ebook img

Handbook of information and communication security PDF

861 Pages·2010·16.644 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Handbook of information and communication security

Peter Stavroulakis · Mark Stamp (Editors) Handbook of Information and Communication Security 123 Editors Prof.PeterStavroulakis Prof.MarkStamp TechnicalUniversityofCrete Dept.ComputerScience 73132Chania,Crete SanJoseStateUniversity Greece OneWashingtonSquare [email protected] SanJose,CA95192 USA [email protected] ISBN978-3-642-04116-7 e-ISBN978-3-642-04117-4 DOI10.1007/978-1-84882-684-7 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:2009943513 ©Springer-VerlagBerlinHeidelberg2010 Thisworkissubjecttocopyright.Allrightsarereserved,whether thewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation,broadcasting, reproductiononmicrofilmorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnotimply, evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotectivelaws andregulationsandthereforefreeforgeneraluse. Coverillustration:TeodoroCipresso Coverdesign:WMXDesign,Heidelberg Typesettingandproduction:le-texpublishingservicesGmbH,Leipzig,Germany Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface Atitscore,informationsecuritydealswiththesecureandaccuratetransferofinformation. While information securityhaslong beenimportant,it was,perhaps,broughtmoreclearly intomainstreamfocuswiththeso-called“Y2K”issue.TheY2Kscarewasthefearthatcom- puternetworksandthesystemsthatarecontrolledoroperatedbysoftware would fail with theturnofthemillennium,sincetheirclockscouldlosesynchronizationbynotrecognizing anumber(instruction)withthreezeros.Apositiveoutcomeofthisscarewasthecreationof severalComputerEmergencyResponseTeams(CERTs)aroundtheworldthatnowworkco- operativelytoexchangeexpertiseandinformation,andtocoordinateincasemajorproblems shouldariseinthemodernITenvironment. Theterroristattacksof11September2001raisedsecurityconcernstoanewlevel.Thein- ternationalcommunityrespondedonatleasttwofronts;onefrontbeingthetransferofreliable informationviasecurenetworksandtheotherbeingthecollectionofinformationaboutpo- tentialterrorists.Asasignofthisnewemphasisonsecurity,since2001,allmajoracademic publishershavestartedtechnicaljournalsfocusedonsecurity,andeverymajorcommunica- tionsconference(forexample,GlobecomandICC)hasorganizedworkshopsandsessionson securityissues.Inaddition,theIEEEhascreatedatechnicalcommitteeonCommunication andInformationSecurity. ThefirsteditorwasintimatelyinvolvedwithsecurityfortheAthensOlympicGamesof2004. Thesegamesprovidedatestinggroundformuchoftheexistingsecuritytechnology.Onelesson learnedfromthesegameswasthatsecurity-relatedtechnologyoftencannotbeusedeffectively withoutviolatingthelegalframework.Thisproblemisdiscussed–inthecontextoftheAthens Olympics–inthefinalchapterofthishandbook. Inthishandbook,wehaveattemptedtoemphasizetheinterplaybetweencommunications andthefieldofinformationsecurity.Arguably,thisisthefirsttimeinthesecurityliterature thatthisdualityhasbeenrecognizedinsuchanintegralandexplicitmanner. Itisimportanttorealizethatinformationsecurityisalargetopic–fartoolargetocover exhaustivelywithinasinglevolume.Consequently,wecannotclaimtoprovideacompleteview ofthesubject.Instead,wehavechosentoincludeseveralsurveysofsomeofthemostimportant, interesting,andtimely topics,along with a significant numberof research-orientedpapers. Manyoftheresearchpapersareverymuchonthecuttingedgeofthefield. Specifically,thishandbookcoverssomeofthelatestadvancesinfundamentals,cryptogra- phy,intrusiondetection,accesscontrol,networking(includingextensivesectionsonopticsand wirelesssystems),software,forensics,andlegalissues.Theeditors’intention,withrespecttothe presentationandsequencingofthechapters,wastocreateareasonablynaturalflowbetween thevarioussub-topics. v vi Preface Finally,we believethis handbookwill be useful toresearchersand graduatestudentsin academia,aswellasbeinganinvaluableresourceforuniversityinstructorswhoaresearching fornewmaterialtocoverintheirsecuritycourses.Inaddition,thetopicsinthisvolumeare highlyrelevanttotherealworldpracticeofinformationsecurity,whichshouldmakethisbook avaluableresourceforworkingITprofessionals.Inshort,webelievethatthishandbookwill beavaluableresourceforadiverseaudienceformanyyearstocome. MarkStamp SanJose PeterStavroulakis Chania Contents PartA FundamentalsandCryptography 1 AFrameworkforSystemSecurity.......................................... 3 ClarkThomborson 1.1 Introduction ...................................................... 3 1.2 Applications ...................................................... 13 1.3 Dynamic,Collaborative,andFutureSecureSystems .................. 18 References ................................................................ 19 TheAuthor................................................................ 20 2 Public-KeyCryptography ................................................. 21 JonathanKatz 2.1 Overview......................................................... 21 2.2 Public-KeyEncryption:Definitions ................................. 23 2.3 HybridEncryption ................................................ 26 2.4 ExamplesofPublic-KeyEncryptionSchemes ........................ 27 2.5 DigitalSignatureSchemes:Definitions .............................. 30 2.6 TheHash-and-SignParadigm ...................................... 31 2.7 RSA-BasedSignatureSchemes...................................... 32 2.8 ReferencesandFurtherReading .................................... 33 References ................................................................ 33 TheAuthor................................................................ 34 3 EllipticCurveCryptography............................................... 35 DavidJao 3.1 Motivation........................................................ 35 3.2 Definitions........................................................ 36 3.3 ImplementationIssues............................................. 39 3.4 ECCProtocols .................................................... 41 3.5 Pairing-BasedCryptography ....................................... 44 3.6 PropertiesofPairings.............................................. 46 3.7 ImplementationsofPairings........................................ 48 3.8 Pairing-FriendlyCurves............................................ 54 3.9 FurtherReading................................................... 55 References ................................................................ 55 TheAuthor................................................................ 57 vii viii Contents 4 CryptographicHashFunctions ............................................ 59 PraveenGauravaramandLarsR.Knudsen 4.1 NotationandDefinitions........................................... 60 4.2 IteratedHashFunctions............................................ 61 4.3 CompressionFunctionsofHashFunctions .......................... 62 4.4 AttacksonHashFunctions......................................... 64 4.5 OtherHashFunctionModes ....................................... 66 4.6 IndifferentiabilityAnalysisofHashFunctions........................ 68 4.7 Applications ...................................................... 69 4.8 MessageAuthenticationCodes ..................................... 70 4.9 SHA-3HashFunctionCompetition ................................. 73 References ................................................................ 73 TheAuthors............................................................... 79 5 BlockCipherCryptanalysis................................................ 81 ChristopherSwenson 5.1 BreakingCiphers.................................................. 81 5.2 DifferentialCryptanalysis .......................................... 85 5.3 ConclusionsandFurtherReading................................... 88 References ................................................................ 89 TheAuthor................................................................ 89 6 Chaos-BasedInformationSecurity......................................... 91 JerzyPejaśandAdrianSkrobek 6.1 ChaosVersusCryptography........................................ 92 6.2 ParadigmstoDesignChaos-BasedCryptosystems.................... 93 6.3 AnalogChaos-BasedCryptosystems ................................ 94 6.4 DigitalChaos-BasedCryptosystems................................. 97 6.5 IntroductiontoChaosTheory ...................................... 100 6.6 Chaos-BasedStreamCiphers....................................... 103 6.7 Chaos-BasedBlockCiphers ........................................ 113 6.8 ConclusionsandFurtherReading................................... 123 References ................................................................ 124 TheAuthors............................................................... 128 7 Bio-Cryptography......................................................... 129 KaiXiandJiankunHu 7.1 Cryptography..................................................... 129 7.2 OverviewofBiometrics............................................ 138 7.3 Bio-Cryptography................................................. 145 7.4 Conclusions ...................................................... 154 References ................................................................ 155 TheAuthors............................................................... 157 8 QuantumCryptography................................................... 159 ChristianMonyk 8.1 Introduction...................................................... 159 8.2 DevelopmentofQKD.............................................. 160 8.3 LimitationsforQKD............................................... 164 8.4 QKD-NetworkConcepts........................................... 165 8.5 ApplicationofQKD ............................................... 168 Contents ix 8.6 Towards‘Quantum-Standards’...................................... 170 8.7 AspectsforCommercialApplication ................................ 171 8.8 NextStepsforPracticalApplication................................. 173 References ................................................................ 174 TheAuthor................................................................ 174 PartB IntrusionDetectionandAccessControl 9 IntrusionDetectionandPreventionSystems ............................... 177 KarenScarfoneandPeterMell 9.1 FundamentalConcepts ............................................ 177 9.2 TypesofIDPSTechnologies ........................................ 182 9.3 UsingandIntegratingMultipleIDPSTechnologies ................... 190 References ................................................................ 191 TheAuthors............................................................... 192 10 IntrusionDetectionSystems............................................... 193 BazaraI.A.BarryandH.AnthonyChan 10.1 IntrusionDetectionImplementationApproaches..................... 193 10.2 IntrusionDetectionSystemTesting ................................. 196 10.3 IntrusionDetectionSystemEvaluation .............................. 201 10.4 Summary......................................................... 203 References ................................................................ 204 TheAuthors............................................................... 205 11 IntranetSecurityviaFirewalls ............................................. 207 InderjeetPabla,IbrahimKhalil,andJiankunHu 11.1 PolicyConflicts ................................................... 207 11.2 ChallengesofFirewallProvisioning ................................. 209 11.3 Background:PolicyConflictDetection .............................. 210 11.4 FirewallLevels .................................................... 213 11.5 FirewallDependence .............................................. 213 11.6 ANewArchitectureforConflict-FreeProvisioning................... 213 11.7 MessageFlowoftheSystem ........................................ 216 11.8 Conclusion ....................................................... 217 References ................................................................ 218 TheAuthors............................................................... 218 12 DistributedPortScanDetection ........................................... 221 HimanshuSinghandRobertChun 12.1 Overview......................................................... 221 12.2 Background....................................................... 222 12.3 Motivation........................................................ 223 12.4 Approach......................................................... 225 12.5 Results ........................................................... 230 12.6 Conclusion ....................................................... 231 References ................................................................ 233 TheAuthors............................................................... 234 13 Host-BasedAnomalyIntrusionDetection.................................. 235 JiankunHu 13.1 BackgroundMaterial .............................................. 236 x Contents 13.2 IntrusionDetectionSystem......................................... 239 13.3 RelatedWorkonHMM-BasedAnomalyIntrusionDetection.......... 245 13.4 EmergingHIDSArchitectures...................................... 250 13.5 Conclusions ...................................................... 254 References ................................................................ 254 TheAuthor................................................................ 255 14 SecurityinRelationalDatabases ........................................... 257 NeerjaBhatnagar 14.1 RelationalDatabaseBasics ......................................... 258 14.2 ClassicalDatabaseSecurity......................................... 260 14.3 ModernDatabaseSecurity ......................................... 263 14.4 DatabaseAuditingPractices........................................ 269 14.5 FutureDirectionsinDatabaseSecurity.............................. 270 14.6 Conclusion ....................................................... 270 References ................................................................ 271 TheAuthor................................................................ 272 15 Anti-botStrategiesBasedonHumanInteractiveProofs..................... 273 AlessandroBassoandFrancescoBergadano 15.1 AutomatedTools .................................................. 273 15.2 HumanInteractiveProof........................................... 275 15.3 Text-BasedHIPs .................................................. 276 15.4 Audio-BasedHIPs................................................. 278 15.5 Image-BasedHIPs................................................. 279 15.6 UsabilityandAccessibility.......................................... 288 15.7 Conclusion ....................................................... 289 References ................................................................ 289 TheAuthors............................................................... 291 16 AccessandUsageControlinGridSystems.................................. 293 MaurizioColombo,AliaksandrLazouski,FabioMartinelli,andPaoloMori 16.1 BackgroundtotheGrid............................................ 293 16.2 StandardGlobusSecuritySupport .................................. 294 16.3 AccessControlfortheGrid ........................................ 295 16.4 UsageControlModel .............................................. 300 16.5 Sandhu’sApproachforCollaborativeComputingSystems............. 302 16.6 GridTrustApproachforComputationalServices ..................... 303 16.7 Conclusion ....................................................... 305 References ................................................................ 306 TheAuthors............................................................... 307 17 ECG-BasedAuthentication................................................ 309 FahimSufi,IbrahimKhalil,andJiankunHu 17.1 BackgroundofECG ............................................... 310 17.2 WhatCanECGBasedBiometricsBeUsedfor?....................... 313 17.3 ClassificationofECGBasedBiometricTechniques ................... 313 17.4 ComparisonofExistingECGBasedBiometricSystems ............... 316 17.5 ImplementationofanECGBiometric ............................... 318 17.6 OpenIssuesofECGBasedBiometricsApplications .................. 323 17.7 SecurityIssuesforECGBasedBiometric ............................ 327 Contents xi 17.8 Conclusions ...................................................... 328 References ................................................................ 329 TheAuthors............................................................... 330 PartC Networking 18 Peer-to-PeerBotnets ...................................................... 335 PingWang,BaberAslam,andCliffC.Zou 18.1 Introduction ...................................................... 335 18.2 BackgroundonP2PNetworks...................................... 336 18.3 P2PBotnetConstruction........................................... 338 18.4 P2PBotnetC&CMechanisms...................................... 339 18.5 MeasuringP2PBotnets ............................................ 342 18.6 Countermeasures.................................................. 344 18.7 RelatedWork ..................................................... 347 18.8 Conclusion ....................................................... 348 References ................................................................ 348 TheAuthors............................................................... 350 19 SecurityofServiceNetworks............................................... 351 TheoDimitrakos,DavidBrossard,PierredeLeusse,andSrijithK.Nair 19.1 AnInfrastructurefortheServiceOrientedEnterprise................. 352 19.2 SecureMessagingandApplicationGateways......................... 354 19.3 FederatedIdentityManagementCapability ......................... 358 19.4 Service-levelAccessManagementCapability......................... 361 19.5 GovernanceFramework............................................ 364 19.6 BringingItAllTogether............................................ 367 19.7 SecuringBusinessOperationsinanSOA: CollaborativeEngineeringExample ................................. 372 19.8 Conclusion ....................................................... 378 References ................................................................ 380 TheAuthors............................................................... 381 20 NetworkTrafficAnalysisandSCADASecurity.............................. 383 AbdunNaserMahmood,ChristopherLeckie,JiankunHu,ZahirTari, andMohammedAtiquzzaman 20.1 FundamentalsofNetworkTrafficMonitoringandAnalysis............ 384 20.2 MethodsforCollectingTrafficMeasurements........................ 386 20.3 AnalyzingTrafficMixtures ......................................... 390 20.4 CaseStudy:AutoFocus............................................. 395 20.5 HowCanWeApplyNetworkTrafficMonitoringTechniques forSCADASystemSecurity? ....................................... 399 20.6 Conclusion ....................................................... 401 References ................................................................ 402 TheAuthors............................................................... 404 21 MobileAdHocNetworkRouting .......................................... 407 MelodyMohandJiLi 21.1 ChapterOverview................................................. 407 21.2 One-LayerReputationSystemsforMANETRouting ................. 408 21.3 Two-LayerReputationSystems(withTrust) ....................... 412 xii Contents 21.4 LimitationsofReputationSystemsinMANETs ...................... 417 21.5 ConclusionandFutureDirections .................................. 419 References ................................................................ 419 TheAuthors............................................................... 420 22 SecurityforAdHocNetworks ............................................. 421 NikosKomninos,DimitriosD.Vergados,andChristosDouligeris 22.1 SecurityIssuesinAdHocNetworks................................. 421 22.2 SecurityChallengesintheOperationalLayersofAdHocNetworks.... 424 22.3 DescriptionoftheAdvancedSecurityApproach...................... 425 22.4 Authentication:HowtoinanAdvancedSecurityApproach ........... 427 22.5 ExperimentalResults .............................................. 428 22.6 ConcludingRemarks .............................................. 430 References ................................................................ 431 TheAuthors............................................................... 432 23 PhishingAttacksandCountermeasures .................................... 433 ZulfikarRamzan 23.1 PhishingAttacks:ALoomingProblem .............................. 433 23.2 ThePhishingEcosystem ........................................... 435 23.3 PhishingTechniques............................................... 439 23.4 Countermeasures.................................................. 442 23.5 SummaryandConclusions......................................... 447 References ................................................................ 447 TheAuthor................................................................ 448 PartD OpticalNetworking 24 Chaos-BasedSecureOpticalCommunicationsUsingSemiconductorLasers . 451 AlexandreLocquet 24.1 BasicConceptsinChaos-BasedSecureCommunications ............. 452 24.2 ChaoticLaserSystems ............................................. 454 24.3 OpticalSecureCommunicationsUsingChaoticLasersDiodes ........ 460 24.4 AdvantagesandDisadvantagesoftheDifferentLaser-Diode-Based Cryptosystems ................................................... 466 24.5 PerspectivesinOpticalChaoticCommunications .................... 474 References ................................................................ 475 TheAuthor................................................................ 478 25 ChaosApplicationsinOpticalCommunications............................ 479 ApostolosArgyrisandDimitrisSyvridis 25.1 SecuringCommunicationsbyCryptography......................... 480 25.2 SecurityinOpticalCommunications................................ 481 25.3 OpticalChaosGeneration.......................................... 485 25.4 SynchronizationofOpticalChaosGenerators........................ 491 25.5 CommunicationSystemsUsingOpticalChaosGenerators ............ 497 25.6 TransmissionSystemsUsingChaosGenerators....................... 499 25.7 Conclusions ...................................................... 507 References ................................................................ 507 TheAuthors............................................................... 510

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.