Network Security (eBook)

Preface 5
Contents 6
Contributors 8
Secure Metering Schemes 11
1 Introduction 11
2 State of the Art 15
2.1 Client Authentication 15
2.2 Micropayments 15
2.3 Pricing via Processing 16
2.4 Threshold Computation of a Function 16
2.5 Secret Sharing 17
3 General Framework 17
3.1 Assumptions and Requirements 18
3.2 Complexity Measures 20
4 Unconditionally Secure Metering Schemes 20
4.1 Threshold Metering Schemes 21
4.1.1 An Entropy Based Model 23
4.2 Metering Schemes with Pricing 25
4.3 Metering Schemes for General Access Structures 28
5 Computationally Secure Metering Schemes 33
5.1 Naor and Pinkas Scheme 33
5.2 Ogata–Kurosawa Scheme 35
5.3 Hash-Based Scheme 36
6 Conclusions 38
References 41
A Cryptographic Framework for the Controlled Release Of Certified Data 43
1 Introduction 43
2 A Cryptographic Framework for the Controlled Release of Certified Data 45
2.1 A Framework of Cryptographic Primitives 46
2.2 Cryptography for the Controlled Release of Certified Data 48
3 Example Applications of the Framework 50
3.1 An Anonymous Credential System with Anonymity Revocation 51
3.2 Anonymous e-cash 51
4 Concrete Framework 52
4.1 Preliminaries 53
4.1.1 Notation 53
4.1.2 Bi-Linear Maps 53
4.2 Commitment Scheme 54
4.2.1 Pedersen's Commitment Scheme 54
4.2.2 An Integer Commitment Scheme 54
4.2.3 Proving the Length of a Discrete Logarithm 55
4.3 The SRSA-CL Signature Scheme and Its Protocols 55
4.3.1 The SRSA-CL Signature Scheme 56
4.3.2 Obtaining of a Signature on Committed Messages 57
4.3.3 Prove Knowledge of a Signature on Committed Messages 58
4.4 The BM-CL Signature Schemes and Its Protocols 58
4.4.1 The Signature Scheme 58
4.4.2 Obtaining of a Signature on Committed Messages 59
4.4.3 Prove Knowledge of a Signature on Committed Messages 60
4.5 The CS Encryption and Verifiable Encryption 61
4.5.1 The Encryption Scheme 61
4.5.2 Verifiable Encryption of Discrete Logarithms 62
5 Bibliographic Notes 63
References 64
Scalable Group Key Management for Secure Multicast: A Taxonomy and New Directions 67
1 Introduction 67
2 A Taxonomy of Group Rekeying Protocols 69
2.1 Stateful Protocols 69
2.2 Stateless Protocols 72
2.3 Reliable Key Distribution 75
2.4 Self-Healing Key Distribution 77
2.4.1 Polynomial-Based Self-Healing 77
2.4.2 Self-Healing SDR 79
2.5 Rekeying Optimization 80
2.6 Group Rekeying in Ad-hoc and Sensor Networks 80
2.6.1 Group Rekeying for Ad-hoc Networks 81
2.6.2 Group Rekeying for Sensor Networks 82
3 New Research Directions 83
References 84
Web Forms and Untraceable DDoS Attacks 87
1 Introduction 87
2 Related Work 90
3 The Attack 92
3.1 Description of Vulnerability 92
3.2 Finding the Victim 92
3.3 Phase I: Harvesting Suitable Forms 93
3.4 Phase II: Automatically Filling Forms 94
3.5 Poorly Behaved Sites 94
3.6 Well Behaved Sites 95
3.7 On the Difficulty of Tracing an Attacker 95
4 Experimental Data 96
4.1 Experimental Setup 96
4.2 Results 97
5 Defense Mechanisms 101
5.1 Prevention of Attacks 101
5.2 Detection and Management of Attacks 102
5.3 Synergy Between Defense of Launch Pads and Victims 103
6 Conclusion 104
References 105
Mechanical Verification of Cryptographic Protocols 107
1 Introduction 107
2 Security Protocols 108
3 Flaws in Security Protocols 109
3.1 The Needham–Schroeder Public Key Protocol 109
3.2 Lowe's Attack 110
4 Existing Protocol Verification Methods 111
4.1 State Based Methods 112
4.2 Rule Based Methods 113
5 A Knowledge Based Verification Framework 116
5.1 Basic Notations and Data Structures 116
5.2 Action Functions and Predicates 117
5.3 Assumptions 117
5.4 Rules 118
6 Verifying Needham–Schroeder–Lowe Protocol Mechanically 120
6.1 Modelling the Protocol 120
6.2 Some Important Lemmas 121
6.3 Secrecy of Nonces 122
6.4 Proving Guarantee for B 123
6.5 Proving Guarantee for A 124
6.6 Summary 124
References 124
Routing Security in Ad Hoc Wireless Networks 127
1 Introduction to Ad Hoc Wireless Networks 128
2 Overview of Routing Protocols in Ad Hoc Wireless Networks 129
2.1 Proactive Routing Protocols 130
2.2 Reactive Routing Protocols 131
2.3 Hybrid Routing Protocols 132
2.4 Broadcasting in Ad Hoc Wireless Networks 133
3 Security Services and Challenges in Ad Hoc Wireless Networks 134
4 Security Attacks on Routing Protocols in Ad Hoc Wireless Networks 135
4.1 Attacks Using Impersonation 136
4.2 Attacks Using Modification 136
4.3 Attacks Using Fabrication 137
4.4 Replay Attacks 138
4.5 Denial of Service 138
5 Security Mechanisms and Solutions for Routing Protocols in Ad Hoc WirelessNetworks 139
5.1 Secure Efficient Ad hoc Distance Vector 140
5.2 ARIADNE 140
5.3 Security Aware Routing 141
5.4 Secure Routing Protocol 142
5.5 Secure Routing Protocol for Ad Hoc Networks 143
5.6 Security Protocols for Sensor Network 144
5.7 Cooperation Of Nodes Fairness In Dynamic Ad-hoc NeTworks 144
5.8 Defense Mechanisms Against Rushing Attacks 145
5.9 Defense Mechanisms Against Wormhole Attacks 146
5.10 Defense Mechanisms Against Sybil Attacks 147
5.11 Security Mechanisms for Broadcast Operation 148
6 Conclusions 149
References 151
Insider Threat Assessment: Model, Analysis and Tool 153
1 Introduction 153
1.1 Summary of Contributions 155
1.2 Chapter Organization 156
2 Insider Threat: A Review 156
3 Modeling Insider Threat 157
3.1 Model Overview 157
3.2 The Min-Hack Problem 159
4 Modeling Methodology and Applications 161
4.1 Practical Considerations 161
4.2 Illustrations 163
5 Threat Analysis 166
5.1 On the Complexity of Analyzing Key Challenge Graphs 166
5.1.1 Approximation Algorithms and Approximation Ratios 167
5.1.2 Minimum Label Coverp 167
5.1.3 Minimum Monotone Satisfying Assignment 168
5.1.4 Reducing MMSA to Min-Hack 169
5.1.5 Reducing Label-Cover to Min-Hack 171
5.1.6 Reducing PCP to Min-Hack 174
5.2 Threat Analysis Algorithms 177
5.3 Algorithm Benchmarking 178
6 Related Work 180
6.1 Formal Models 180
6.2 Security Audit Tools 181
6.3 Metrics 182
7 Conclusion And Future Work 182
References 183
Toward Automated Intrusion Alert Analysis 185
1 Introduction 185
2 Correlating Intrusion Alerts Based on Prerequisites and Consequences of Attacks 187
2.1 Prerequisite and Consequence of Attacks 188
2.2 Hyper-Alert Type and Hyper-Alert 188
3 Analyzing Intensive Alerts 194
3.1 Alert Aggregation and Disaggregation 195
3.1.1 Alert Aggregation 195
3.1.2 Alert Disaggregation 197
3.2 Focused Analysis 198
3.3 Clustering Analysis 199
3.4 Frequency Analysis 200
3.5 Link Analysis 200
3.6 Association Analysis 202
3.7 Discussion 203
4 Learning Attack Strategies from Correlated Alerts 203
4.1 Attack Strategy Graph 204
4.2 Learning Attack Strategies 206
4.3 Dealing with Variations of Attacks 207
4.3.1 Automatic Generalization of Hyper-Alert Types 210
5 Related Work 210
6 Conclusion 213
References 213
Conventional Cryptographic Primitives 217
1 Introduction 218
2 Attacks 218
2.1 Cryptanalytic Attacks 218
2.1.1 Classification According to Means 219
2.1.2 Classification According to Result 219
2.2 Side-Channel Attacks 219
2.2.1 Power Attacks 220
2.2.2 Timing Attacks 220
2.2.3 Error Message Attacks 220
2.2.4 Conclusions 220
2.3 Implications 221
3 Stream Ciphers 221
3.1 The One-Time Pad 221
3.2 Description 222
3.3 Requirements 222
3.4 Usage 223
3.5 Example Stream Ciphers 223
3.5.1 Linear Feedback Shift Registers 223
3.5.2 RC4 223
3.5.3 SEAL 224
3.5.4 Stream Ciphers with Integrity Mechanisms 224
4 Block Ciphers 224
4.1 The Substitution Cipher 224
4.2 Description 225
4.3 Requirements 226
4.4 Usage: Modes of Operation 227
4.4.1 Electronic Code Book (ECB) 227
4.4.2 Cipher Block Chaining (CBC) 227
4.4.3 Counter Mode (CTR) 228
4.5 Example Block Ciphers 228
4.5.1 DES 228
4.5.2 3-DES 229
4.5.3 AES 229
5 Hash Functions 230
5.1 Requirements 230
5.2 Breaking a Hash Function 230
5.3 Usage 231
5.3.1 Digital Signature Schemes 231
5.3.2 Storage of Sensitive Information 231
5.4 Example Hash Functions 232
5.4.1 The MD4-Family 232
5.4.2 Block Cipher Based Designs 232
6 Message Authentication Codes 233
6.1 Description 233
6.2 Requirements 233
6.3 Examples 234
6.3.1 CBC–MAC 234
6.3.2 HMAC 234
6.3.3 Universal Hash Functions 235
7 Outlook 235
References 236
Efficient Trapdoor-Based Client Puzzle Against DoS Attacks 239
1 Introduction 239
2 Related Work 242
2.1 Contribution 243
2.2 Organization of the Chapter 243
3 Preliminary 243
3.1 Trapdoor One-Way Function 243
3.2 Security Assumption 244
4 Definition 244
5 The DLP-Based Client Puzzle Scheme 246
5.1 Algorithm 246
5.2 System Description 247
5.3 Security Consideration 249
5.4 Remark 252
6 System Configuration 254
7 Discussion 255
8 Conclusion 257
References 258
Attacks and Countermeasures in Sensor Networks: A Survey 261
1 Introduction 261
2 Physical Layer 262
2.1 Attacks in the Physical Layer 262
2.1.1 Device Tampering 263
2.1.2 Eavesdropping 263
2.1.3 Jamming 263
2.2 Countermeasures in the Physical Layer 264
2.2.1 Access Restriction 264
2.2.2 Encryption 264
3 MAC Layer 266
3.1 Attacks in the MAC Layer 266
3.1.1 Traffic Manipulation 266
3.1.2 Identity Spoofing 267
3.2 Countermeasures in the MAC Layer 267
3.2.1 Misbehavior Detection 267
3.2.2 Identity Protection 269
4 Network Layer 270
4.1 Attacks in the Network Layer 270
4.1.1 False Routing 270
4.1.2 Packet Replication 272
4.1.3 Black Hole 273
4.1.4 Sinkhole 273
4.1.5 Selective Forwarding 273
4.1.6 Wormhole 274
4.2 Countermeasures in Network Layer 274
4.2.1 Routing Access Restriction 274
4.2.2 False Routing Information Detection 275
4.2.3 Wormhole Detection 275
5 Application Layer 276
5.1 Attacks in the Application Layer 276
5.1.1 Clock Skewing 276
5.1.2 Selective Message Forwarding 277
5.1.3 Data Aggregation Distortion 277
5.2 Countermeasures in the Application Layer 278
5.2.1 Data Integrity Protection 278
5.2.2 Data Confidentiality Protection 278
6 Discussion 278
7 Conclusion 279
References 279
Index 283