Peter Stavroulakis · Mark Stamp (Editors) Handbook of Information and Communication Security 123 Editors Prof.PeterStavroulakis Prof.MarkStamp TechnicalUniversityofCrete Dept.ComputerScience 73132Chania,Crete SanJoseStateUniversity Greece OneWashingtonSquare [email protected] SanJose,CA95192 USA [email protected] ISBN978-3-642-04116-7 e-ISBN978-3-642-04117-4 DOI10.1007/978-1-84882-684-7 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:2009943513 ©Springer-VerlagBerlinHeidelberg2010 Thisworkissubjecttocopyright.Allrightsarereserved,whether thewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation,broadcasting, reproductiononmicrofilmorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnotimply, evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotectivelaws andregulationsandthereforefreeforgeneraluse. Coverillustration:TeodoroCipresso Coverdesign:WMXDesign,Heidelberg Typesettingandproduction:le-texpublishingservicesGmbH,Leipzig,Germany Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface Atitscore,informationsecuritydealswiththesecureandaccuratetransferofinformation. While information securityhaslong beenimportant,it was,perhaps,broughtmoreclearly intomainstreamfocuswiththeso-called“Y2K”issue.TheY2Kscarewasthefearthatcom- puternetworksandthesystemsthatarecontrolledoroperatedbysoftware would fail with theturnofthemillennium,sincetheirclockscouldlosesynchronizationbynotrecognizing anumber(instruction)withthreezeros.Apositiveoutcomeofthisscarewasthecreationof severalComputerEmergencyResponseTeams(CERTs)aroundtheworldthatnowworkco- operativelytoexchangeexpertiseandinformation,andtocoordinateincasemajorproblems shouldariseinthemodernITenvironment. Theterroristattacksof11September2001raisedsecurityconcernstoanewlevel.Thein- ternationalcommunityrespondedonatleasttwofronts;onefrontbeingthetransferofreliable informationviasecurenetworksandtheotherbeingthecollectionofinformationaboutpo- tentialterrorists.Asasignofthisnewemphasisonsecurity,since2001,allmajoracademic publishershavestartedtechnicaljournalsfocusedonsecurity,andeverymajorcommunica- tionsconference(forexample,GlobecomandICC)hasorganizedworkshopsandsessionson securityissues.Inaddition,theIEEEhascreatedatechnicalcommitteeonCommunication andInformationSecurity. ThefirsteditorwasintimatelyinvolvedwithsecurityfortheAthensOlympicGamesof2004. Thesegamesprovidedatestinggroundformuchoftheexistingsecuritytechnology.Onelesson learnedfromthesegameswasthatsecurity-relatedtechnologyoftencannotbeusedeffectively withoutviolatingthelegalframework.Thisproblemisdiscussed–inthecontextoftheAthens Olympics–inthefinalchapterofthishandbook. Inthishandbook,wehaveattemptedtoemphasizetheinterplaybetweencommunications andthefieldofinformationsecurity.Arguably,thisisthefirsttimeinthesecurityliterature thatthisdualityhasbeenrecognizedinsuchanintegralandexplicitmanner. Itisimportanttorealizethatinformationsecurityisalargetopic–fartoolargetocover exhaustivelywithinasinglevolume.Consequently,wecannotclaimtoprovideacompleteview ofthesubject.Instead,wehavechosentoincludeseveralsurveysofsomeofthemostimportant, interesting,andtimely topics,along with a significant numberof research-orientedpapers. Manyoftheresearchpapersareverymuchonthecuttingedgeofthefield. Specifically,thishandbookcoverssomeofthelatestadvancesinfundamentals,cryptogra- phy,intrusiondetection,accesscontrol,networking(includingextensivesectionsonopticsand wirelesssystems),software,forensics,andlegalissues.Theeditors’intention,withrespecttothe presentationandsequencingofthechapters,wastocreateareasonablynaturalflowbetween thevarioussub-topics. v vi Preface Finally,we believethis handbookwill be useful toresearchersand graduatestudentsin academia,aswellasbeinganinvaluableresourceforuniversityinstructorswhoaresearching fornewmaterialtocoverintheirsecuritycourses.Inaddition,thetopicsinthisvolumeare highlyrelevanttotherealworldpracticeofinformationsecurity,whichshouldmakethisbook avaluableresourceforworkingITprofessionals.Inshort,webelievethatthishandbookwill beavaluableresourceforadiverseaudienceformanyyearstocome. MarkStamp SanJose PeterStavroulakis Chania Contents PartA FundamentalsandCryptography 1 AFrameworkforSystemSecurity.......................................... 3 ClarkThomborson 1.1 Introduction ...................................................... 3 1.2 Applications ...................................................... 13 1.3 Dynamic,Collaborative,andFutureSecureSystems .................. 18 References ................................................................ 19 TheAuthor................................................................ 20 2 Public-KeyCryptography ................................................. 21 JonathanKatz 2.1 Overview......................................................... 21 2.2 Public-KeyEncryption:Definitions ................................. 23 2.3 HybridEncryption ................................................ 26 2.4 ExamplesofPublic-KeyEncryptionSchemes ........................ 27 2.5 DigitalSignatureSchemes:Definitions .............................. 30 2.6 TheHash-and-SignParadigm ...................................... 31 2.7 RSA-BasedSignatureSchemes...................................... 32 2.8 ReferencesandFurtherReading .................................... 33 References ................................................................ 33 TheAuthor................................................................ 34 3 EllipticCurveCryptography............................................... 35 DavidJao 3.1 Motivation........................................................ 35 3.2 Definitions........................................................ 36 3.3 ImplementationIssues............................................. 39 3.4 ECCProtocols .................................................... 41 3.5 Pairing-BasedCryptography ....................................... 44 3.6 PropertiesofPairings.............................................. 46 3.7 ImplementationsofPairings........................................ 48 3.8 Pairing-FriendlyCurves............................................ 54 3.9 FurtherReading................................................... 55 References ................................................................ 55 TheAuthor................................................................ 57 vii viii Contents 4 CryptographicHashFunctions ............................................ 59 PraveenGauravaramandLarsR.Knudsen 4.1 NotationandDefinitions........................................... 60 4.2 IteratedHashFunctions............................................ 61 4.3 CompressionFunctionsofHashFunctions .......................... 62 4.4 AttacksonHashFunctions......................................... 64 4.5 OtherHashFunctionModes ....................................... 66 4.6 IndifferentiabilityAnalysisofHashFunctions........................ 68 4.7 Applications ...................................................... 69 4.8 MessageAuthenticationCodes ..................................... 70 4.9 SHA-3HashFunctionCompetition ................................. 73 References ................................................................ 73 TheAuthors............................................................... 79 5 BlockCipherCryptanalysis................................................ 81 ChristopherSwenson 5.1 BreakingCiphers.................................................. 81 5.2 DifferentialCryptanalysis .......................................... 85 5.3 ConclusionsandFurtherReading................................... 88 References ................................................................ 89 TheAuthor................................................................ 89 6 Chaos-BasedInformationSecurity......................................... 91 JerzyPejaśandAdrianSkrobek 6.1 ChaosVersusCryptography........................................ 92 6.2 ParadigmstoDesignChaos-BasedCryptosystems.................... 93 6.3 AnalogChaos-BasedCryptosystems ................................ 94 6.4 DigitalChaos-BasedCryptosystems................................. 97 6.5 IntroductiontoChaosTheory ...................................... 100 6.6 Chaos-BasedStreamCiphers....................................... 103 6.7 Chaos-BasedBlockCiphers ........................................ 113 6.8 ConclusionsandFurtherReading................................... 123 References ................................................................ 124 TheAuthors............................................................... 128 7 Bio-Cryptography......................................................... 129 KaiXiandJiankunHu 7.1 Cryptography..................................................... 129 7.2 OverviewofBiometrics............................................ 138 7.3 Bio-Cryptography................................................. 145 7.4 Conclusions ...................................................... 154 References ................................................................ 155 TheAuthors............................................................... 157 8 QuantumCryptography................................................... 159 ChristianMonyk 8.1 Introduction...................................................... 159 8.2 DevelopmentofQKD.............................................. 160 8.3 LimitationsforQKD............................................... 164 8.4 QKD-NetworkConcepts........................................... 165 8.5 ApplicationofQKD ............................................... 168 Contents ix 8.6 Towards‘Quantum-Standards’...................................... 170 8.7 AspectsforCommercialApplication ................................ 171 8.8 NextStepsforPracticalApplication................................. 173 References ................................................................ 174 TheAuthor................................................................ 174 PartB IntrusionDetectionandAccessControl 9 IntrusionDetectionandPreventionSystems ............................... 177 KarenScarfoneandPeterMell 9.1 FundamentalConcepts ............................................ 177 9.2 TypesofIDPSTechnologies ........................................ 182 9.3 UsingandIntegratingMultipleIDPSTechnologies ................... 190 References ................................................................ 191 TheAuthors............................................................... 192 10 IntrusionDetectionSystems............................................... 193 BazaraI.A.BarryandH.AnthonyChan 10.1 IntrusionDetectionImplementationApproaches..................... 193 10.2 IntrusionDetectionSystemTesting ................................. 196 10.3 IntrusionDetectionSystemEvaluation .............................. 201 10.4 Summary......................................................... 203 References ................................................................ 204 TheAuthors............................................................... 205 11 IntranetSecurityviaFirewalls ............................................. 207 InderjeetPabla,IbrahimKhalil,andJiankunHu 11.1 PolicyConflicts ................................................... 207 11.2 ChallengesofFirewallProvisioning ................................. 209 11.3 Background:PolicyConflictDetection .............................. 210 11.4 FirewallLevels .................................................... 213 11.5 FirewallDependence .............................................. 213 11.6 ANewArchitectureforConflict-FreeProvisioning................... 213 11.7 MessageFlowoftheSystem ........................................ 216 11.8 Conclusion ....................................................... 217 References ................................................................ 218 TheAuthors............................................................... 218 12 DistributedPortScanDetection ........................................... 221 HimanshuSinghandRobertChun 12.1 Overview......................................................... 221 12.2 Background....................................................... 222 12.3 Motivation........................................................ 223 12.4 Approach......................................................... 225 12.5 Results ........................................................... 230 12.6 Conclusion ....................................................... 231 References ................................................................ 233 TheAuthors............................................................... 234 13 Host-BasedAnomalyIntrusionDetection.................................. 235 JiankunHu 13.1 BackgroundMaterial .............................................. 236 x Contents 13.2 IntrusionDetectionSystem......................................... 239 13.3 RelatedWorkonHMM-BasedAnomalyIntrusionDetection.......... 245 13.4 EmergingHIDSArchitectures...................................... 250 13.5 Conclusions ...................................................... 254 References ................................................................ 254 TheAuthor................................................................ 255 14 SecurityinRelationalDatabases ........................................... 257 NeerjaBhatnagar 14.1 RelationalDatabaseBasics ......................................... 258 14.2 ClassicalDatabaseSecurity......................................... 260 14.3 ModernDatabaseSecurity ......................................... 263 14.4 DatabaseAuditingPractices........................................ 269 14.5 FutureDirectionsinDatabaseSecurity.............................. 270 14.6 Conclusion ....................................................... 270 References ................................................................ 271 TheAuthor................................................................ 272 15 Anti-botStrategiesBasedonHumanInteractiveProofs..................... 273 AlessandroBassoandFrancescoBergadano 15.1 AutomatedTools .................................................. 273 15.2 HumanInteractiveProof........................................... 275 15.3 Text-BasedHIPs .................................................. 276 15.4 Audio-BasedHIPs................................................. 278 15.5 Image-BasedHIPs................................................. 279 15.6 UsabilityandAccessibility.......................................... 288 15.7 Conclusion ....................................................... 289 References ................................................................ 289 TheAuthors............................................................... 291 16 AccessandUsageControlinGridSystems.................................. 293 MaurizioColombo,AliaksandrLazouski,FabioMartinelli,andPaoloMori 16.1 BackgroundtotheGrid............................................ 293 16.2 StandardGlobusSecuritySupport .................................. 294 16.3 AccessControlfortheGrid ........................................ 295 16.4 UsageControlModel .............................................. 300 16.5 Sandhu’sApproachforCollaborativeComputingSystems............. 302 16.6 GridTrustApproachforComputationalServices ..................... 303 16.7 Conclusion ....................................................... 305 References ................................................................ 306 TheAuthors............................................................... 307 17 ECG-BasedAuthentication................................................ 309 FahimSufi,IbrahimKhalil,andJiankunHu 17.1 BackgroundofECG ............................................... 310 17.2 WhatCanECGBasedBiometricsBeUsedfor?....................... 313 17.3 ClassificationofECGBasedBiometricTechniques ................... 313 17.4 ComparisonofExistingECGBasedBiometricSystems ............... 316 17.5 ImplementationofanECGBiometric ............................... 318 17.6 OpenIssuesofECGBasedBiometricsApplications .................. 323 17.7 SecurityIssuesforECGBasedBiometric ............................ 327 Contents xi 17.8 Conclusions ...................................................... 328 References ................................................................ 329 TheAuthors............................................................... 330 PartC Networking 18 Peer-to-PeerBotnets ...................................................... 335 PingWang,BaberAslam,andCliffC.Zou 18.1 Introduction ...................................................... 335 18.2 BackgroundonP2PNetworks...................................... 336 18.3 P2PBotnetConstruction........................................... 338 18.4 P2PBotnetC&CMechanisms...................................... 339 18.5 MeasuringP2PBotnets ............................................ 342 18.6 Countermeasures.................................................. 344 18.7 RelatedWork ..................................................... 347 18.8 Conclusion ....................................................... 348 References ................................................................ 348 TheAuthors............................................................... 350 19 SecurityofServiceNetworks............................................... 351 TheoDimitrakos,DavidBrossard,PierredeLeusse,andSrijithK.Nair 19.1 AnInfrastructurefortheServiceOrientedEnterprise................. 352 19.2 SecureMessagingandApplicationGateways......................... 354 19.3 FederatedIdentityManagementCapability ......................... 358 19.4 Service-levelAccessManagementCapability......................... 361 19.5 GovernanceFramework............................................ 364 19.6 BringingItAllTogether............................................ 367 19.7 SecuringBusinessOperationsinanSOA: CollaborativeEngineeringExample ................................. 372 19.8 Conclusion ....................................................... 378 References ................................................................ 380 TheAuthors............................................................... 381 20 NetworkTrafficAnalysisandSCADASecurity.............................. 383 AbdunNaserMahmood,ChristopherLeckie,JiankunHu,ZahirTari, andMohammedAtiquzzaman 20.1 FundamentalsofNetworkTrafficMonitoringandAnalysis............ 384 20.2 MethodsforCollectingTrafficMeasurements........................ 386 20.3 AnalyzingTrafficMixtures ......................................... 390 20.4 CaseStudy:AutoFocus............................................. 395 20.5 HowCanWeApplyNetworkTrafficMonitoringTechniques forSCADASystemSecurity? ....................................... 399 20.6 Conclusion ....................................................... 401 References ................................................................ 402 TheAuthors............................................................... 404 21 MobileAdHocNetworkRouting .......................................... 407 MelodyMohandJiLi 21.1 ChapterOverview................................................. 407 21.2 One-LayerReputationSystemsforMANETRouting ................. 408 21.3 Two-LayerReputationSystems(withTrust) ....................... 412 xii Contents 21.4 LimitationsofReputationSystemsinMANETs ...................... 417 21.5 ConclusionandFutureDirections .................................. 419 References ................................................................ 419 TheAuthors............................................................... 420 22 SecurityforAdHocNetworks ............................................. 421 NikosKomninos,DimitriosD.Vergados,andChristosDouligeris 22.1 SecurityIssuesinAdHocNetworks................................. 421 22.2 SecurityChallengesintheOperationalLayersofAdHocNetworks.... 424 22.3 DescriptionoftheAdvancedSecurityApproach...................... 425 22.4 Authentication:HowtoinanAdvancedSecurityApproach ........... 427 22.5 ExperimentalResults .............................................. 428 22.6 ConcludingRemarks .............................................. 430 References ................................................................ 431 TheAuthors............................................................... 432 23 PhishingAttacksandCountermeasures .................................... 433 ZulfikarRamzan 23.1 PhishingAttacks:ALoomingProblem .............................. 433 23.2 ThePhishingEcosystem ........................................... 435 23.3 PhishingTechniques............................................... 439 23.4 Countermeasures.................................................. 442 23.5 SummaryandConclusions......................................... 447 References ................................................................ 447 TheAuthor................................................................ 448 PartD OpticalNetworking 24 Chaos-BasedSecureOpticalCommunicationsUsingSemiconductorLasers . 451 AlexandreLocquet 24.1 BasicConceptsinChaos-BasedSecureCommunications ............. 452 24.2 ChaoticLaserSystems ............................................. 454 24.3 OpticalSecureCommunicationsUsingChaoticLasersDiodes ........ 460 24.4 AdvantagesandDisadvantagesoftheDifferentLaser-Diode-Based Cryptosystems ................................................... 466 24.5 PerspectivesinOpticalChaoticCommunications .................... 474 References ................................................................ 475 TheAuthor................................................................ 478 25 ChaosApplicationsinOpticalCommunications............................ 479 ApostolosArgyrisandDimitrisSyvridis 25.1 SecuringCommunicationsbyCryptography......................... 480 25.2 SecurityinOpticalCommunications................................ 481 25.3 OpticalChaosGeneration.......................................... 485 25.4 SynchronizationofOpticalChaosGenerators........................ 491 25.5 CommunicationSystemsUsingOpticalChaosGenerators ............ 497 25.6 TransmissionSystemsUsingChaosGenerators....................... 499 25.7 Conclusions ...................................................... 507 References ................................................................ 507 TheAuthors............................................................... 510