ebook img

Emerging Challenges for Security, Privacy and Trust: 24th IFIP TC 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18–20, 2009. Proceedings PDF

456 Pages·2009·12.962 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Emerging Challenges for Security, Privacy and Trust: 24th IFIP TC 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18–20, 2009. Proceedings

IFIP Advances in Information and Communication Technology 297 IFIP–TheInternationalFederationforInformationProcessing IFIPwasfoundedin1960undertheauspicesofUNESCO,followingtheFirst WorldComputerCongressheldinParisthepreviousyear.Anumbrellaorgani- zation for societies working in information processing, IFIP’s aim is two-fold: tosupportinformationprocessingwithinitsmembercountriesandtoencourage technologytransfertodevelopingnations.Asitsmissionstatementclearlystates, IFIP’s mission is to be the leading, truly international, apolitical organizationwhichencouragesandassistsinthedevelopment,ex- ploitationandapplicationofinformationtechnologyforthebenefit ofallpeople. IFIPisanon-profitmakingorganization,runalmostsolelyby2500volunteers.It operatesthroughanumberoftechnicalcommittees,whichorganizeeventsand publications.IFIP’seventsrangefromaninternationalcongresstolocalseminars, butthemostimportantare: • TheIFIPWorldComputerCongress,heldeverysecondyear; • Openconferences; • Workingconferences. TheflagshipeventistheIFIPWorldComputerCongress,atwhichbothinvited andcontributedpapersarepresented.Contributedpapersarerigorouslyrefereed andtherejectionrateishigh. As with the Congress, participation in the open conferences is open to all and papersmaybeinvitedorsubmitted.Again,submittedpapersarestringentlyref- ereed. The working conferences are structured differently. They are usually run by a workinggroupandattendanceissmallandbyinvitationonly.Theirpurposeis tocreateanatmosphereconducivetoinnovationanddevelopment.Refereeingis lessrigorousandpapersaresubjectedtoextensivegroupdiscussion. Publications arising from IFIP events vary. The papers presented at the IFIP WorldComputerCongressandatopenconferencesarepublishedasconference proceedings,whiletheresultsoftheworkingconferencesareoftenpublishedas collectionsofselectedandeditedpapers. Anynationalsocietywhoseprimaryactivityisininformationmayapplytobe- comeafullmemberofIFIP,althoughfullmembershipisrestrictedtoonesociety percountry.FullmembersareentitledtovoteattheannualGeneralAssembly, Nationalsocietiespreferringalesscommittedinvolvementmayapplyforasso- ciateorcorrespondingmembership.Associatemembersenjoythesamebenefits asfullmembers,butwithoutvotingrights.Correspondingmembersarenotrep- resentedinIFIPbodies.Affiliatedmembershipisopentonon-nationalsocieties, andindividualandhonorarymembershipschemesarealsooffered. Dimitris Gritzalis Javier Lopez (Eds.) Emerging Challenges for Security, Privacy and Trust 24th IFIP TC 11 International Information Security Conference, SEC 2009 Pafos, Cyprus, May 18–20, 2009 Proceedings 1 3 VolumeEditors DimitrisGritzalis AthensUniversityofEconomicsandBusiness,DepartmentofInformatics InformationSecurityandInfrastructureProtectionResearchGroup 76PatissionAve.,10434Athens,Greece E-mail:[email protected] JavierLopez UniversityofMalaga,ComputerScienceDepartment E.T.S.I.Informatica CampusTeatinos,29071Malaga,Spain E-mail:[email protected] LibraryofCongressControlNumber:Appliedfor CRSubjectClassification(1998):C.2,D.4.6,H.2.0,H.2.7,K.4.4,K.6.5 ISSN 1868-4238 ISBN-10 3-642-01243-4SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-01243-3SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©InternationalFederationforInformationProcessing2009 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12659401 06/3180 543210 Preface It was an honor and a privilege to chair the 24th IFIP International Information Secu- rity Conference (SEC 2009), a 24-year-old event that has become a tradition for in- formation security professionals around the world. SEC 2009 was organized by the Technical Committee 11 (TC-11) of IFIP, and took place in Pafos, Cyprus, during May 18–20, 2009. It is an indication of good fortune for a Chair to serve a conference that takes place in a country with the natural beauty of Cyprus, an island where the hospitality and friend- liness of the people have been going together, hand-in-hand, with its long history. This volume contains the papers selected for presentation at SEC 2009. In response to the call for papers, 176 papers were submitted to the conference. All of them were evaluated on the basis of their novelty and technical quality, and reviewed by at least two members of the conference Program Committee. Of the papers submitted, 39 were selected for presentation at the conference; the acceptance rate was as low as 22%, thus making the conference a highly competitive forum. It is the commitment of several people that makes international conferences possi- ble. That also holds true for SEC 2009. The list of people who volunteered their time and energy to help is really long. We would like to express our sincere appreciation to the members of the Program Committee, to the external reviewers, and to the authors who trusted their work in our hands. Many thanks go, also, to all conference attendees. We thank our distinguished keynote speakers, namely, Bart Preneel (Katholieke Univer- siteit Leuven) and Christos Ellinides (European Commission/DIGIT) for accepting our invitation and for honoring the conference with their presence and their inspired talks. Last, but by no means least, we thank the local organizers and hosts, first among them being Philippos Peleties and Panikos Masouras, who took care of every detail, so that SEC 2009 would be a successful and memorable event. Finally, let us express a short personal note. We would like to thank all TC-11 mem- bers for giving us the opportunity to serve the SEC 2009 in a PC Chair’s capacity. It was the first time such an opportunity was given to Javier Lopez, the national representative of Spain. It was the third time (SEC 1996/Samos, SEC 2003/Athens, SEC 2009/Pafos) this opportunity was given to Dimitris Gritzalis, the national repre- sentative of Greece, who has, thus, already become a kind of …dinosaur in the long history of the SEC conferences. Dimitris Gritzalis Javier Lopez Organization General Chairs Philippos Peleties Cyprus Computer Society, Cyprus Panikos Masouras Cyprus Computer Society, Cyprus Program Chairs Dimitris Gritzalis Athens University of Economics and Business, Greece Javier Lopez University of Malaga, Spain Program Committee Vijay Atluri Rutgers University, USA Lujo Bauer Carnegie Mellon University, USA Joachim Biskup Technical University of Dortmund, Germany Jan Camenisch IBM Research, Switzerland Bart de Decker Katholieke Universiteit Leuven, Belgium Yves Deswarte LAAS-CNRS, France Ed Dawson Queensland University of Technology, Australia Jan Eloff University of Pretoria, South Africa Simone Fischer-Huebner Karlstad University, Sweden Debora Frincke Pacific Northwest National Laboratory, USA Steven Furnell University of Plymouth, UK Sushil Jajodia George Mason University, USA Lech Janczewski University of Auckland, New Zealand Sokratis Katsikas University of Piraeus, Greece Costas Lambrinoudakis University of the Aegean, Greece Fabio Martinelli National Research Council, Italy Natalia Miloslavskaya MEPHI, Russia Refic Molva Institut Eurecom, France Kostas Moulinos ENISA, European Union Yuko Murayama Iwate Prefectural University, Japan Eiji Okamoto University of Tsukuba, Japan Rolf Oppliger eSecurity, Switzerland George Pangalos Aristotle University of Thessaloniki, Greece Jong-Hyuk Park Kyungnam University, South Korea Gunther Pernul University of Regensburg, Germany Bart Preneel Katholieke Universiteit Leuven, Belgium VIII Organization Sihan Qing Chinese Academy of Sciences, China Kai Rannenberg Goethe University Frankfurt, Germany Rodrigo Roman University of Malaga, Spain Pierangela Samarati University of Milan (Bicocca), Italy Sujeet Shenoi University of Tulsa, USA Miguel Soriano Technical University of Catalonia, Spain Willy Susilo University of Wollongong, Australia Stefanie Teufel University of Freiburg, Switzerland Bill Tsoumas Ernst & Young, Greece Gene Tsudik University of California (Irvine), USA Rossouw von Solms Nelson Mandela Metropolitan University, South Africa Tatjana Welzer University of Maribor, Slovenia Stephen Wolthusen Gjovik University College, Norway Louise Yngstrom University of Stockholm, Sweden Jianying Zhou I2R, Singapore Local Organizing Committee Yiannos Aletraris Cyprus Computer Society Michalis Georgiou Cyprus Computer Society George Beitis Cyprus Computer Society Elena Stylianou Cyprus Computer Society Additonal Reviewers Albers, Andreas Fritsch, Lothar Ardagna, Claudio Fucks, Ludwig Balopoulos, Theodoros Fujihara, Yasuhiro Belsis, Petros Gambs, Sebastien Blass, Erik-Oliver Geneiatakis, Dimitris Broser, Christian Gerber, Mariana Cutillo, Leucio Antonio Gmelch, Oliver Davidson, Alan Goovaerts, Tom De Capitani Di Vimercati, Sabrina Holbl, Marko De Cock, Danny Indesteege, Sebastiaan De Cristofaro, Emiliano Ji, Qingguang Desmet, Lieven Jia, Limin Diaz, Claudia Kahl, Christian Doerbeck, Stefan Kahr, Caroline El Defrawy, Karim Kantzavelou, Ioanna El Kalam, Anas Abou Karopoulos, Giorgos Foresti, Sara Kim, Jihye Fritsch, Christoph Koschinat, Sascha Organization IX Li, Gai Cheng Schillinger, Rolf Liesebach, Katja Schluter, Jan Lochner, Jan-Hendrik Shafiq, Basit Ma, Di Shen, Qingni Maliga, Daniel Simpson, Leonie Mallios, Ioannis Smith, Jason Martucci, Leonardo Solis, John Matteucci, Ilaria Soriente, Claudio Meier, Michael Spathoulas, Georgios Merten, Patrick Stotzer, Martin Michailidis, Manos Strufe, Thorsten Munoz-Tapia, Jose Luis Thompson, Kerry-Lyn Naessens, Vincent Tomas-Buliart, Joan Netter, Michael Troncoso, Carmela Nigusse, Girma Tschersich, Markus Norman, Ulrika Tsochou, Aggeliki Papagiannakopoulos, Panagiotis Uzun, Ersin Popov, Oliver Van Nierk, Johan Radmacher, Mike Weng, Li Rekleitis, Evaggelos Win, Khin Tan Roudier, Yves Zhang, Ge Royer, Denis Zibuschka, Jan Table of Contents Identification and Authentication I Flexible and Transparent User Authentication for Mobile Devices ...... 1 Nathan Clarke, Sevasti Karatzouni, and Steven Furnell Combining Authentication, Reputation and Classification to Make Phishing Unprofitable ............................................ 13 Amir Herzberg Audio CAPTCHA for SIP-Based VoIP ............................. 25 Yannis Soupionis, George Tountas, and Dimitris Gritzalis Threats and Attacks Roving Bugnet: Distributed Surveillance Threat and Mitigation........ 39 Ryan Farley and Xinyuan Wang On Robust Covert Channels Inside DNS ............................ 51 Lucas Nussbaum, Pierre Neyron, and Olivier Richard Discovering Application-Level Insider Attacks Using Symbolic Execution....................................................... 63 Karthik Pattabiraman, Nithin Nakka, Zbigniew Kalbarczyk, and Ravishankar Iyer Identification and Authentication II Custom JPEG Quantization for Improved Iris Recognition Accuracy ... 76 Gerald Stefan Kostmajer, Herbert Sto¨gner, and Andreas Uhl On the IPP Properties of Reed-Solomon Codes ...................... 87 Marcel Fernandez, Josep Cotrina, Miguel Soriano, and Neus Domingo A Generic Authentication LoA Derivation Model..................... 98 Li Yao and Ning Zhang Applications of Cryptography and Information Hiding Media-Break Resistant eSignatures in eGovernment: An Austrian Experience ...................................................... 109 Herbert Leitold, Reinhard Posch, and Thomas R¨ossler XII Table of Contents How to Bootstrap Security for Ad-Hoc Network: Revisited ............ 119 Wook Shin, Carl A. Gunter, Shinsaku Kiyomoto, Kazuhide Fukushima, and Toshiaki Tanaka Steganalysis of Hydan ............................................ 132 Jorge Blasco, Julio C. Hernandez-Castro, Juan M.E. Tapiador, Arturo Ribagorda, and Miguel A. Orellana-Quiros Trusted Computing On the Impossibility of Detecting Virtual Machine Monitors........... 143 Shay Gueron and Jean-Pierre Seifert Implementation of a Trusted Ticket System ......................... 152 Andreas Leicher, Nicolai Kuntze, and Andreas U. Schmidt Security Policies A Policy Based Approach for the Management of Web Browser Resources to Prevent Anonymity Attacks in Tor ..................... 164 Guillermo Navarro-Arribas and Joaquin Garcia-Alfaro A Policy Language for Modelling Recommendations .................. 176 Anas Abou El Kalam and Philippe Balbiani Validation, Verification, Evaluation On the Security Validation of Integrated Security Solutions............ 190 Andreas Fuchs, Sigrid Gu¨rgens, and Carsten Rudolph Verification of Security Policy Enforcement in Enterprise Systems ...... 202 Puneet Gupta and Scott D. Stoller Optimization of the Controlled Evaluation of Closed Relational Queries ......................................................... 214 Joachim Biskup, Jan-Hendrik Lochner, and Sebastian Sonntag Privacy Protection - Security Assessment Collaborative Privacy – A Community-Based Privacy Infrastructure.... 226 Jan Kolter, Thomas Kernchen, and Gu¨nther Pernul Security and Privacy Improvements for the Belgian eID Technology .... 237 Pieter Verhaeghe, Jorn Lapon, Bart De Decker, Vincent Naessens, and Kristof Verslype

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.