Communications in Computer and Information Science 29 Haeng-kon Kim Tai-hoon Kim Akingbehin Kiumi (Eds.) Advances in Security Technology International Conference SecTech 2008, and Its Special Sessions Sanya, Hainan Island, China, December 13-15, 2008 Revised Selected Papers 1 3 VolumeEditors Haeng-konKim CatholicUniversityofDaegu SouthKorea E-mail:[email protected] Tai-hoonKim HannamUniversity,Daejeon SouthKorea E-mail:[email protected] AkingbehinKiumi UniversityofMichigan-Dearborn Dearborn,MI,USA E-mail:[email protected] LibraryofCongressControlNumber:Appliedfor CRSubjectClassification(1998):E.3,D.4.6,K.6.5,D.2,C.2 ISSN 1865-0929 ISBN-10 3-642-10239-5SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-10239-4SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©Springer-VerlagBerlinHeidelberg2009 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12792863 06/3180 543210 Preface As security technology (ST) becomes specialized and fragmented, it is easy to lose sight that many topics in ST have common threads and because of this, advances in one sub-discipline may transmit to another. The presentation of results between dif- ferent sub-disciplines of ST encourages this interchange for the advancement of ST as a whole. Of particular interest is the hybrid approach of combining ideas from one discipline with those of another to achieve a result that is more significant than the sum of the individual parts. Through this hybrid philosophy, a new or common prin- ciple can be discovered which has the propensity to propagate throughout this multi- faceted discipline. This volume comprises the selection of extended versions of papers that were pre- sented in their shortened form at the 2008 International Conference on Security Tech- nology (http://www.sersc.org/SECTECH2008/) and 2009 Advanced Science and Tech- nology (http://www.sersc.org/AST2009/). We would like to acknowledge the great effort of all in the SecTech 2008 and AST 2009 International Advisory Board and members of the International Program Committee, as well as all the organizations and individuals who supported the idea of publishing these advances in security technology, including SERSC (http://www.sersc.org/) and Springer. We would like to give special thanks to Rosslin John Robles, Maricel O. Balitanas, Farkhod Alisherov Alisherovish, Feruza Sattarova Yusfovna. These graduate school students of Hannam University attended to the editing process of this volume with great passion. We strongly believe in the need for continuing this undertaking in the future, in the form of a conference, journal, or book series. In this respect we welcome any feedback. April 2009 Haeng-kon Kim Tai-hoon Kim Akingbehin Kiumi Organization General Co-chairs Tai-hoon Kim Hannam University, Korea Wai Chi Fang NASA JPL, USA Program Co-chairs Changhoon Lee Korea University, Korea Kirk P. Arnett Mississippi State University, USA Publicity Co-chairs Hai Jin Huazhong University of Science and Technology, China Antonio Coronato ICAR-CNR, Italy Damien Sauveron Université de Limoges/CNRS, France Hua Liu Xerox Corporation, USA Kevin Raymond Boyce Butler Pennsylvania State University, USA Guojun Wang Central South University, China Tao Jiang Huazhong University of Science and Technology, China Gang Wu UESTC, China Yoshiaki Hori Kyushu University, Japan Publication Chair Yong-ik Yoon Sookmyung Women's University, Korea System Management Chair Sang-Soo Yeo Kyushu University, Japan International Advisory Board Dominik Slezak Inforbright, Poland Edwin H-M. Sha University of Texas at Dallas, USA Jong Hyuk Park Kyungnam University, Korea Justin Zhan CMU, USA VIII Organization Kouich Sakurai Kyushu University, Japan Laurence T. Yang St. Francis Xavier University, Canada Byeong-Ho KANG University of Tasmania, Australia Program Committee Abdelwahab Hamou-Lhadj Concordia University, Canada Ajay Kumar Indian Institute of Technology Deihi, India Bin Xiao The Hong Kong Polytechnic University, China ByungRae Cha Honam University, Korea C. Lambrinoudakis University of the Aegean, Greece Chin-Laung Lei Taiwan Chun-Yang Chen Institute of Information Science, Academia Sinica, Taiwan Damien Sauveron UMR 6172 University of Limoges / CNRS, France E. Konstantinou University of the Aegean, Greece Edwin H-M. Sha University of Texas at Dallas, USA Eul Gyu Im Hanyang University, Korea Gerald Schaefer Aston University, UK Hsiang-Cheh Huang National University of Kaohsiung, Taiwan Hyun-Sung Kim Kyungil University, Korea J. H. Abbawajy Deakin University, Australia Jaechul Sung University of Seoul, Korea Jan deMeer University of Applied Sciences TFH Berlin, Germany Javier Garcia Villalba Complutense University of Madrid, Spain Jiang (Leo) Li Howard University, USA Jin Kwak Soonchunhyang University, Korea Jongmoon Baik Information and Communications University, Korea Jordi Castella-Roca Rovira i Virgili University, Spain Jordi Forne Universitat Politecnica de Catalunya, Spain Jung-Taek Seo The Attached Institute of ETRI, Korea Justin Zhan CMU, USA Kyungjun Kim Honam University, Korea Larbi Esmahi Athabasca University, Canada Luigi Buglione Atos Origin, Italy MalRey Lee Chonbuk University, Korea Martin Drahansky University of Technology, Czech Republic Michael Tunstall University College Cork, Ireland Qi Shi Liverpool John Moores University, UK Radu G. Andrei PluraTech, USA Rodrigo Mello University of Sao Paulo, Brazil Seokhie Hong Korea University, Korea Serge Chaumette University Bordeaux 1, France Stan Kurkovsky Central Connecticut State University, USA Stan Matwin University of Ottawa, Canada Stefanos Gritzalis University of the Aegean, Greece Organization IX Tanya Vladimirova University of Surrey, UK Tony Shan University of Phoenix, USA Tughrul Arslan University of Edinburgh, UK Vincent Hsu L1-Identity Solutions, USA Wen-Shenq Juang National Kaohsiung First University of Science & Tech., Taiwan Yeong Deok Kim Woosong University Yong Man Ro Information and Communication University, Korea Young Ik Eom Sungkyunkwan University, Korea Table of Contents Security Analysis of “A Novel Elliptic Curve Dynamic Access Control System” ........................................................ 1 Wen-Chung Kuo VoIP SPAM Response System Adopting Multi-leveled Anti-SPIT Solutions ....................................................... 15 Jongil Jeong, Seokung Yoon, Taijin Lee, Hyuncheol Jeong, and Yoojae Won Feature Extraction for IRIS Recognition ............................ 31 Debnath Bhattacharyya, Poulami Das, Samir Kumar Bandyopadhyay, and Tai-hoon Kim Bidirectional Quantum Secure Direct Communication Based on Entanglement ................................................... 40 Dazu Huang, Zhigang Chen, Jianquan Xie, and Ying Guo Study and Implementation of SELinux-Like Access Control Mechanism Based on Linux.................................................. 50 Gaoshou Zhai and Yaodong Li Researchon Streaming Data IntegrationSystem about Security Threat Monitor ........................................................ 67 Aiping Li, Jiajia Miao, and Yan Jia Using Honeypots to Secure E-Government Networks.................. 79 Bahman Nikkhahan, Sahar Sohrabi, and Shahriar Mohammadi Trust-Risk-Game Based Access Control in Cross Domain Application... 89 Yan Li, Jinqiang Ren, Huiping Sun, Haining Luo, and Zhong Chen Impossible Differential Characteristics of Extended Feistel Networks with Provable Security Against Differential Cryptanalysis ............. 103 Huihui Yap Evaluating the Applicability of a Use Case Precedence Diagram Based Approach in Software Development Projects through a Controlled Experiment ..................................................... 122 Jos´e Antonio Pow-Sang, Arturo Nakasone, Ana Mar´ıa Moreno, and Ricardo Imbert Software Project Profitability Analysis Using Temporal Probabilistic Reasoning; An Empirical Study with the CASSE Framework .......... 138 Joseph K. Balikuddembe, Isaac O. Osunmakinde, and Antoine Bagula XII Table of Contents A Secured Technique for Image Data Hiding......................... 151 Debnath Bhattacharyya, Poulami Das, Swarnendu Mukherjee, Debashis Ganguly, Samir Kumar Bandyopadhyay, and Tai-hoon Kim Author Index.................................................. 161 Security Analysis of “A Novel Elliptic Curve Dynamic Access Control System” Wen-Chung Kuo Department of Computer Science and Information Engineering, National Formosa University,Taiwan, R.O.C. [email protected] Abstract. In 2007, Wen et al. proposed a novel elliptic curve dynamic access control system. In this paper, we will show that the scheme is vulnerable tovarious attacks. Keywords: Elliptic CurveCryptosystem, Hierarchy,Access Control. 1 Introduction As the development of information data and networking technology increase rapidly, various digital multimedia can be transmitted over the Internet. In order to manage the accessing priority, many computer communication sys- tems often employ user hierarchies to solve access control problems. A user hierarchy structure is constructed by dividing users into a number of disjoint classes SC1,SC2,...,SCn are n disjointed classes with a binary partially or- dered relation ≤. The meaning of SCi ≤ SCj denotes that the security class SCj have a security clearance higher than or equal to the security class SCi, while the opposite is not allowed. This form of access control mechanism has many proven operational and security benefits, and has therefore been widely applied for a diverse range of governmental, diplomatic, military and business systems applications[13]. Fig.1 shows the poset in a user hierarchy and the arrowhead represents a relationship that the higher-level security class is authorized with the security clearance higher than the lower-level one. For example, there is an arrow from SC to SC , i.e. the statement SC ≤ SC , means that SC is the predecessor 3 6 6 3 3 of SC and SC the successor of SC . In other words, users in SC can derive 6 6 3 3 thesecretkeyinSC andaccessinformationheldbyusersinSC ,buttheusers 6 6 in SC cannot access the information held by the users in SC . Furthermore, if 6 3 there is no other security class SC in SC so that SC ≤SC ≤SC , then SC 2 5 2 1 1 is called the immediate predecessor of SC , and SC the immediate successor 5 5 to SC . [2] 1 AklandTaylor[1](AT-schemeforshort)firstproposedasimplecryptographic key assignment scheme to solve the access control problems in 1983. However, there is a seriousdrawbackin AT-scheme,i.e.,it fails to providethe userwith a convenientway to change his/her secret key under the secure considerations.In T.-k.Kim,T.-h.Kim,andA.Kiumi(Eds.):SecTech2008,CCIS29,pp.1–14,2009. (cid:2)c Springer-VerlagBerlinHeidelberg2009