Security Conference Publications, Early 2015

	Security Conference Publications, Early 2015

The publications cited here are an olio of conference publications from early in 2015.

Ismail, Ziad; Leneutre, Jean; Bateman, David; Chen, Lin, "A Game-Theoretical Model for Security Risk Management of Interdependent ICT and Electrical Infrastructures," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.101,109, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.24 The communication infrastructure is a key element for management and control of the power system in the smart grid. The communication infrastructure, which can include equipment using off-the-shelf vulnerable operating systems, has the potential to increase the attack surface of the power system. The interdependency between the communication and the power system renders the management of the overall security risk a challenging task. In this paper, we address this issue by presenting a mathematical model for identifying and hardening the most critical communication equipment used in the power system. Using non-cooperative game theory, we model interactions between an attacker and a defender. We derive the minimum defense resources required and the optimal strategy of the defender that minimizes the risk on the power system. Finally, we evaluate the correctness and the efficiency of our model via a case study.
Keywords: Communication equipment; Games; Nash equilibrium; Power grids; Security; Substations; Cyber-physical System; Non-cooperative Game Theory; SCADA Security (ID#: 15-4787)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027420&isnumber=7027398

Lee, Chen-Yu; Kavi, Krishna M.; Paul, Raymond A.; Gomathisankaran, Mahadevan, "Ontology of Secure Service Level Agreement," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.166, 172, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.33 Maintaining security and privacy in the Cloud is a complex task. The task is made even more challenging as the number of vulnerabilities associated with the cloud infrastructure and applications are increasing very rapidly. Understanding the security service level agreements (SSLAs) and privacy policies offered by service and infrastructure providers is critical for consumers to assess the risks of the Cloud before they consider migrating their IT operations to the Cloud. To address these concerns relative to the assessment of security and privacy risks of the Cloud, we have developed ontologies for representing security SLAs (SSLA) in this paper. Our ontologies for SSLAs can be used to understand the security agreements of a provider, to negotiate desired security levels, and to audit the compliance of a provider with respect to federal regulations (such as HIPAA).
Keywords: Business; Cloud computing; Facebook; Monitoring; Ontologies; Privacy; Security; SLA; SSLA; cloud computing; security; service level agreement (ID#: 15-4788)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027428&isnumber=7027398

Aghaei-Foroushani, Vahid; Zincir-Heywood, A.Nur, "A Proxy Identifier Based on Patterns in Traffic Flows," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.118, 125, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.26 Proxies are used commonly on today's Internet. On one hand, end users can choose to use proxies for hiding their identities for privacy reasons. On the other hand, ubiquitous systems can use it for intercepting the traffic for purposes such as caching. In addition, attackers can use such technologies to anonymize their malicious behaviours and hide their identities. Identification of such behaviours is important for defense applications since it can facilitate the assessment of security threats. The objective of this paper is to identify proxy traffic as seen in a traffic log file without any access to the proxy server or the clients behind it. To achieve this: (i) we employ a mixture of log files to represent real-life proxy behavior, and (ii) we design and develop a data driven machine learning based approach to provide recommendations for the automatic identification of such behaviours. Our results show that we are able to achieve our objective with a promising performance even though the problem is very challenging.
Keywords: Cryptography; Delays; IP networks; Probes; Web servers; Behavior Analysis; Network Security; Proxy; Traffic Flow (ID#: 15-4789)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027422&isnumber=7027398

Emami-Taba, Mahsa; Amoui, Mehdi; Tahvildari, Ladan, "Strategy-Aware Mitigation Using Markov Games for Dynamic Application-Layer Attacks," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.134,141, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.28 Targeted and destructive nature of strategies used by attackers to break down the system require mitigation approaches with dynamic awareness. In the domain of adaptive software security, the adaptation manager of a self-protecting software is responsible for selecting countermeasures to prevent or mitigate attacks immediately. Making a right decision in each and every situation is one of the most challenging aspects of engineering self-protecting software systems. Inspired by the game theory, in this research work, we model the interactions between the attacker and the adaptation manager as a two-player zero-sum Markov game. Using this game-theoretic approach, the adaptation manager can refine its strategies in dynamic attack scenarios by utilizing what has learned from the system's and adversary's actions. We also present how this approach can be fitted to the well-known MAPE-K architecture model. As a proof of concept, this research conducts a study on a case of dynamic application-layer denial of service attacks. The simulation results demonstrate how our approach performs while encountering different attack strategies.
Keywords: Adaptation models; Computer crime; Game theory; Games; Markov processes; Adaptive Security; Dynamic Application-Layer Attacks; Game Theory; Markov Games (ID#: 15-4790)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027424&isnumber=7027398

Ceccarelli, Andrea; Mori, Marco; Lollini, Paolo; Bondavalli, Andrea, "Introducing Meta-Requirements for Describing System of Systems," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.150, 157, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.31 Complex, evolutionary systems operating in an open world can be seen as a composition of components which interact each other in order to fulfill their requirements. Following this vision, Systems of Systems (SoSs) literature aims at supporting the life of such complex systems taking into account key viewpoints such as emergence, time, mobility, evolution, dynamicity. Although different attempts can be found in the literature to address mostly specific viewpoints separately, it is still missing a unifying approach to analyze the whole set of viewpoints and their relationships, based on the identification of meta-requirements that can be exploited to describe any System of Systems (SoS). To this end, we developed a unifying meta-requirements model to describe SoSs viewpoints and relate them. The model is meant to be used to support the derivation of the requirements for any SoS. This paper introduces the problem, and presents the main notions of the meta-requirements model with the support of a domain-specific scenario.
Keywords: Cascading style sheets; Measurement; Rail transportation; Security; Semantics; Standards; Systems engineering and theory; AMADEOS; RUMI; System of Systems; dynamicity; emergence; evolution; requirement model (ID#: 15-4791)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027426&isnumber=7027398

Xie, Mengjun; Li, Yanyan; Yoshigoe, Kenji; Seker, Remzi; Bian, Jiang, "CamAuth: Securing Web Authentication with Camera," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.232,239, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.41 Frequent outbreak of password database leaks and server breaches in recent years manifests the aggravated security problems of web authentication using only password. Two-factor authentication, despite being more secure and strongly promoted, has not been widely applied to web authentication. Leveraging the unprecedented popularity of both personal mobile devices (e.g., Smartphones) and barcode scans through camera, we explore a new horizon in the design space of two-factor authentication. In this paper, we present Cam Auth, a web authentication scheme that exploits pervasive mobile devices and digital cameras to counter various password attacks including man-in-the-middle and phishing attacks. In Cam Auth, a mobile device is used as the second authentication factor to vouch for the identity of a use who is performing a web login from a PC. The device communicates directly with the PC through the secure visible light communication channels, which incurs no cellular cost and is immune to radio frequency attacks. Cam Auth employs public-key cryptography to ensure the security of authentication process. We implemented a prototype system of Cam Auth that consists of an Android application, a Chrome browser extension, and a Java-based web server. Our evaluation results indicate that Cam Auth is a viable scheme for enhancing the security of web authentication.
Keywords: Authentication; Browsers; DH-HEMTs; Servers; Smart phones (ID#: 15-4792)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027436&isnumber=7027398

Relan, Neha G.; Patil, Dharmaraj R., "Implementation of Network Intrusion Detection System Using Variant Of Decision Tree Algorithm," Nascent Technologies in the Engineering Field (ICNTE), 2015 International Conference on, pp.1, 5, 9-10 Jan. 2015. doi: 10.1109/ICNTE.2015.7029925 As the need of internet is increasing day by day, the significance of security is also increasing. The enormous usage of internet has greatly affected the security of the system. Hackers do monitor the system minutely or keenly, therefore the security of the network is under observation. A conventional intrusion detection technology indicates more limitation like low detection rate, high false alarm rate and so on. Performance of the classifier is an essential concern in terms of its effectiveness; also number of feature to be examined by the IDS should be improved. In our work, we have proposed two techniques, C4.5 Decision tree algorithm and C4.5 Decision tree with Pruning, using feature selection. In C4.5 Decision tree with pruning we have considered only discrete value attributes for classification. We have used KDDCup'99 and NSL_KDD dataset to train and test the classifier. The Experimental Result shows that, C4.5 decision tree with pruning approach is giving better results with all most 98% of accuracy.
Keywords: Accuracy; Classification algorithms; Data mining; Decision trees; Intrusion detection; Testing; Training; Accuracy etc.; Classification Algorithms; False Negative (FN); False Positive (FP); IDS; KDD; NSL_KDD; Pruning; True Negative(TN);True positive (TP) (ID#: 15-4793)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7029925&isnumber=7029899

Pandurang, Rathod Mahesh; Karia, Deepak C., "Performance Measurement of WEP and WPA2 on WLAN Using OpenVPN," Nascent Technologies in the Engineering Field (ICNTE), 2015 International Conference on, pp.1,4, 9-10 Jan. 2015. doi: 10.1109/ICNTE.2015.7029939 With the advancement of wireless networking many serious security issues have been raised. Because of broadcast nature in wireless networks, various attacks such as eavesdropping, Denial of Service, Session hijacking is very much possible. To encounter these attacks various encryption standards such as Wired Equivalent Privacy (WEP) and 802.11i (WPA2) have been deployed along with it Virtual Private Networks (VPNs) have also provided an important solution to security threats that surrounds the use of public networks for private communications. In this paper performance measurement of WEP and WPA2 on wireless local area networks (WLANs) using OpenVPN based on various performance metrics such as throughput, latency and frame loss rate will be done.
Keywords: Encryption; Loss measurement; Standards; Throughput; Wireless LAN; IEEE 802.11i standard (WPA2); OpenVPN; Wired Equivalent Privacy (WEP); frame loss rate; throughput (ID#: 15-4794)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7029939&isnumber=7029899

Hawkins, Richard; Habli, Ibrahim; Kolovos, Dimitris; Paige, Richard; Kelly, Tim, "Weaving an Assurance Case from Design: A Model-Based Approach," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.110, 117, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.25 Assurance cases are used to demonstrate confidence in properties of interest for a system, e.g. For safety or security. A model-based assurance case seeks to bring the benefits of model-driven engineering, such as automation, transformation and validation, to what is currently a lengthy and informal process. In this paper we develop a model-based assurance approach, based on a weaving model, which allows integration between assurance case, design and process models and meta-models. In our approach, the assurance case itself is treated as a structured model, with the aim that all entities in the assurance case become linked explicitly to the models that represent them. We show how it is possible to exploit the weaving model for automated generation of assurance cases. Building upon these results, we discuss how a seamless model-driven approach to assurance cases can be achieved and examine the utility of increased formality and automation.
Keywords: Analytical models; Automation; Control systems; Cryptography; Weaving; arguments; assurance cases; model-driven engineering; safety cases; weaving (ID#: 15-4795)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027421&isnumber=7027398

Li, Xiaohua; Yang, Thomas, "Signal Processing Oriented Approach for Big Data Privacy," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.275, 276, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.23 This paper addresses the challenge of big data security by exploiting signal processing theories. We propose a new big data privacy protocol that scrambles data via artificial noise and secret transform matrices. The utility of the scrambled data is maintained, as demonstrated by a cyber-physical system application. We further outline the proof of the proposed protocol's privacy by considering the limitations of blind source separation and compressive sensing.
Keywords: Big data; Data privacy; Noise; Power demand; Protocols; Vectors; big data; cyber-physical systems; privacy; signal processing
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027443&isnumber=7027398

Yan, Haixing; Fang, Huixing; Kuka, Christian; Zhu, Huibiao, "Verification for OAuth Using ASLan++," High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, pp.76, 84, 8-10 Jan. 2015. doi: 10.1109/HASE.2015.20 Over the past few years, OAuth has become an open authorization standard that is being adopted by a growing number of sites such as Twitter, Facebook and Google. It allows users to grant a third-party application access to restricted resources without providing their credentials. However, ensuring the correctness of implementations of OAuth in applications brings multiple concerns. Therefore, it is crucial to verify OAuth with an exhaustive examination by utilizing formal methods. In this paper, we first formalize OAuth with ASLan++ on the AVANTSSAR platform and propose several fundamental security properties on it which are specified using extended Linear Temporal Logic (LTL) formulas. In a second step, we use a SAT-based Model-Checker (SATMC) to verify whether OAuth violates these properties. As a result, we reveal three attacks which steal and falsify users' critical information.
Keywords: Authentication; Authorization; Browsers; Facebook; Protocols; Servers; ASLan++; Modeling; Oauth; SATMC; Verification (ID#: 15-4796)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027417&isnumber=7027398

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.