Amit K Awasthi

In 1996, Mambo et al. introduced the proxy signature scheme to delegate the signing capability to a proxy signer. Various constructions were made to device a strong non-designated proxy signa- ture scheme. In 2002, Shum and Wei proposed an extended scheme to hide the identity of the proxy signer. A trusted authority can reveal the proxy signer's identity if required. In this paper we show some possible attacks on this scheme.

Proxy Signature, Warrant, Message Recovery, Cryptog-raphy, Digital Signatures

Shiyan Hu

In this paper, a new document image watermarking method based on secure partitioning scheme is proposed and tested. In the method, a document image is securely divided into weight-invariant partitions followed by selectively modifying characters to embed wa- termarks. The high security of watermark results from applying a prob- abilistic metaheuristic algorithm, namely the ant colony system, to ap- proximate the involved Bottleneck Hamiltonian Path problem to gener- ate key-dependent image partitions. For better e±ciency, the farthest point heuristic and the multi-scale strategy are introduced into the ant colony system. Our experimental results demonstrate that the proposed watermarking scheme is secure, e±cient, and robust to common attacks. The proposed secure partition scheme could serve as a general frame- work to introduce high security to prevailing watermarking techniques.

Digital watermarking, Document image, Secure partition, Ant colony system, Robustness.

Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou

Botnets have become one of the major attacks in current Internet due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defense systems. Since honeypots set up by security defenders can attract bot- net compromises and become spies in exposing botnet membership and botnet attacker behaviors, they are widely used by security defenders in botnet defense. Therefore, attackers constructing and maintaining botnets will be forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot de- tection methodology based on the following assumption: security pro- fessionals deploying honeypots have liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this con- straint. Attackers could detect honeypots in their botnets by checking whether compromised machines in a botnet can successfully send out unmodified malicious traffic. Based on this basic detection principle, we present honeypot detection techniques to be used in both central- ized botnets and peer-to-peer structured botnets. Experiments show that current standard honeypot and honeynet programs are vulnerable to the proposed honeypot detection techniques. In the end, we discuss some guidelines for defending against general honeypot-aware attacks.

Liability; honeypot; botnet; peer-to-peer; modeling

Che Wun Chiou, Fu Hua Chou, Yun-Chi Yeh

The Euclid’s greatest common divisor (GCD) algorithm is an efficient approach for calculating multiplicative inversions, and relies mainly on a fast modular arithmetic algorithm to run quickly. A traditional modular arithmetic algorithm based on non-restoring division needs a magnitude comparison for each iteration of shift-and-subtract operation. This process is time-consuming, since it requires magnitude comparisons for every computation iteration step. To eradicate this problem, this study develops a new fast Euclidean GCD algorithm without magnitude comparisons. The proposed modular algorithm has an execution time that is about 33% shorter than the conventional modular algorithm.

GCD, modular arithmetic, public-key cryptosystem, multiplicative inversion, division

Li Qin, Vijayalakshmi Atluri

The Semantic Web has been envisioned as a machine-interpretable web, where data instances are described through concepts defined and related in ontologies. Though ontologies are publicly available as a crucial component of the semantic web infrastructure, many data instances are sensitive and should be kept confidential. Sensitive information can be illegally inferred from other seemingly unclassified information in combination with the underlying data semantics and inter-relationships revealed by ontologies. In other words, the visibility of ontologies can pose inference threats to the security of data instances, and this requires security policies be specified in a way that the semantic relationships among data instances are taken into account. To protect the semantic web data or other semantics-rich data, this paper presents semantics-aware security policy specification. We propose concept-level, association-level and propertylevel access control models for different security objects, and authorizations be propagated based on different inference patterns. These propagation policies can be used to generate safe and consistent access control authorizations.

Information security; Inference problem; Access control; Semantics; Ontologies; Semantic Web

Zhanshan (Sam) Ma

The objective of this study is to develop an integrated modeling approach to network intrusion detection with three multivariate statistical methods: block clustering (BC), generalized logistic regression (GLR), and linear discriminant analysis (LDA). A pipeline processing strategy with BC followed by either GLR or LDA is attempted in order to automate the intrusion detection process. The preliminary testing results show that the integration of BC and LDA is very promising, but that of BC and GLR is uncertain. Essentially, BC offers a classification algorithm, and LDA or GLR further assesses the results pipelined from BC and makes the judgment (e.g., intrusive, suspicious, or normal). Although clustering techniques have been widely utilized for intrusion detection from the very beginning of the field, to the best of our knowledge, block clustering has not been applied in intrusion detection or computer science previously. The twoway joining strategy of BC in cluster detection is especially desirable for intrusion detection since information from both data cases and variables (features) are synthesized to form block clusters, while other clustering methods often only consider information from either data cases or variables. The paper also discusses the justification for our choice of the three statistical methods. The choice is largely determined by two of the most obvious properties of intrusion audit data: (i) most variables in intrusion detection data are categorical, rather than continuous and (ii) the probability distributions of these variables usually are not normally distributed. We believe that recognizing these two characteristics is of fundamental importance. First, the statistical methods that work perfectly for continuous variables may not work for the categorical variables or the reliability of conclusions may be strongly compromised. Second, historically a large amount of statistical methods were developed based on the assumption of the multivariate normal distribution. In perspective, we suggest that the integration of BC with the independent component analysis (ICA) (that has been successfully utilized in speech recognition, brain imaging, and also intrusion detection in combination with other statistical methods) is likely to offer a mutually complementary approach. We further suggest that the integration of the approach developed in this paper with multidimensional scaling (MDS) may produce an effective technology for building visualized real-time intrusion detection systems.

Intrusion Detection, Block Clustering, Generalized Logistic Regression, Linear Discriminant Analysis, Independent Component Analysis, Multidimensional Scaling.