وبلاگ بلیان

Identity and Privacy in the Internet Age: 14th Nordic Conference on Secure IT Systems, NordSec 2009, Oslo, Norway, 14-16 October 2009, Proceedings (Lecture ... Computer Science / Security and Cryptology)

معرفی کتاب «Identity and Privacy in the Internet Age: 14th Nordic Conference on Secure IT Systems, NordSec 2009, Oslo, Norway, 14-16 October 2009, Proceedings (Lecture ... Computer Science / Security and Cryptology)» نوشتهٔ Audun Jøsang, Torleiv Maseng, Svein Johan Knapskog (eds.) در سال 2009. این کتاب در 94 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the refereed proceedings of the 14th International Conference on Secure IT Systems, NordSec 2009, held in Oslo, Norway, October 14-16, 2009. The 20 revised full papers and 8 short papers presented were carefully reviewed and selected from 52 submissions. Under the theme Identity and Privacy in the Internet Age, this year's conference explored policies, strategies and technologies for protecting identities and the growing flow of personal information passing through the Internet and mobile networks under an increasingly serious threat picture. Among the contemporary security issues discussed were Security Services Modeling, Petri Nets, Attack Graphs, Electronic Voting Schemes, Anonymous Payment Schemes, Mobile ID-Protocols, SIM Cards, Network Embedded Systems, Trust, Wireless Sensor Networks, Privacy, Privacy Disclosure Regulations, Financial Cryptography, PIN Verification, Temporal Access Control, Random Number Generators, and some more. front-matter......Page 1 Introduction......Page 9 Related Work......Page 11 Theoretical Foundation......Page 12 Event Study Setup......Page 13 Empirical Results......Page 14 Regulatory Implications......Page 17 Managerial Implications......Page 18 Conclusion......Page 19 References......Page 20 Introduction......Page 23 Related Work......Page 24 Identifying Potential Target Group......Page 25 Research Methodology......Page 26 User Side Revenue Generation......Page 28 Advertising at the Exit Node......Page 29 Revenue Generation from Content Providers......Page 30 References......Page 32 Introduction......Page 36 Background......Page 37 Parallel Architecture of P2Priv......Page 38 Anonymity Analysis for P2Priv......Page 39 P2Priv in P2P Scenario......Page 40 P2Priv in Client-Server Scenario......Page 42 Summary of the Results......Page 44 Network Privacy Preserving Parallel Topology......Page 45 Anonymity Analysis for NetPriv......Page 47 Conclusions and Future Work......Page 49 Introduction......Page 52 Background and Rationales of Petname Systems......Page 53 Components......Page 55 Functional Properties......Page 56 Security Usability Properties......Page 57 Evaluation of Security Usability for Petname Systems......Page 58 Application Domains......Page 60 Evaluation of the Petname Tool......Page 62 Evaluation of the TrustBar......Page 64 Summery......Page 65 Conclusions......Page 66 Introduction......Page 68 Security Differences between Web Browsers and Widget Engines......Page 69 Vulnerabilities of the Widget Model......Page 70 Threats......Page 71 Attacks......Page 72 Countermeasures......Page 74 Countermeasures for Widget Engines......Page 75 Countermeasures for Widget Developers......Page 77 References......Page 78 Motivation......Page 80 Key Assignment Schemes......Page 81 Trade-Offs in Key Assignment Schemes......Page 82 Key Assignment Schemes for Temporal Access Control......Page 83 An Immediate Improvement......Page 84 Skipping a Level......Page 86 A Multiplicative Decomposition of Tn......Page 89 A 2-Hop Scheme......Page 90 Minimizing the Number of Edges in the 2-Hop Scheme......Page 91 Other Possibilities......Page 92 Related Work......Page 93 Future Work......Page 94 Introduction......Page 96 Background......Page 97 PIN Management APIs......Page 98 Attacks on Verification API......Page 100 Attacks on the Translate API......Page 102 Our Proposed Fix......Page 103 Packing the MAC into the CVC/CVV......Page 104 Practicalities of Deploying Our Proposal......Page 105 Addressing Translation Attacks......Page 106 Comparison to Other Proposals......Page 108 Conclusions......Page 109 Some Standard 64-Bit PIN Block Formats......Page 110 Introduction......Page 112 Related Work......Page 113 Change Detection Technique......Page 115 Change Point Correlation......Page 116 Correlation Logic......Page 118 Change Point Validation......Page 119 Experimentation......Page 120 Experimental Results......Page 121 Conclusion and Future Directions......Page 125 Motivation......Page 128 Problem Description and Results......Page 129 TKIP Countermeasures......Page 130 How the Attack Works......Page 131 Application Areas......Page 132 DHCP ACK Packet......Page 133 How the Attack Works......Page 134 Consequences......Page 136 Attack Performance......Page 137 Fragmentation Attack......Page 138 Conclusion......Page 139 Introduction......Page 141 Security Properties......Page 142 Existing Security Architectures for WSNs......Page 143 Sensor Network Platform......Page 144 ROM......Page 145 Block Cipher Evaluation......Page 146 CBC-CS Evaluation......Page 149 CMAC Evaluation......Page 150 OCB Evaluation......Page 151 ContikiSec Design......Page 152 References......Page 154 Introduction......Page 156 Related Work......Page 159 The Mechanism for Identity Delegation......Page 161 Identity Delegation Prototype......Page 164 Evaluation......Page 166 Conclusions......Page 168 Introduction......Page 171 Mobile Real-Time Services......Page 172 Classes of Mobile Real-Time Services......Page 173 Classification of Mobile Real-Time Services......Page 174 Empirical Evidence......Page 175 Information Pull Services......Page 176 Notification Push Services......Page 177 Transaction Services......Page 179 Summary of Results......Page 181 Conclusion......Page 182 References......Page 183 Introduction......Page 187 Sources of Randomness......Page 188 Processing Randomness......Page 189 Definition of Randomness Extractor......Page 191 Extractors Based on Carter-Wegman Universal Hashing......Page 193 Choosing Suitable Class of Hash Functions......Page 194 Analysis of Acquired Random Data......Page 195 Conclusion and Future Work......Page 196 Introduction......Page 198 Related Work......Page 200 Requirements......Page 201 Stochastic Activity Networks......Page 203 Key Challenge Petri Net......Page 206 Formalization......Page 207 Example Behaviour......Page 209 Analysis......Page 210 Conclusion and Issues for Further Research......Page 211 References......Page 212 Introduction......Page 215 Norwegian Situation......Page 216 Open Voting Scheme Using Double Envelopes......Page 217 Blind Voting Scheme......Page 218 Blind Voting Scheme Using Symbols......Page 221 Blind Voting Scheme Using CAPTCHAs......Page 222 Tamper Indicating Open Voting Scheme......Page 224 Introduction......Page 226 Certification......Page 227 Open Source......Page 228 Conclusion......Page 229 Introduction......Page 231 The State of the Art in SIM Card Technology......Page 233 Related Work......Page 235 Contextual Evidences......Page 236 The seamless trust builder......Page 237 Implementation......Page 239 Experiments......Page 242 Evaluation......Page 243 Conclusions and Future Work......Page 244 Introduction......Page 247 Running Example......Page 249 Security Properties......Page 251 Iterative Property Representation......Page 253 Effective vs. Iterative Enforcement......Page 254 Iterative Enforcement Mechanism......Page 255 Ligatti Automaton Construction......Page 256 Iterative Enforcement by Suppression Mechanism......Page 258 Conclusions......Page 261 Introduction......Page 263 Anonymization Process......Page 264 Payment Concept......Page 265 Overview over the Protocols......Page 266 Account Creation......Page 267 Authentication at the Payment Instance......Page 268 Charging of the Account and Balance Check......Page 269 Payment Initialization......Page 270 Data Exchange and Repurchase of Traffic Volume......Page 274 Reasons for the Attack......Page 275 Conclusion......Page 277 Introduction......Page 279 The Mobile-ID Protocol......Page 280 Base Security Model......Page 282 Formalization in ProVerif......Page 283 Attacker Controls DigiDocService......Page 286 Attacker Partially Controls the Client......Page 288 Server Chooses the Control Code......Page 289 Summary......Page 291 Conclusions......Page 292 Introduction......Page 295 Related Work......Page 296 Preliminaries......Page 297 Program Abstraction......Page 299 Algorithm......Page 300 Mechanism's Enforcement Power......Page 305 Conclusion and Future Work......Page 307 back-matter......Page 310 The NordSec workshops were started in 1996 with the aim of bringing together - searchers and practitioners within computer security in the Nordic countries – thereby establishing a forum for discussions and co-operation between universities, industry and computer societies. Since then, the workshop has developed into a fully fledged inter- tional information security conference, held in the Nordic countries on a round robin basis. The 14th Nordic Conference on Secure IT Systems was held in Oslo on 14-16 October 2009. Under the theme Identity and Privacy in the Internet Age, this year's conference explored policies, strategies and technologies for protecting identities and the growing flow of personal information passing through the Internet and mobile n- works under an increasingly serious threat picture. Among the contemporary security issues discussed were security services modeling, Petri nets, attack graphs, electronic voting schemes, anonymous payment schemes, mobile ID-protocols, SIM cards, n- work embedded systems, trust, wireless sensor networks, privacy, privacy disclosure regulations, financial cryptography, PIN verification, temporal access control, random number generators, and some more. As a pre-cursor to the conference proper, the Nordic Security Day on Wednesday 14 October hosted talks by leading representatives from industry, academia and the g- ernment sector, and a press conference was given.
دانلود کتاب Identity and Privacy in the Internet Age: 14th Nordic Conference on Secure IT Systems, NordSec 2009, Oslo, Norway, 14-16 October 2009, Proceedings (Lecture ... Computer Science / Security and Cryptology)