E-Book, Englisch, 280 Seiten
Huang / MacCallum / Du Network Security
1. Auflage 2010
ISBN: 978-0-387-73821-5
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 280 Seiten
ISBN: 978-0-387-73821-5
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book provides a reference tool for the increasing number of scientists whose research is more or less involved in network security. Coverage includes network design and modeling, network management, data management, security and applications.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;5
2;Contents;6
3;Contributors;8
4;Secure Metering Schemes;11
4.1;1 Introduction;11
4.2;2 State of the Art;15
4.2.1;2.1 Client Authentication;15
4.2.2;2.2 Micropayments;15
4.2.3;2.3 Pricing via Processing;16
4.2.4;2.4 Threshold Computation of a Function;16
4.2.5;2.5 Secret Sharing;17
4.3;3 General Framework;17
4.3.1;3.1 Assumptions and Requirements;18
4.3.2;3.2 Complexity Measures;20
4.4;4 Unconditionally Secure Metering Schemes;20
4.4.1;4.1 Threshold Metering Schemes;21
4.4.1.1;4.1.1 An Entropy Based Model;23
4.4.2;4.2 Metering Schemes with Pricing;25
4.4.3;4.3 Metering Schemes for General Access Structures;28
4.5;5 Computationally Secure Metering Schemes;33
4.5.1;5.1 Naor and Pinkas Scheme;33
4.5.2;5.2 Ogata–Kurosawa Scheme;35
4.5.3;5.3 Hash-Based Scheme;36
4.6;6 Conclusions;38
4.7;References;41
5;A Cryptographic Framework for the Controlled Release Of Certified Data;43
5.1;1 Introduction;43
5.2;2 A Cryptographic Framework for the Controlled Release of Certified Data;45
5.2.1;2.1 A Framework of Cryptographic Primitives;46
5.2.2;2.2 Cryptography for the Controlled Release of Certified Data;48
5.3;3 Example Applications of the Framework;50
5.3.1;3.1 An Anonymous Credential System with Anonymity Revocation;51
5.3.2;3.2 Anonymous e-cash;51
5.4;4 Concrete Framework;52
5.4.1;4.1 Preliminaries;53
5.4.1.1;4.1.1 Notation;53
5.4.1.2;4.1.2 Bi-Linear Maps;53
5.4.2;4.2 Commitment Scheme;54
5.4.2.1;4.2.1 Pedersen's Commitment Scheme;54
5.4.2.2;4.2.2 An Integer Commitment Scheme;54
5.4.2.3;4.2.3 Proving the Length of a Discrete Logarithm;55
5.4.3;4.3 The SRSA-CL Signature Scheme and Its Protocols;55
5.4.3.1;4.3.1 The SRSA-CL Signature Scheme;56
5.4.3.2;4.3.2 Obtaining of a Signature on Committed Messages;57
5.4.3.3;4.3.3 Prove Knowledge of a Signature on Committed Messages;58
5.4.4;4.4 The BM-CL Signature Schemes and Its Protocols;58
5.4.4.1;4.4.1 The Signature Scheme;58
5.4.4.2;4.4.2 Obtaining of a Signature on Committed Messages;59
5.4.4.3;4.4.3 Prove Knowledge of a Signature on Committed Messages;60
5.4.5;4.5 The CS Encryption and Verifiable Encryption;61
5.4.5.1;4.5.1 The Encryption Scheme;61
5.4.5.2;4.5.2 Verifiable Encryption of Discrete Logarithms;62
5.5;5 Bibliographic Notes;63
5.6;References;64
6;Scalable Group Key Management for Secure Multicast: A Taxonomy and New Directions;67
6.1;1 Introduction;67
6.2;2 A Taxonomy of Group Rekeying Protocols;69
6.2.1;2.1 Stateful Protocols;69
6.2.2;2.2 Stateless Protocols;72
6.2.3;2.3 Reliable Key Distribution;75
6.2.4;2.4 Self-Healing Key Distribution;77
6.2.4.1;2.4.1 Polynomial-Based Self-Healing;77
6.2.4.2;2.4.2 Self-Healing SDR;79
6.2.5;2.5 Rekeying Optimization;80
6.2.6;2.6 Group Rekeying in Ad-hoc and Sensor Networks;80
6.2.6.1;2.6.1 Group Rekeying for Ad-hoc Networks;81
6.2.6.2;2.6.2 Group Rekeying for Sensor Networks;82
6.3;3 New Research Directions;83
6.4;References;84
7;Web Forms and Untraceable DDoS Attacks;87
7.1;1 Introduction;87
7.2;2 Related Work;90
7.3;3 The Attack;92
7.3.1;3.1 Description of Vulnerability;92
7.3.2;3.2 Finding the Victim;92
7.3.3;3.3 Phase I: Harvesting Suitable Forms;93
7.3.4;3.4 Phase II: Automatically Filling Forms;94
7.3.5;3.5 Poorly Behaved Sites;94
7.3.6;3.6 Well Behaved Sites;95
7.3.7;3.7 On the Difficulty of Tracing an Attacker;95
7.4;4 Experimental Data;96
7.4.1;4.1 Experimental Setup;96
7.4.2;4.2 Results;97
7.5;5 Defense Mechanisms;101
7.5.1;5.1 Prevention of Attacks;101
7.5.2;5.2 Detection and Management of Attacks;102
7.5.3;5.3 Synergy Between Defense of Launch Pads and Victims;103
7.6;6 Conclusion;104
7.7;References;105
8;Mechanical Verification of Cryptographic Protocols;107
8.1;1 Introduction;107
8.2;2 Security Protocols;108
8.3;3 Flaws in Security Protocols;109
8.3.1;3.1 The Needham–Schroeder Public Key Protocol;109
8.3.2;3.2 Lowe's Attack;110
8.4;4 Existing Protocol Verification Methods;111
8.4.1;4.1 State Based Methods;112
8.4.2;4.2 Rule Based Methods;113
8.5;5 A Knowledge Based Verification Framework;116
8.5.1;5.1 Basic Notations and Data Structures;116
8.5.2;5.2 Action Functions and Predicates;117
8.5.3;5.3 Assumptions;117
8.5.4;5.4 Rules;118
8.6;6 Verifying Needham–Schroeder–Lowe Protocol Mechanically;120
8.6.1;6.1 Modelling the Protocol;120
8.6.2;6.2 Some Important Lemmas;121
8.6.3;6.3 Secrecy of Nonces;122
8.6.4;6.4 Proving Guarantee for B;123
8.6.5;6.5 Proving Guarantee for A;124
8.6.6;6.6 Summary;124
8.7;References;124
9;Routing Security in Ad Hoc Wireless Networks;127
9.1;1 Introduction to Ad Hoc Wireless Networks;128
9.2;2 Overview of Routing Protocols in Ad Hoc Wireless Networks;129
9.2.1;2.1 Proactive Routing Protocols;130
9.2.2;2.2 Reactive Routing Protocols;131
9.2.3;2.3 Hybrid Routing Protocols;132
9.2.4;2.4 Broadcasting in Ad Hoc Wireless Networks;133
9.3;3 Security Services and Challenges in Ad Hoc Wireless Networks;134
9.4;4 Security Attacks on Routing Protocols in Ad Hoc Wireless Networks;135
9.4.1;4.1 Attacks Using Impersonation;136
9.4.2;4.2 Attacks Using Modification;136
9.4.3;4.3 Attacks Using Fabrication;137
9.4.4;4.4 Replay Attacks;138
9.4.5;4.5 Denial of Service;138
9.5;5 Security Mechanisms and Solutions for Routing Protocols in Ad Hoc WirelessNetworks;139
9.5.1;5.1 Secure Efficient Ad hoc Distance Vector;140
9.5.2;5.2 ARIADNE;140
9.5.3;5.3 Security Aware Routing;141
9.5.4;5.4 Secure Routing Protocol;142
9.5.5;5.5 Secure Routing Protocol for Ad Hoc Networks;143
9.5.6;5.6 Security Protocols for Sensor Network;144
9.5.7;5.7 Cooperation Of Nodes Fairness In Dynamic Ad-hoc NeTworks;144
9.5.8;5.8 Defense Mechanisms Against Rushing Attacks;145
9.5.9;5.9 Defense Mechanisms Against Wormhole Attacks;146
9.5.10;5.10 Defense Mechanisms Against Sybil Attacks;147
9.5.11;5.11 Security Mechanisms for Broadcast Operation;148
9.6;6 Conclusions;149
9.7;References;151
10;Insider Threat Assessment: Model, Analysis and Tool;153
10.1;1 Introduction;153
10.1.1;1.1 Summary of Contributions;155
10.1.2;1.2 Chapter Organization;156
10.2;2 Insider Threat: A Review;156
10.3;3 Modeling Insider Threat;157
10.3.1;3.1 Model Overview;157
10.3.2;3.2 The Min-Hack Problem;159
10.4;4 Modeling Methodology and Applications;161
10.4.1;4.1 Practical Considerations;161
10.4.2;4.2 Illustrations;163
10.5;5 Threat Analysis;166
10.5.1;5.1 On the Complexity of Analyzing Key Challenge Graphs;166
10.5.1.1;5.1.1 Approximation Algorithms and Approximation Ratios;167
10.5.1.2;5.1.2 Minimum Label Coverp;167
10.5.1.3;5.1.3 Minimum Monotone Satisfying Assignment;168
10.5.1.4;5.1.4 Reducing MMSA to Min-Hack;169
10.5.1.5;5.1.5 Reducing Label-Cover to Min-Hack;171
10.5.1.6;5.1.6 Reducing PCP to Min-Hack;174
10.5.2;5.2 Threat Analysis Algorithms;177
10.5.3;5.3 Algorithm Benchmarking;178
10.6;6 Related Work;180
10.6.1;6.1 Formal Models;180
10.6.2;6.2 Security Audit Tools;181
10.6.3;6.3 Metrics;182
10.7;7 Conclusion And Future Work;182
10.8;References;183
11;Toward Automated Intrusion Alert Analysis;185
11.1;1 Introduction;185
11.2;2 Correlating Intrusion Alerts Based on Prerequisites and Consequences of Attacks;187
11.2.1;2.1 Prerequisite and Consequence of Attacks;188
11.2.2;2.2 Hyper-Alert Type and Hyper-Alert;188
11.3;3 Analyzing Intensive Alerts;194
11.3.1;3.1 Alert Aggregation and Disaggregation;195
11.3.1.1;3.1.1 Alert Aggregation;195
11.3.1.2;3.1.2 Alert Disaggregation;197
11.3.2;3.2 Focused Analysis;198
11.3.3;3.3 Clustering Analysis;199
11.3.4;3.4 Frequency Analysis;200
11.3.5;3.5 Link Analysis;200
11.3.6;3.6 Association Analysis;202
11.3.7;3.7 Discussion;203
11.4;4 Learning Attack Strategies from Correlated Alerts;203
11.4.1;4.1 Attack Strategy Graph;204
11.4.2;4.2 Learning Attack Strategies;206
11.4.3;4.3 Dealing with Variations of Attacks;207
11.4.3.1;4.3.1 Automatic Generalization of Hyper-Alert Types;210
11.5;5 Related Work;210
11.6;6 Conclusion;213
11.7;References;213
12;Conventional Cryptographic Primitives;217
12.1;1 Introduction;218
12.2;2 Attacks;218
12.2.1;2.1 Cryptanalytic Attacks;218
12.2.1.1;2.1.1 Classification According to Means;219
12.2.1.2;2.1.2 Classification According to Result;219
12.2.2;2.2 Side-Channel Attacks;219
12.2.2.1;2.2.1 Power Attacks;220
12.2.2.2;2.2.2 Timing Attacks;220
12.2.2.3;2.2.3 Error Message Attacks;220
12.2.2.4;2.2.4 Conclusions;220
12.2.3;2.3 Implications;221
12.3;3 Stream Ciphers;221
12.3.1;3.1 The One-Time Pad;221
12.3.2;3.2 Description;222
12.3.3;3.3 Requirements;222
12.3.4;3.4 Usage;223
12.3.5;3.5 Example Stream Ciphers;223
12.3.5.1;3.5.1 Linear Feedback Shift Registers;223
12.3.5.2;3.5.2 RC4;223
12.3.5.3;3.5.3 SEAL;224
12.3.5.4;3.5.4 Stream Ciphers with Integrity Mechanisms;224
12.4;4 Block Ciphers;224
12.4.1;4.1 The Substitution Cipher;224
12.4.2;4.2 Description;225
12.4.3;4.3 Requirements;226
12.4.4;4.4 Usage: Modes of Operation;227
12.4.4.1;4.4.1 Electronic Code Book (ECB);227
12.4.4.2;4.4.2 Cipher Block Chaining (CBC);227
12.4.4.3;4.4.3 Counter Mode (CTR);228
12.4.5;4.5 Example Block Ciphers;228
12.4.5.1;4.5.1 DES;228
12.4.5.2;4.5.2 3-DES;229
12.4.5.3;4.5.3 AES;229
12.5;5 Hash Functions;230
12.5.1;5.1 Requirements;230
12.5.2;5.2 Breaking a Hash Function;230
12.5.3;5.3 Usage;231
12.5.3.1;5.3.1 Digital Signature Schemes;231
12.5.3.2;5.3.2 Storage of Sensitive Information;231
12.5.4;5.4 Example Hash Functions;232
12.5.4.1;5.4.1 The MD4-Family;232
12.5.4.2;5.4.2 Block Cipher Based Designs;232
12.6;6 Message Authentication Codes;233
12.6.1;6.1 Description;233
12.6.2;6.2 Requirements;233
12.6.3;6.3 Examples;234
12.6.3.1;6.3.1 CBC–MAC;234
12.6.3.2;6.3.2 HMAC;234
12.6.3.3;6.3.3 Universal Hash Functions;235
12.7;7 Outlook;235
12.8;References;236
13;Efficient Trapdoor-Based Client Puzzle Against DoS Attacks;239
13.1;1 Introduction;239
13.2;2 Related Work;242
13.2.1;2.1 Contribution;243
13.2.2;2.2 Organization of the Chapter;243
13.3;3 Preliminary;243
13.3.1;3.1 Trapdoor One-Way Function;243
13.3.2;3.2 Security Assumption;244
13.4;4 Definition;244
13.5;5 The DLP-Based Client Puzzle Scheme;246
13.5.1;5.1 Algorithm;246
13.5.2;5.2 System Description;247
13.5.3;5.3 Security Consideration;249
13.5.4;5.4 Remark;252
13.6;6 System Configuration;254
13.7;7 Discussion;255
13.8;8 Conclusion;257
13.9;References;258
14;Attacks and Countermeasures in Sensor Networks: A Survey;261
14.1;1 Introduction;261
14.2;2 Physical Layer;262
14.2.1;2.1 Attacks in the Physical Layer;262
14.2.1.1;2.1.1 Device Tampering;263
14.2.1.2;2.1.2 Eavesdropping;263
14.2.1.3;2.1.3 Jamming;263
14.2.2;2.2 Countermeasures in the Physical Layer;264
14.2.2.1;2.2.1 Access Restriction;264
14.2.2.2;2.2.2 Encryption;264
14.3;3 MAC Layer;266
14.3.1;3.1 Attacks in the MAC Layer;266
14.3.1.1;3.1.1 Traffic Manipulation;266
14.3.1.2;3.1.2 Identity Spoofing;267
14.3.2;3.2 Countermeasures in the MAC Layer;267
14.3.2.1;3.2.1 Misbehavior Detection;267
14.3.2.2;3.2.2 Identity Protection;269
14.4;4 Network Layer;270
14.4.1;4.1 Attacks in the Network Layer;270
14.4.1.1;4.1.1 False Routing;270
14.4.1.2;4.1.2 Packet Replication;272
14.4.1.3;4.1.3 Black Hole;273
14.4.1.4;4.1.4 Sinkhole;273
14.4.1.5;4.1.5 Selective Forwarding;273
14.4.1.6;4.1.6 Wormhole;274
14.4.2;4.2 Countermeasures in Network Layer;274
14.4.2.1;4.2.1 Routing Access Restriction;274
14.4.2.2;4.2.2 False Routing Information Detection;275
14.4.2.3;4.2.3 Wormhole Detection;275
14.5;5 Application Layer;276
14.5.1;5.1 Attacks in the Application Layer;276
14.5.1.1;5.1.1 Clock Skewing;276
14.5.1.2;5.1.2 Selective Message Forwarding;277
14.5.1.3;5.1.3 Data Aggregation Distortion;277
14.5.2;5.2 Countermeasures in the Application Layer;278
14.5.2.1;5.2.1 Data Integrity Protection;278
14.5.2.2;5.2.2 Data Confidentiality Protection;278
14.6;6 Discussion;278
14.7;7 Conclusion;279
14.8;References;279
15;Index;283
