Online ISSN
1751-8717
Print ISSN
1751-8709
IET Information Security
Volume 4, Issue 4, December 2010
Volumes & issues:
Volume 4, Issue 4
December 2010
-
- Author(s): H.F. Rashvand ; L. Harn ; J.H. Park ; K. Salah
- Source: IET Information Security, Volume 4, Issue 4, p. 185 –187
- DOI: 10.1049/iet-ifs.2010.9128
- Type: Article
- + Show details - Hide details
-
p.
185
–187
(3)
- Author(s): H.F. Rashvand ; K. Salah ; J.M.A. Calero ; L. Harn
- Source: IET Information Security, Volume 4, Issue 4, p. 188 –201
- DOI: 10.1049/iet-ifs.2010.0041
- Type: Article
- + Show details - Hide details
-
p.
188
–201
(14)
As two major communication technologies, the internet and wireless, are maturing rapidly to dominate our civilised life, the authors urgently need to re-establish users’ confidence to harvest new potential applications of large-scale distributed systems. Service agents and distributed multi-agent systems (MASs) have shown the potential to help with this move as the lack of trust caused by heavily compromised security issues and concerns coupled with the out-of-date solutions are hindering the progress. The authors therefore seek new remedies to ensure that the continuity in developing new economies is maintained through building new solutions to address today's techno-economical problems. Following a scan of the literature the authors discuss the state-of-the-art progress followed by some observations and remarks for the researchers in the field. Here the authors recognise the need for new ‘distributed security’ solutions, as an overlay service, to rejuvenate and exploit the distributed artificial intelligence (AI) techniques for secure MAS as a natural solution to pave the way to enable a long awaited application paradigm of the near future. - Author(s): M. Nojoumian ; D.R. Stinson ; M. Grainger
- Source: IET Information Security, Volume 4, Issue 4, p. 202 –211
- DOI: 10.1049/iet-ifs.2009.0098
- Type: Article
- + Show details - Hide details
-
p.
202
–211
(10)
The authors introduce the notion of a ‘social secret sharing scheme’, in which shares are allocated based on a player's reputation and the way he/she interacts with other participants. During the social tuning phase, weights of players are adjusted such that participants who cooperate will end up with more shares than those who defect. Alternatively, newcomers are able to be enrolled in the scheme while corrupted players are disenrolled immediately. In other words, this scheme proactively renews shares at each cycle without changing the secret, and allows trusted participants to gain more authority. The motivation is that, in real-world applications, components of a secure scheme may have different levels of importance (i.e. the number of shares a player has) as well as reputation (i.e. cooperation with other players for the share renewal or secret recovery). Therefore a good construction should balance these two factors, respectively. In the proposed schemes, both the passive and active mobile adversaries are considered in an unconditionally secure setting. - Author(s): X. Li ; Z. Jia ; P. Zhang ; R. Zhang ; H. Wang
- Source: IET Information Security, Volume 4, Issue 4, p. 212 –232
- DOI: 10.1049/iet-ifs.2009.0140
- Type: Article
- + Show details - Hide details
-
p.
212
–232
(21)
A mobile ad hoc network (MANET) is a self-organised system comprised of mobile wireless nodes. All nodes act as both communicators and routers. Owing to multi-hop routing and absence of centralised administration in open environment, MANETs are vulnerable to attacks by malicious nodes. In order to decrease the hazards from malicious nodes, the authors incorporate the concept of trust to MANETs and build a simple trust model to evaluate neighbours’ behaviours – forwarding packets. Extended from the ad hoc on-demand distance vector (AODV) routing protocol and the ad hoc on-demand multipath distance vector (AOMDV) routing protocol, a trust-based reactive multipath routing protocol, ad hoc on-demand trusted-path distance vector (AOTDV), is proposed for MANETs. This protocol is able to discover multiple loop-free paths as candidates in one route discovery. These paths are evaluated by two aspects: hop counts and trust values. This two-dimensional evaluation provides a flexible and feasible approach to choose the shortest path from the candidates that meet the requirements of data packets for dependability or trust. Furthermore, the authors give a routing example in details to describe the procedures of route discovery and the differences among AODV, AOMDV and AOTDV. Several experiments have been conducted to compare these protocols and the results show that AOTDV improves packet delivery ratio and mitigates the impairment from black hole, grey hole and modification attacks. - Author(s): S. Bishop ; H. Okhravi ; S. Rahimi ; Y.-C. Lee
- Source: IET Information Security, Volume 4, Issue 4, p. 233 –247
- DOI: 10.1049/iet-ifs.2009.0202
- Type: Article
- + Show details - Hide details
-
p.
233
–247
(15)
Covert channel attacks utilise shared resources to indirectly transmit sensitive information to unauthorised parties. Current operating systems (e.g. SELinux) rely on tagging the filesystem with security labels and enforcing security policies at the time of access to a file or resource. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux, an extension to SELinux, utilises watermarking algorithms to ‘colour’ the contents of each file with their respective security classification, or context, to enhance resistance to information laundering attacks. In this study, the authors propose a mobile agent-based approach to automate the process of detecting and colouring receptive hosts' filesystems and monitoring the coloured filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach. The authors have also evaluated the performance of their agent-based system over a single host as well as a local network of machines. Finally, using formal method techniques, the authors have proved correctness properties about the agent-based approach and identified and corrected a flaw in their initial implementation. - Author(s): C.-T. Yen ; T.-C. Wu ; M.-H. Guo ; C.-K. Yang ; H.-C. Chao
- Source: IET Information Security, Volume 4, Issue 4, p. 248 –257
- DOI: 10.1049/iet-ifs.2009.0250
- Type: Article
- + Show details - Hide details
-
p.
248
–257
(10)
The rapid development in electronic commerce and information technology drives the traditional physical product trading evolved to digital product trading. With the effect of the multi-agents system in the Internet environment and the promotions of Government, digital product industry grows fast. The authors proposed a digital product transaction mechanism for electronic auction in the multi-agents system environment. The research introduced a convenient platform to protect the privacies of both buyers and sellers, and track digital product further in an electronic auction environment. In addition, by using simple cryptography techniques supplemented with encryption, the authors ensure the security of information transactions, thereby providing a mechanism of safe and fair digital product electronic auction. - Author(s): P. Sakarindr and N. Ansari
- Source: IET Information Security, Volume 4, Issue 4, p. 258 –272
- DOI: 10.1049/iet-ifs.2009.0261
- Type: Article
- + Show details - Hide details
-
p.
258
–272
(15)
Secure group communication (SGC) has attracted much attention, as group-oriented communications have been increasingly facilitating many emerging applications that require packet delivery from one or more sender(s) to multiple receivers. Of all proposals reported, most have focused on addressing the issue of key management to SGC systems. The authors, however, advocate that security services are also needed to satisfy different security requirements of various applications. The authors also present here a survey on recent advances in several security requirements and security services in group communication systems (GCSs), illustrate some outstanding GCSs that deploy these security services, and describe challenges for any future research works in designing a secure GCS. - Author(s): C.D. Jensen
- Source: IET Information Security, Volume 4, Issue 4, p. 273 –282
- DOI: 10.1049/iet-ifs.2010.0001
- Type: Article
- + Show details - Hide details
-
p.
273
–282
(10)
The Wikipedia is a web-based encyclopedia, written and edited collaboratively by Internet users. Over the past decade, the Wikipedia has experienced a dramatic growth in popularity and is considered by many the primary source of information on the Internet. The Wikipedia has an extremely open editorial policy that allows anybody, to create or modify articles. This has resulted in a broad and detailed coverage of subjects, but it has also caused problems relating to the quality of articles. The Wikipedia Recommender System (WRS) was developed to help human users determine the credibility of an article based on feedback from other Wikipedia users. The WRS calculates a personalised rating for any Wikipedia article based on feedback (recommendations) provided by other Wikipedia users. As part of this process, WRS users are expected to provide their own feedback about the quality of Wikipedia articles that they have read. This makes the WRS a rating-based collaborative filtering system, which implements trust metrics to determine the weight of feedback from different recommenders. In this paper the authors describe the WRS outlining some of the requirements and constraints that shaped the design of the system. The authors also provide a brief overview of the implementation of the WRS prototype. The WRS addresses the general problem of establishing trust in a collaboratively generated resource in a distributed multi-agent system, so the authors believe that the general architecture that underlies the WRS applies to many other applications in such systems. - Author(s): P. Bera ; S.K. Ghosh ; P. Dasgupta
- Source: IET Information Security, Volume 4, Issue 4, p. 283 –300
- DOI: 10.1049/iet-ifs.2009.0174
- Type: Article
- + Show details - Hide details
-
p.
283
–300
(18)
In a typical enterprise network, correct implementation of security policies is becoming increasingly difficult owing to complex security constraints and dynamic changes in network topology. Usually, the network security policy is defined as the collection of service access rules between various network zones. The specification of the security policy is often incomplete since all possible service access paths may not be explicitly covered. This policy is implemented in the network interfaces in a distributed fashion through sets of access control (ACL) rules. Formally verifying whether the distributed ACL implementation conforms to the security policy is a major requirement. The complexity of the problem is compounded as some combination of network services may lead to inconsistent hidden access paths. Further, failure of network link(s) may result in the formation of alternative routing paths and thus the existing security implementation may defy the policy. In this study, an integrated formal verification and fault analysis framework has been proposed which derives a correct ACL implementation with respect to given policy specification and also ensures that the implementation is fault tolerant to certain number of link failures. The verification incorporates boolean modelling of the security policies and ACL implementations and then formulates a satisfiability checking problem. - Author(s): M. Amini and R. Jalili
- Source: IET Information Security, Volume 4, Issue 4, p. 301 –321
- DOI: 10.1049/iet-ifs.2009.0198
- Type: Article
- + Show details - Hide details
-
p.
301
–321
(21)
Semantic technology is widely used in distributed computational environments to increase interoperability and machine readability of information through giving semantics to the underlying information and resources. Semantic-awareness, distribution and interoperability of new generation of distributed systems demand an authorisation model and framework that satisfies essential authorisation requirements of such environments. In this study, the authors propose an authorisation model and framework based on multi-security-domain architecture for distributed semantic-aware environments. The proposed framework is founded based on the MA(DL)2 logic, which enables policy specification and inference (based on the defined semantic relationships) in both conceptual and ground (individual) levels. Also, it enables authorities to have cooperative security management in their shared domain of resources with different administration styles. - Author(s): S. Chandrasekhar ; S. Chakrabarti ; M. Singhal ; K.L. Calvert
- Source: IET Information Security, Volume 4, Issue 4, p. 322 –332
- DOI: 10.1049/iet-ifs.2009.0204
- Type: Article
- + Show details - Hide details
-
p.
322
–332
(11)
Proxy signatures have found extensive use in authenticating agents acting on behalf of users in applications such as grid computing, communications systems, personal digital assistants, information management and e-commerce. Importance of proxy signatures has been repeatedly highlighted by applied cryptographers through different variations, namely threshold proxy signatures, blind proxy signatures and so forth. Unfortunately, most recent constructions of proxy signatures only improve on minor weaknesses of previously built schemes, and most often do not deliver formal security guarantees. In this study, the authors propose a technique to construct provably secure proxy signature schemes using trapdoor hash functions that can be used to authenticate and authorise agents acting on behalf of users in agent-based computing systems. They demonstrate the effectiveness of their approach for creating practical instances by constructing a discrete log-based instantiation of the proposed generic technique that achieves superior performance in terms of verification overhead and signature size compared with existing proxy signature schemes. Formal definitions, security specifications and a detailed theoretical analysis, including correctness, security and performance, of the proposed proxy signature scheme have been provided. - Author(s): Z.A. Baig and K. Salah
- Source: IET Information Security, Volume 4, Issue 4, p. 333 –343
- DOI: 10.1049/iet-ifs.2009.0255
- Type: Article
- + Show details - Hide details
-
p.
333
–343
(11)
Distributed denial of service (DDoS) attacks pose a significant threat to the smooth operations of today's online critical services and applications. Existing mechanisms to detect these attacks have had limited success. With the rapid growth in size and bandwidth of contemporary computer networks, an efficient and effective distributed solution is needed for detecting DDoS attacks. In this study, the authors propose a multiagent pattern recognition mechanism for detecting DDoS attacks, in adistributed fashion. Our proposed solution is very effective in detecting such attacks launched against victim servers residing inside a production network which has multiple gateways to the Internet. Using simulation, the authors show that our proposed mechanism achieves a high degree of accuracy in detecting DDoS attacks, with low false alarm rates, using a reasonable numbers of attack detection agents collaboratively operating in a typical production network. The authors also study the relationship of the number of agents participating in the attack detection process and the false alarm rate of the detection scheme. - Author(s): M. Yu ; W. Zang ; P. Liu
- Source: IET Information Security, Volume 4, Issue 4, p. 344 –351
- DOI: 10.1049/iet-ifs.2009.0264
- Type: Article
- + Show details - Hide details
-
p.
344
–351
(8)
Recovery from attacks has been extensively studied at the database transaction level and the application level in recent years. To recover compromised database transactions, compensating and redoing the compromised database transactions need to be conducted under the concurrency control restrictions. Under a multi-tier service architecture, at the application level, attack recovery has more restrictions introduced by either control dependencies among application activities or application specifications. Thus, the multi-tier service architecture introduces more challenges to the attack recovery problem. In this study, the authors describe the recovery problems with a multi-layer dependency graph (MLDG). They also describe the techniques of damage assessment and recovery based on an MLDG. - Author(s): M.-H. Guo ; H.-T. Liaw ; D.-J. Deng ; H.-C. Chao
- Source: IET Information Security, Volume 4, Issue 4, p. 352 –360
- DOI: 10.1049/iet-ifs.2009.0120
- Type: Article
- + Show details - Hide details
-
p.
352
–360
(9)
In a multi-agent system, there are many intelligent agents distributed in the network. To connect with these agents easily and arbitrarily, wireless ad hoc network is a candidate. Wireless ad hoc network is a distinct network environment with characteristics in self-organisation, dynamical network topologies and easy construction. To provide such networks with secure communication, many researchers tried different ways to create the session key(s). However, there are some drawbacks in session key generation procedure, and the robust session key could not be created. The authors propose a cluster-based secure communication mechanism in wireless ad hoc networks. The proposal applies the Diffie–Hellman key exchange protocol for the session key creation. It helps the clusterhead to reduce the communication overload, to avoid the time synchronisation problem in nodes authentication and to preserve the complete secrecy requirements. - Author(s): Y.-Y. Zhang ; H.-C. Chao ; M. Chen ; L. Shu ; C.-H. Park ; M.-S. Park
- Source: IET Information Security, Volume 4, Issue 4, p. 361 –373
- DOI: 10.1049/iet-ifs.2009.0192
- Type: Article
- + Show details - Hide details
-
p.
361
–373
(13)
Outliers in wireless sensor networks (WSNs) are sensor nodes that issue attacks by abnormal behaviours and fake message dissemination. However, existing cryptographic techniques are hard to detect these inside attacks, which cause outlier recognition a critical and challenging issue for reliable and secure data dissemination in WSNs. To efficiently identify and isolate outliers, this study presents a novel outlier detection and countermeasure scheme (ODCS), which consists of three mechanisms: (i) abnormal event observation mechanism for network surveillance; (ii) exceptional message supervision mechanism for distinguishing fake messages by exploiting spatiotemporal correlation and consistency and (iii) abnormal behaviour supervision mechanism for the evaluation of node behaviour. The ODCS provides a heuristic methodology and does not need the knowledge about normal or malicious sensors in advance. This property makes the ODCS not only to distinguish and deal with various dynamic attacks automatically without advance learning, but also to reduce the requirement of capability for constrained nodes. In the ODCS, the communication is limited in a local range, such as one-hop or a cluster, which can reduce the communication frequency and circumscribe the session range further. Moreover, the ODCS provides countermeasures for different types of attacks, such as the rerouting scheme and the rekey security scheme, which can separate outliers from normal sensors and enhance the robustness of network, even when some nodes are compromised by adversary. Simulation results indicate that our approach can effectively detect and defend the outlier attack. - Author(s): S. Misra ; P.V. Krishna ; K.I. Abraham
- Source: IET Information Security, Volume 4, Issue 4, p. 374 –389
- DOI: 10.1049/iet-ifs.2009.0196
- Type: Article
- + Show details - Hide details
-
p.
374
–389
(16)
Security in wireless mesh networks (WMNs) has always been a major concern ever since the existence of these networks. The open medium and the lack of physical security make the WMNs susceptible to various kinds of attacks. This study addresses the problem of intrusion detection in WMNs. The authors propose a routing protocol that is capable of detecting intrusions, while undertaking the tasks of routing in WMNs. The authors base the routing tasks in the existing protocol on the existing optimised link-state routing protocol. This protocol uses the sampling mechanism for the detection of malicious information in the network. Concepts of learning automata have been introduced to optimise the sampling process. Two new frame formats and its associated handling procedures have been developed. The authors evaluated the performance of our protocol using network simulator 3. In the experiments performed, the highest achieved intrusion detection rate with the proposed protocol was observed to be 94%. - Author(s): H. Wen ; P.-H. Ho ; C. Qi ; G. Gong
- Source: IET Information Security, Volume 4, Issue 4, p. 390 –396
- DOI: 10.1049/iet-ifs.2009.0197
- Type: Article
- + Show details - Hide details
-
p.
390
–396
(7)
The paper introduces a novel message authentication framework over broadcast channels, where a symmetric cryptography-based physical layer assisted message authentication (PLAA) scheme is introduced in wireless networks. The proposed framework integrate the conventional message authentication schemes and the physical layer authentication mechanisms by taking advantage of temporal and spatial uniqueness in physical layer channel responses, aiming to achieving fast authentication while minimising the packet transmission overhead. Our claims through extensive analysis and simulation will be verified via comparing with public key infrastructure-based PLAA scheme and traditional upper layer authentication schemes. - Author(s): F. Raji and B. Tork Ladani
- Source: IET Information Security, Volume 4, Issue 4, p. 397 –410
- DOI: 10.1049/iet-ifs.2009.0217
- Type: Article
- + Show details - Hide details
-
p.
397
–410
(14)
The mobile agent security against malicious hosts is one of the most important subjects in mobile agent technology. An extended requirement for an agent security in different applications is to provide it with anonymity property in such a way that the agent can travel in the network without exposing its owner identity and its itinerary. For this purpose, an agent anonymity protocol is proposed to maintain the anonymity of the agent owner and the agent itinerary. The introduced anonymous agent is also applied to disarm the host against the agent instead of using an armed agent, that is, an agent equipped with protection mechanisms. The analytical discussion demonstrated that this protocol preserves the autonomy of the agent in choosing the migration path and is also resistant against known traffic analysis attacks in mobile agent systems with plausible assumption. Moreover, it is feasible and adjustable regarding the required level of anonymity. - Author(s): J.M. Alcaraz Calero ; G. Martinez Perez ; A.F. Gomez Skarmeta
- Source: IET Information Security, Volume 4, Issue 4, p. 411 –421
- DOI: 10.1049/iet-ifs.2009.0260
- Type: Article
- + Show details - Hide details
-
p.
411
–421
(11)
Authorisation is a crucial process in current information systems. Nowadays, many of the current authorisation systems do not provide methods to describe the semantics of the underlying information model which they are protecting. This fact can lead to mismatch problems between the semantics of the authorisation model and the semantics of the underlying data and resources being protected. In order to solve this problem, this paper describes an authorisation model based on Semantic Web technologies. This authorisation model uses the common information model (CIM) to represent the underlying information model. For this reason, a new conversion process of CIM into the Semantic Web languages has been proposed converting properly the semantics available in the CIM model. This representation provides a suitable information model based on a well-known logic formalism for implementing the authorisation model and a formal language for describing concisely the semantic of the information models being protected. The formal authorisation model supports role-based access control (RBAC), hierarchical RBAC, conditional RBAC and object hierarchies, among other features. Moreover, this paper describes an authorisation architecture for distributed systems taking into account aspects such as privacy among parties and trust management. Finally, some implementation aspects of this system have also been described.
Editorial: Multi-agent & distributed information security
Distributed security for multi-agent systems – review and applications
Unconditionally secure social secret sharing scheme
Trust-based on-demand multipath routing in mobile ad hoc networks
Covert channel resistant information leakage protection using a multi-agent architecture
Digital product transaction mechanism for electronic auction environment
Survey of security services on group communications
Supporting multi-agent reputation calculation in the Wikipedia Recommender System
Integrated security analysis framework for an enterprise network – a formal approach
Multi-level authorisation model and framework for distributed semantic-aware environments
Efficient proxy signatures based on trapdoor hash functions
Multi-Agent pattern recognition mechanism for detecting distributed denial of service attacks
Recovery of data integrity under multi-tier architectures
Cluster-based secure communication mechanism in wireless ad hoc networks
Outlier detection and countermeasure for hierarchical wireless sensor networks
Adaptive link-state routing and intrusion detection in wireless mesh networks
Physical layer assisted authentication for distributed ad hoc wireless sensor networks
Anonymity and security for autonomous mobile agents
Towards an authorisation model for distributed systems based on the Semantic Web
Most viewed content for this Journal
Article
content/journals/iet-ifs
Journal
5
Most cited content for this Journal
-
High accuracy android malware detection using ensemble learning
- Author(s): Suleiman Y. Yerima ; Sakir Sezer ; Igor Muttik
- Type: Article
-
Crypto-based algorithms for secured medical image transmission
- Author(s): Ali Al-Haj ; Gheith Abandah ; Noor Hussein
- Type: Article
-
Pseudorandom bit generator based on non-stationary logistic maps
- Author(s): Lingfeng Liu ; Suoxia Miao ; Hanping Hu ; Yashuang Deng
- Type: Article
-
Constructing important features from massive network traffic for lightweight intrusion detection
- Author(s): Wei Wang ; Yongzhong He ; Jiqiang Liu ; Sylvain Gombault
- Type: Article
-
Empirical analysis of Tor Hidden Services
- Author(s): Gareth Owen and Nick Savage
- Type: Article