Nieto, Juan González, and Boyd, Colin

Abstract

Security requirements for e-tendering systems have not been closely scrutinised in the literature. This paper identifies key issues to be addressed in the design of secure e-tendering systems. In particular, the issues of secure timing and record keeping are raised. This paper also classifies existing e-tendering system designs by presenting common e-tendering architectures. A new e-tendering architecture, using distributed trusted third parties is proposed which may be suitable for secure large scale operations. [ABSTRACT FROM AUTHOR]

Published

2005

14. Passive Entities: A Strategy for Electronic Payment Design.

Author

Dawson, Ed, Clark, Andrew, Foo, Ernest, and Boyd, Colin

Abstract

The participating entities in an electronic payment usually include an overseeing bank as well as a customer and a merchant. Many electronic payment schemes are designed so that the bank is off-line during the actual payment between the customer and the merchant. This paper introduces the concept of passive entities which allows the protocol designer to allocate the level of processing required by an entity during a particular phase of the payment scheme. To illustrate the use of passive entities, a new electronic payment scheme is developed which has the customer assigned as the passive entity during payment. This new protocol is more efficient than similar protocols. A variation of this protocol is also described in which the identity of the customer is kept anonymous from the merchant. [ABSTRACT FROM AUTHOR]

Published

2000

15. Effient Electronic Cash Using Batch Signatures.

Author

Goos, Gerhard, Hartmanis, Juris, van Leeuwen, Jan, Pieprzyk, Josef, Safavi-Naini, Rei, Seberry, Jennifer, Boyd, Colin, Foo, Ernest, and Pavlovski, Chris

Abstract

All known anonymous electronic cash protocols are inefficient compared to other electronic payment protocols. This is because much of the complexity of the protocols is devoted to ensuring the anonymity of the consumer. This problem is addressed with an extension of Brands' electronic cash payment protocol using batch cryptography. Batch signature generation is used to improve the efficiency of the withdrawal process so that multiple coins can be withdrawn for almost the cost of only one Brands' coin withdrawal. As a consequence coins withdrawn together can be linked. Batch verification is also used to increase the efficiency of payment. We show that the security of the original scheme is maintained and the level of privacy provided by the cash scheme can be determined by the customer. [ABSTRACT FROM AUTHOR]

Published

1999

16. A payment scheme using vouchers.

Author

Goos, Gerhard, Hartmanis, Juris, Leeuwen, Jan, Hirchfeld, Rafael, Foo, Ernest, and Boyd, Colin

Abstract

Electronic payment schemes are traditionally based on the physical model of commerce where customers withdraw cash from bank accounts and spend it at merchants' establishments in return for goods and services. This may not be the most ideal model on which to base electronic payment. A new payment scheme using a different paradigm has been developed. Vouchers are prepared by the bank and the merchant. These are distributed to customers who can redeem them for electronic goods with the help of the bank. This new scheme requires fewer online messages to be transmitted than previous payment schemes involving electronic goods such as NetBill and thus also requires less online processing. The voucher scheme also provides some properties desired by payment schemes based on electronic coins. [ABSTRACT FROM AUTHOR]

Published

1998

17. Designing a secure e-tender submission protocol.

Author

Du, Rong, Foo, Ernest, and Boyd, Colin

Subjects

COMPUTER network protocols, INVESTMENT analysis, TENDER offers, BUSINESS enterprise security, SALE of business enterprises, FUNCTIONAL differential equations, ONLINE information services, SURETYSHIP & guaranty, PRINCIPAL place of business

Abstract

This paper investigates the fundamental difference between a simple e-tender box and a traditional physical tender box, and highlights a series of security traps created by the functional differences. Based on our findings, we have defined the security requirements for an e-tender submission protocol. We also discuss functional limitations of cryptographic technologies. As a result, two secure e-tender submission protocols are proposed which enable a secure e-tender submission. Protocols are assumed to run under the condition that all tendering parties (principal and tenderers) are dishonest players. Our informal and formal security analysis show that these protocols meet their security goals under well known collusion scenarios. Because security is a process not a product, our approach will have broad industry application for developing secure electronic business processes in areas other than e-tendering. [ABSTRACT FROM AUTHOR]

Published

2008