Your search keyword '"Chin-Tser Huang"' showing total 55 results

1. A Bayesian Game Theoretic Approach for Inspecting Web-Based Malvertising

Author

Laurent Njilla, Chin-Tser Huang, Muhammad N. Sakib, Charles A. Kamhoua, and Kevin Kwiat

Subjects

021110 strategic, defence & security studies, Computer science, business.industry, Stochastic game, 0211 other engineering and technologies, Evasion (network security), 02 engineering and technology, Computer security, computer.software_genre, Bayesian game, symbols.namesake, Nash equilibrium, Complete information, symbols, Web application, Malware, Electrical and Electronic Engineering, business, computer, Dissemination

Abstract

Web-based advertising systems have been exploited by cybercriminals to disseminate malware to an enormous number of end-users and their vulnerable machines. To protect their malicious ads and malware from detection by the ad network, malvertisers apply various redirection and evasion techniques. Meanwhile, the ad network can also apply inspection techniques to spoil the malvertiser's tricks and expose the malware. However, both the malvertiser and the ad network are under resource and time constraints. Moreover, the ad network is disadvantaged because it has incomplete information about whether it is facing a benign or malicious advertiser. In this paper, we aim to apply the Bayesian game model by designing two games to formulate the problem of inspecting the Web-based maladvertising. The first game has two types of Advertisers, namely Malicious and Benign, and one type of Defender; the second game has two types of Attackers, Advanced and Simple, in terms of their capability of redirection and evasion, and one type of Defender. We define their strategies and payoff functions, and compute their Bayesian Nash equilibria. We use numeric simulation to evaluate our game theoretic models, and we derive several insights from the results that can serve as guidelines for the ad network to decide its best inspection strategy.

Published

2020

2. Smart Markers in Smart Contracts: Enabling Multiway Branching and Merging in Blockchain for Decentralized Runtime Verification

Author

Chin-Tser Huang, Tieming Geng, and Laurent Njilla

Subjects

Scheme (programming language), Blockchain, Computer science, business.industry, Distributed computing, Runtime verification, Stability (learning theory), 020206 networking & telecommunications, 02 engineering and technology, Task (project management), Branching (linguistics), Software, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, computer.programming_language

Abstract

The increasing complexity of modern hardware and software platform along with the imperative assurance on stability deems runtime verification of task fulfillment necessary in distributed systems. Distributing the burden of a central verification monitor to individual devices could improve the efficiency. Our previous work shows the possibility of achieving decentralized runtime verification by incorporating some mechanisms of the blockchain technology for locating the accountability when error occurs. However, traditional blockchain technology disallows branching and hence does not support verification of tasks which involves multiway dependencies. In this paper, we introduce a novel approach of smart marker that can be included in a blockchain to enable multiway branching and merging in order to verify the fulfillment of tasks that involve one-to-many and many-to-one dependencies. The design of smart marker satisfies three requirements of recognizability, compatibility, and authenticability. We implement a prototype of the smart marker scheme and analyze its performance.

Published

2021

3. Detecting Counterfeit ICs with Blockchain-based Verification Framework

Author

Laurent Njilla, Chin-Tser Huang, and Tieming Geng

Subjects

Blockchain, Computer science, media_common.quotation_subject, 020208 electrical & electronic engineering, Runtime verification, System safety, 02 engineering and technology, 021001 nanoscience & nanotechnology, Computer security, computer.software_genre, Counterfeit, 0202 electrical engineering, electronic engineering, information engineering, 0210 nano-technology, Merge (version control), computer, Reputation, media_common

Abstract

Counterfeit electronic parts have posed a serious threat to consumers, industry, and government and military agencies for a long time. They not only lead to massive damage in terms of financial and reputation losses, but can also create high risk in the compromise of system safety and integrity. Our previous work shows the possibility of achieving the decentralized runtime verification by incorporating some mechanisms of the blockchain technology into a distributed system for locating the accountability when error occurs. In this paper, we propose to develop a verification framework based on blockchain technology to detect the abnormalities of counterfeit ICs at every stage of their lifecycles, including after being deployed into the system. We design an efficient and effective method that can store the inspection and testing results into a blockchain, and apply the smart marker scheme which can merge separate blockchains associated with individual ICs into one blockchain after the ICs are installed onto the same system.

Published

2020

4. A Security Analysis Method of Security Protocol Implementation Based on Unpurified Security Protocol Trace and Security Protocol Implementation Ontology

Author

Bo Meng, Dejun Wang, Chin-Tser Huang, Jiabing Liu, and Xudong He

Subjects

Security analysis, General Computer Science, Computer science, General Engineering, Construct (python library), Cryptographic protocol, Ontology (information science), network trace, format analysis, Login, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, semantic analysis, security protocol implementation ontology, Ticket, Information system, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, lcsh:TK1-9971, Implementation, computer, Security protocol implementation

Abstract

The security analysis of Security Protocol Implementations(SPI) is an important part of cybersecurity. However, with the strength of property protection and the widely used applications of code obfuscation technology, the previous security analysis method based on SPI is hard to carry out. Therefore, under the condition that SPI is not available, this paper analyzes the security of the SPI using the unpurified security protocol traces and security protocol implementation ontology. First, we construct the implementation ontology to describes the attributes of the ontology terms. Second, the format analysis method is presented based on unpurified flow. Third, the mapping method is proposed to build the mapping between the security protocol trace and the implementation ontology. Fourth, a is presented to analyze the security of SPI. Finally, FSIA software is designed and implemented according to the method we proposed to analyze the login module of a university information system, the result shows that there is a risk of Ticket leakage in the login module. Compared to the previous method,our proposed method can deal with unpurified network traces and find the vulnerabilities of network and system.

Published

2019

5. Securing Relational Database Storage with Attribute Association Aware Shuffling

Author

Chin-Tser Huang, Hatim Alsuwat, Tieming Geng, and Csilla Farkas

Subjects

Database, Shuffling, Relational database, Computer science, business.industry, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Database storage structures, Encryption, computer.software_genre, Mobile cloud computing, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Tuple, business, Mobile device, computer

Abstract

With the fast-increasing prevalence of mobile devices, mobile cloud computing has emerged as an important computing paradigm. Storing databases in the cloud server has been one significant application of mobile cloud computing. However, there is one severe security problem: the protection of most database system relies on the security schemes of the operating system or the hard drive of the server. If an attacker successfully hacks into a cloud server and accesses the database files, then the attacker is able to recover the database and get information about every attribute of a tuple in the database. Encrypting the database does not fully address the problem as seen in the continued incidents of large-scale database breaches. In this paper, we propose a novel and practical database shuffling approach that breaks the original relations between the value of the attributes while keeping the ostensible integrity. It protects the database storage by storing shuffled relations in data files instead of putting shuffled relations in memory only. For semantically or statistically associated attributes, we shuffle them together as a bundle to ensure that the shuffled database appears deceptively genuine to the attacker. We show that our algorithm is compatible with the current relational database design and can be used to provide an extra layer of protection in addition to encryption.

Published

2019

6. A Game Theoretic Approach for Making IoT Device Connectivity Decisions During Malware Outbreak

Author

Chin-Tser Huang, Muhammad N. Sakib, Charles A. Kamhoua, and Laurent Njilla

Subjects

Authentication, Exploit, business.industry, Computer science, Denial-of-service attack, computer.software_genre, Computer security, Default gateway, Repeated game, Malware, The Internet, business, Game theory, computer

Abstract

The paradigm of Internet of Things (IoT) aims to connect all the devices into a network. However, most IoT devices don’t have appropriate security protection, which allows cyber criminals to infect them through the network with malware and exploit them to launch attacks such as DDoS attacks or information stealing. Many proposed countermeasures, such as authentication enhancement and software update, are not practical d be to the constraints of IoT devices, malware’s fast spreading speed, and manufacturer laziness. One viable approach is to temporarily disconnect IoT devices to protect them from exploitation and to prevent infected ones from infecting more devices. However, in an IoT network, some devices may have significant responsibilities, for example serving as gateway to the Internet or in charge of critical monitoring or control tasks, and it may be beneficial to defer their disconnection. In this paper, we aim to apply game theory to formulate the problem of making decisions on the connectivity of IoT devices during malware outbreak as a repeated game, which allows individual IoT devices to make connectivity decision over time. We consider possible strategies that IoT devices can apply when calculating their payoff function, use numeric simulations to evaluate our game theoretic models, and derive several insights that can serve as guidelines for IoT network managers to configure the best connection/disconnection strategy for their IoT devices.

Published

2019

7. Incorporating biometrics into veiled certificates: preventing unauthorized use of anonymous certificates

Author

Chin-Tser Huang, Mohamed Sharaf, and John H. Gerdes

Subjects

Public key certificate, business.industry, Computer science, Economics, Econometrics and Finance (miscellaneous), Internet privacy, 020206 networking & telecommunications, 02 engineering and technology, Data breach, Multi-factor authentication, Service provider, Computer security, computer.software_genre, Human-Computer Interaction, Identifier, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Digital credential, Identity theft, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Anonymity

Abstract

A leading cause of Identity Theft is that attackers get access to the victim's personal credentials. We are warned to protect our personal identifiers but we need to share our credentials with various organizations in order to obtain services from them. As a result the safety of our credentials is dependent on both the ability and diligence of the various organizations with which we interact. However, recent data breach incidents are clear proof that existing approaches are insufficient to protect the privacy of our credentials. Using a Design Science methodology, we propose a new technology, veiled certificates, which includes features that prevent fraudulent use of user's credentials and provides a degree of user anonymity. We also incorporate biometric authentication so that service providers know that they are dealing with the owner of the credentials. Results of a bench scale test that demonstrates the feasibility of the approach are reviewed. We also suggest four major applications which could take advantage of these certificates.

Published

2016

8. Maximizing accuracy in multi-scanner malware detection systems

Author

Ying-Dar Lin, Chin-Tser Huang, and Muhammad N. Sakib

Subjects

Scanner, Computer Networks and Communications, Computer science, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020206 networking & telecommunications, 020201 artificial intelligence & image processing, 02 engineering and technology, Data mining, computer.software_genre, computer, Outcome (probability)

Abstract

A variety of anti-malware scanners have been developed for malware detection. Previous research has indicated that combining multiple different scanners can achieve better result compared to any single scanner. However, given the diversity in detection rates and accuracy of different anti-malware scanners, how to determine the best possible outcome of multi-scanner systems in terms of accuracy and how to achieve this best outcome remain formidable tasks. In this paper, we propose three models to capture the combined output of different combinations of anti-malware scanners based on the limited amount of historical information available. These models enable us to predict the accuracy level of each combination, which helps us to determine the optimal configuration of the multi-scanner detection system to achieve maximum accuracy. We also introduce two methods to identify a near-optimal subset of scanners that can help reduce scanning cost while under time constraint. From simulations over randomly generated hypothetical datasets and experiments conducted with real world malware and goodware datasets and anti-virus scanners, we found that our models perform well in predicting the optimal configuration and can achieve an accuracy as high as within 1% of true maximum.

Published

2020

9. A Security Analysis Method for Security Protocol Implementations Based on Message Construction

Author

Jintian Lu, Chin-Tser Huang, Lili Yao, Dejun Wang, Xudong He, and Bo Meng

Subjects

Scheme (programming language), Security analysis, Computer science, 02 engineering and technology, Computer security, computer.software_genre, lcsh:Technology, lcsh:Chemistry, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Instrumentation, Implementation, lcsh:QH301-705.5, computer.programming_language, Fluid Flow and Transfer Processes, Password, Application programming interface, lcsh:T, Process Chemistry and Technology, General Engineering, security protocol implementation, messages construction, 020206 networking & telecommunications, 020207 software engineering, Cryptographic protocol, lcsh:QC1-999, Computer Science Applications, lcsh:Biology (General), lcsh:QD1-999, Order (business), lcsh:TA1-2040, API tracing, Cyberspace, lcsh:Engineering (General). Civil engineering (General), computer, abstract model, lcsh:Physics, protocol security

Abstract

Security protocols are integral to the protection of cyberspace against malicious attacks. Therefore, it is important to be confident in the security of a security protocol. In previous years, people have worked on security of security protocol abstract specification. However, in recent years, people have found that this is not enough and have begun focusing on security protocol implementation. In order to evaluate the security of security protocol implementations, in this paper, firstly, we proposed the Message Construction to Security Protocol Implementation (MCSPI), a message construction method based on application programming interface (API) traces, which automatically generates the constructed client valid request messages. Then, we presented the Security Analysis Scheme (SAS), a security analysis scheme that generates an abstract model of a security protocol server. Next, we proposed a security analysis method to evaluate the security of security protocol implementations on the basis of constructed client request messages generated with MCSPI, corresponding to the server-side response message and server-side abstract model produced by SAS. Finally, we implemented the Security Protocol Implementation Analysis (SPIA) tool to generate client valid request messages and a server-side abstract model to assist in evaluating security protocol implementations. In our experiments, we tested Tencent QQ mail system version 2017 and RSAAuth system and found that RSAAuth is vulnerable and its server has only security checks for user password, while Tencent QQ mail system version 2017 is more secure and has strong security restrictions at server-side besides security checks for user password.

Published

2018

10. Cloud Security

Author

Chin-Tser Huang, Zahir Tari, Shui Yu, Peter Mueller, and Ying-Dar Lin

Subjects

Cloud computing security, Computer Networks and Communications, business.industry, Computer science, Computer Science (miscellaneous), Cloud computing, Computer security, computer.software_genre, business, computer, Software, Computer Science Applications

Published

2016

11. A game theoretic approach for inspecting web-based malvertising

Author

Kevin Kwiat, Laurent Njilla, Chin-Tser Huang, Charles A. Kamhoua, and Muhammad N. Sakib

Subjects

business.industry, Computer science, Stochastic game, Evasion (network security), 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Cryptovirology, symbols.namesake, Nash equilibrium, 0202 electrical engineering, electronic engineering, information engineering, symbols, Web application, Malware, 020201 artificial intelligence & image processing, business, Dissemination, computer, Game theory, Computer network

Abstract

Web-based advertising system has become a convenient and efficient channel for advertisers to deliver ads to targeted Internet users. Unfortunately, this system has been exploited by cybercriminals to disseminate malware to an enormous number of end-users and their vulnerable machines. To protect their malicious ads and malware from detection by the ad network, malvertisers apply a variety of evasion techniques such as fingerprinting the execution environment, redirecting to compromised IP addresses, and malware polymorphism. On the other hand, the ad network can also apply inspection techniques to spoil the malvertiser's tricks and expose the malware. However, both the malvertiser and the ad network are under the constraints of resource and time. In this paper, we aim to apply game theory to formulate the problem of inspecting the malware inserted by the malvertisers into the Web-based advertising system. We design a normal form game between the malvertiser and the ad network, define their strategies and payoff functions, and compute their pure-strategy and mixed-strategy Nash equilibria. We use numeric simulation to evaluate our game theoretic models, and derive several insights from the results that can serve as guidelines for the ad network to decide its best inspection strategy.1

Published

2017

12. Privacy preserving proximity testing using elliptic curves

Author

Chin-Tser Huang and Muhammad N. Sakib

Subjects

Security analysis, Engineering, business.industry, Service provider, Computer security, computer.software_genre, Alice and Bob, Location-based service, Overhead (computing), Triangulation, Elliptic curve cryptography, business, Protocol (object-oriented programming), computer

Abstract

The availability of GPS in smartphones and other wireless devices has made location based services extremely popular. One of the most widely used location based services is finding nearby friends. Popular social networks like Facebook offer this service purely based on exact user locations. To subscribe to this feature, users are forced to let the service provider know their actual locations, compromising their location privacy. In this paper, we present a protocol based on elliptic curve cryptography concepts for proximity testing which can preserve location privacy of the users. Our protocol enables two parties, Alice and Bob, to test whether they are within an agreed upon distance range from each other without revealing their exact location. Our security analysis shows that our protocol is secure against most known location privacy threats including location triangulation attacks. From experimental evaluation performed on prototype implementation, we found that our protocol is practical for resource-constrained smartphone devices requiring a reasonably small execution time (53 ms) without the communication overhead.

Published

2016

13. Smart City Surveillance in Fog Computing

Author

Haibin Ling, Sejun Song, Yu Chen, Ning Chen, Xinyue Ye, and Chin-Tser Huang

Subjects

Data processing, Situation awareness, business.industry, Computer science, Dynamic data, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, 010501 environmental sciences, Computer security, computer.software_genre, 01 natural sciences, Drone, Smart city, Server, 0202 electrical engineering, electronic engineering, information engineering, The Internet, business, computer, 0105 earth and related environmental sciences

Abstract

The Internet and Internet of Things (IoT) make the Smart City concept an achievable and attractive proposition. Efficient information abstraction and quick decision making, the most essential parts of situational awareness (SAW), are still complex due to the overwhelming amount of dynamic data and the tight constraints on processing time. In many urban surveillance tasks, powerful Cloud technology cannot satisfy the tight latency tolerance as the servers are allocated far from the sensing platform; in other words there is no guaranteed connection in the emergency situations. Therefore, data processing, information fusion and decision making are required to be executed on-site (i.e., near the data collection locations). Fog Computing, a recently proposed extension of Cloud Computing, enables on-site computing without migrating jobs to a remote Cloud. In this chapter, we firstly introduce the motivations and definition of smart cities as well as the existing challenges. Then the concepts and advantages of Fog Computing are discussed. Additionally, we investigate the feasibility of Fog Computing for real-time urban surveillance using speeding traffic detection as a case study. Adopting a drone to monitor the moving vehicles, a Fog Computing prototype is developed. The results validate the effectiveness of our Fog Computing based approach for on-site, online, uninterrupted urban surveillance tasks.

Published

2016

14. Poster Abstract: Smart Urban Surveillance Using Fog Computing

Author

Ning Chen, Chin-Tser Huang, Yu Chen, Xinyue Ye, and Sejun Song

Subjects

Computer science, business.industry, Universal solution, 05 social sciences, Real-time computing, 050801 communication & media studies, Monitoring system, Cloud computing, 02 engineering and technology, computer.software_genre, Computer security, Track (rail transport), Information extraction, 0508 media and communications, Fog computing, Urbanization, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Architecture, business, computer

Abstract

Though the rapid globally urbanization and Internet of Things (IoT) are creating great opportunities for researchers and urban planners to get significant insight of our cities, efficient information extraction and instant decision making are still key issues in which Cloud Computing is not the universal solution any more. We present an urban traffic speeding monitoring system using Fog Computing which not only can track the speeding vehicle and obtain speed information in real-time, but also implement multi-target tracking using single target tracking algorithm. The preliminary experimental results are encouraging and validate our Fog Computing architecture.

Published

2016

15. Multi-dimensional credentialing using veiled certificates: Protecting privacy in the face of regulatory reporting requirements

Author

Joakim Kalvenes, Chin-Tser Huang, and John H. Gerdes

Subjects

Public key certificate, General Computer Science, Computer science, Internet privacy, Certification, Computer security, computer.software_genre, Self-signed certificate, Public-key cryptography, X.509, Identity theft, Certificate authority, License, Revocation list, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, Certificate policy, Certificate, Certification Practice Statement, Root certificate, Key (cryptography), business, Law, computer, Implicit certificate, Personally identifiable information, Anonymity

Abstract

Traditional certificates are designed to establish and document characteristics belonging to a specific individual, be it an identification number (i.e., social security number, driver's license number), a level of achievement (i.e., college degree, license to practice a profession), or membership status (i.e., company ID, trade union card). The digital certificate extends this concept into the electronic world, identifying and linking the certificate holder to a public encryption key that is subsequently used as a means of identification. Current identity certificates provide unique identification and tracking, however it is exactly these characteristics that have led to concerns over identity theft and privacy of personal information. The veiled certificate introduced in this paper addresses these issues by providing means of linking certificates from multiple certifying authorities while masking the user's identity from non-authorized individuals and satisfying the regulatory need of unique, explicit identification. With the ability to be implemented within existing X.509 standards, veiled certification extends traditional digital certificates with features useful in combating identity theft and invasion of privacy.

Published

2009

16. Mutual information applied to anomaly detection

Author

Jeff Janies, Yuliya Kopylova, Duncan A. Buell, and Chin-Tser Huang

Subjects

Theoretical computer science, Exploit, Computer Networks and Communications, Computer science, Computation, Mutual information, computer.software_genre, Information theory, Rényi entropy, Entropy (information theory), Anomaly detection, Data mining, computer, Off line, Information Systems

Abstract

Anomaly detection systems play a significant role in protection mechanism against attacks launched on a network. The greatest challenge in designing systems detecting anomalous exploits is defining what to measure. Effective yet simple, Shannon entropy metrics have been successfully used to detect specific types of malicious traffic in a number of commercially available IDS's. We believe that Renyi entropy measures can also adequately describe the characteristics of a network as a whole as well as detect abnormal traces in the observed traffic. In addition, Renyi entropy metrics might boost sensitivity of the methods when disambiguating certain anomalous patterns. In this paper we describe our efforts to understand how Renyi mutual information can be applied to anomaly detection as an offline computation. An initial analysis has been performed to determine how well fast spreading worms (Slammer, Code Red, and Welchia) can be detected using our technique. We use both synthetic and real data audits to illustrate the potentials of our method and provide a tentative explanation of the results.

Published

2008

17. Design and Verification of Secure Mutual Authentication Protocols for Mobile Multihop Relay WiMAX Networks against Rogue Base/Relay Stations

Author

Jie Huang and Chin-Tser Huang

Subjects

Engineering, Computer engineering. Computer hardware, General Computer Science, Article Subject, 02 engineering and technology, Authentication server, Computer security, computer.software_genre, law.invention, TK7885-7895, Base station, Relay, law, Mobile station, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Mutual authentication, WiMAX, Authentication protocol, Signal Processing, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

Mobile multihop relay (MMR) WiMAX networks have attracted lots of interest in the wireless communication industry recently because of its scalable coverage, improved data rates, and relatively low cost. However, security of MMR WiMAX networks is the main challenge to be addressed. In this paper, we first identify several possible attacks on MMR WiMAX networks in which a rogue base station (BS) or relay station (RS) can get authenticated and gain control over the connections and show that the current standard does not address this problem well. We then propose a set of new authentication protocols for protecting MMR WiMAX networks from rogue BS attack, rogue RS attack, and suppress-replay attack. Our protocols can provide centralized authentication by using a trusted authentication server to support mutual authentication between RS and BS, between RS and RS, and between mobile station (MS) and RS. Moreover, our protocols can also provide distributed authentication with a license issued by the trusted server. We use a formal tool called Scyther to analyze and verify the security properties of our protocols. The results show that our protocols can counter rogue BS and RS attacks and suppress-replay attack and are not susceptible to any known attacks.

Published

2016

18. Automated Collection and Analysis of Malware Disseminated via Online Advertising

Author

Muhammad N. Sakib and Chin-Tser Huang

Subjects

Honeypot, Exploit, business.industry, Computer science, Frame (networking), computer.file_format, Computer security, computer.software_genre, Online advertising, World Wide Web, Malware, The Internet, Executable, business, computer, Dissemination

Abstract

Online advertising system has become a convenient and efficient channel to disseminate Web-based malware to the Internet users. Most of the free online services exist in exchange of the revenues generated through advertisements. Therefore, considerable efforts are made to deliver the ads to the appropriate audiences. Cyber criminals can easily exploit this online ad delivery system to deliver malware to a very large number of end-users and their vulnerable machines. We observe that this active approach by cyber criminals can be exploited to expedite the collection of malware. In this paper, we propose an automated system that mimics high-risk browsing activities such as clicking on suspicious online ads, and as a result collects malicious executable files for further analysis and diagnosis. Using our system we crawled over the Internet for a period of 7 days to collect a significant amount of ad frame URLs, which has been monitored for another period of 7 days to collect more than 800 malicious executables. The experimental results showed that our system is quite effective in collecting online malware samples using very limited resources compared to other malware collecting honeypot systems.

Published

2015

19. A secure address resolution protocol

Author

Chin-Tser Huang and Mohamed G. Gouda

Subjects

Ethernet, Otway–Rees protocol, Internet Protocol Control Protocol, Port Control Protocol, Computer Networks and Communications, computer.internet_protocol, Computer science, Neighbor Discovery Protocol, law.invention, Internet protocol suite, law, Internet Protocol, Link-local address, Subnetwork, IP address management, Carrier Ethernet, Stateless protocol, Authentication, Ethernet Global Data Protocol, business.industry, Link Control Protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Synchronous Ethernet, Network interface controller, ARP spoofing, The Internet, Address Resolution Protocol, business, Communications protocol, ATA over Ethernet, computer, Reverse Address Resolution Protocol, Computer network

Abstract

We propose an architecture for securely resolving IP addresses into hardware addresses over an Ethernet. The proposed architecture consists of a secure server connected to the Ethernet and two protocols: an invite-accept protocol and a request-reply protocol. Each computer connected to the Ethernet can use the invite-accept protocol to periodically record its IP address and its hardware address in the database of the secure server. Each computer can later use the request-reply protocol, to obtain the hardware address of any other computer connected to the Ethernet from the database of the secure server. These two protocols are designed to overcome the actions of any adversary that can lose sent messages, arbitrarily modify the fields of sent messages, and replay old messages.

Published

2003

20. Feedback-based smartphone strategic sampling for BYOD security

Author

Wei Peng, Jie Huang, Feng Li, and Chin-Tser Huang

Subjects

Computer science, Sampling (statistics), Computer security, computer.software_genre, computer

Published

2014

21. A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces

Author

Wei Peng, Chin-Tser Huang, Xukai Zou, and Feng Li

Subjects

Exploit, Computer science, Software deployment, business.industry, Cloud computing, Attack surface, Computer security model, business, Computer security, computer.software_genre, computer

Abstract

Due to deep automation, the configuration of many Cloud infrastructures is static and homogeneous, which, while easing administration, significantly decreases a potential attacker's uncertainty on a deployed Cloud-based service and hence increases the chance of the service being compromised. Moving-target defense (MTD) is a promising solution to the configuration staticity and homogeneity problem. This paper presents our findings on whether and to what extent MTD is effective in protecting a Cloud-based service with heterogeneous and dynamic attack surfaces - these attributes, which match the reality of current Cloud infrastructures, have not been investigated together in previous works on MTD in general network settings. We 1) formulate a Cloud-based service security model that incorporates Cloud-specific features such as VM migration/snapshotting and the diversity/compatibility of migration, 2) consider the accumulative effect of the attacker's intelligence on the target service's attack surface, 3) model the heterogeneity and dynamics of the service's attack surfaces, as defined by the (dynamic) probability of the service being compromised, as an S-shaped generalized logistic function, and 4) propose a probabilistic MTD service deployment strategy that exploits the dynamics and heterogeneity of attack surfaces for protecting the service against attackers. Through simulation, we identify the conditions and extent of the proposed MTD strategy's effectiveness in protecting Cloud-based services. Namely, 1) MTD is more effective when the service deployment is dense in the replacement pool and/or when the attack is strong, and 2) attack-surface heterogeneity-and-dynamics awareness helps in improving MTD's effectiveness.

Published

2014

22. Using Bytecode Instrumentation to Secure Information Flow in Multithreaded Java Applications

Author

Mohamed Sharaf, Chin-Tser Huang, and Jie Huang

Subjects

Java, Scala, business.industry, Computer science, strictfp, computer.software_genre, Java concurrency, Credit card, Real time Java, Embedded system, Operating system, business, computer, Java applet, Java annotation, computer.programming_language

Abstract

Information leakage is considered one of the vulnerabilities that may exist in careless development of software applications or unreliable and untrusted COTS binaries. Providing security at the level of programming development is important because leaking sensitive information such as credit card number, cookies, passwords or SSN does not require a lot of bandwidth to get through. In this paper, we propose a Secure Information Flow for Multithreaded Java (SIF-MJ) model, to enforce security and enhance assurance in all information flows throughout the execution time of the application without violating any rules or properties of multithreaded application. SIF-MJ does not require modification on the underlying Java Virtual Machine (JVM), therefore our proposed model is applicable to the currently existing JVMs.

Published

2013

23. Smartphone strategic sampling in defending enterprise network security

Author

Xukai Zou, Chin-Tser Huang, Feng Li, and Wei Peng

Subjects

Dilemma, Work (electrical), Computer science, Cost effectiveness, Sampling (statistics), Enterprise private network, Network security policy, Asset (computer security), Computer security, computer.software_genre, Business communication, computer

Abstract

Smartphones have made their inroads in enterprise environment, manifested in the Bring Your Own Device (BYOD) policy: More employees are bringing their own smartphones to work and are using them to access enterprise information assets. The dilemma between responsiveness to security incidents and convenience/cost-effectiveness demands BYOD security solutions beyond the straightforward all-inclusive full-scanning or uniformly random sampling approaches. In this paper, we propose a carefully planned but otherwise random, or strategic, sampling approach out of this dilemma. Strategic sampling provides a balance between security responsiveness and cost effectiveness by identifying and periodically sampling those representative smartphones (security-wise). We validate the efficiency and effectiveness of the proposed strategic sampling via simulations driven by publicly available, real-world collected traces.

Published

2013

24. PASSAGES: Preserving Anonymity of Sources and Sinks against Global Eavesdroppers

Author

Hyangkyu Park, Chin-Tser Huang, Baek-Young Choi, and Sejun Song

Subjects

Computer science, business.industry, business, Computer security, computer.software_genre, computer, Computer network, Anonymity

Abstract

While many security schemes protect the content of messages in the Distributed Sensing Systems (DSS), the contextual information, such as communication patterns, is left vulnerable and can be utilized by attackers to identify critical information such as the locations of event sources and message sinks. Existing solutions for location anonymity are mostly designed to protect source or sink location anonymity individually against limited eavesdroppers on a small region at a time. However, they can be easily defeated by highly motivated global eavesdroppers that can monitor entire communication events on the DSS. To grapple with these challenges, we propose a mechanism for Preserving Anonymity of Sources and Sinks against Global Eavesdroppers (PASSAGES). PASSAGES uses a small number of stealthy permeability tunnels such as wormholes and message ferries to scatter and hide the communication patterns. Unlike prior schemes, PASSAGES effectively achieves a high anonymity level for both source and sink locations, without incurring extra communication overheads. We quantify the location anonymity level and evaluate the effectiveness of PASSAGES via analysis as well as extensive simulations. We also perform evaluations on the synergistic effect when PASSAGES is combined with other traditional solutions.

Published

2013

25. Textact: A text-action based web authentication scheme

Author

Chin-Tser Huang and Muhammad N. Sakib

Subjects

Password, Challenge-Handshake Authentication Protocol, Authentication, Password policy, Cognitive password, Computer science, business.industry, Email authentication, Multi-factor authentication, Web application security, computer.software_genre, Computer security, One-time password, NTLMSSP, Chip Authentication Program, S/KEY, Generic Bootstrapping Architecture, Authentication protocol, Lightweight Extensible Authentication Protocol, Web service, Challenge–response authentication, business, computer, Data Authentication Algorithm, Digest access authentication

Abstract

World Wide Web has become an integral part of our life and the bulk of Web usage involves user authentication. Technology available in this area does not offer much variation. Much research has been done to improve security and user experience of Web authentication, but still the schemes are far from being perfect. In this paper, we present a novel Web authentication scheme, Textact, which can meet the desired level of competence in multiple criteria including password space, memorizability, and security against known attacks. We also give a comparative analysis on improvement over the existing authentication schemes.

Published

2012

26. A Hierarchical Framework for Secure and Scalable EHR Sharing and Access Control in Multi-cloud

Author

Chin-Tser Huang, Jie Huang, and Mohamed Sharaf

Subjects

Information privacy, Database, business.industry, Computer science, Authorization, Access control, Cloud computing, Cryptography, Computer security, computer.software_genre, Encryption, Data sharing, Data access, Server, ComputingMilieux_COMPUTERSANDSOCIETY, Attribute-based encryption, business, computer

Abstract

Nowadays Electronic Health Records (EHRs) is a preferred method to store patients' health records. The emergence of cloud computing services provides users with flexible access, large storage capability and low costs, which motivate EHR maintainers to consider migrating EHR data from their own storage to the cloud. However, securing EHRs in cloud is a major challenge. Several security properties need to be satisfied, such as data privacy, fine-grained access control and scalable access between different clouds. In this paper, we propose a secure and scalable framework for EHR data sharing which combines Identity-based Encryption and Attribute-based Encryption together to enforce access control policies. Through this framework a fine-grained access control scheme on EHR can be enforced and scalable access between different clouds is enabled. We also propose a novel design to address the problem of improper data access caused by a user with multiple roles and access rights to an EHR.

Published

2012

27. A Secure and Efficient Multi-Device and Multi-Service Authentication Protocol (SEMMAP) for 3GPP-LTE Networks

Author

Chin-Tser Huang and Jie Huang

Subjects

Challenge-Handshake Authentication Protocol, Authentication, SSLIOP, Otway–Rees protocol, Computer science, business.industry, computer.internet_protocol, Chip Authentication Program, Server, Authentication protocol, IPsec, Lightweight Extensible Authentication Protocol, Protected Extensible Authentication Protocol, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

3GPP-LTE networks use the EAP-AKA protocol to authenticate and negotiate session keys with mobile users. However, with the popular trend of single user owning multiple devices and subscribing to multiple services, the EAP-AKA protocol appears inefficient because its authentication is device-oriented. In this paper, we propose a secure and efficient multi-device and multi-service authentication protocol, called SEMMAP, for 3GPP-LTE networks. SEMMAP makes use of a key hierarchy and an authority-issued license to enable an authenticating server to quickly verify the legitimacy of multiple devices belonging to the same mobile user and conduct a fast key negotiation between the server and the mobile user. Performance analysis shows that SEMMAP is more efficient than the current EAP-AKA protocol under the multi-device, multi-service scenario in terms of authentication delay and storage overhead for Authentication Vector (AV) at authenticating servers.

Published

2012

28. Modeling and Automating Analysis of Server Duty and Client Obligation for High Assurance

Author

Vipul Gupta and Chin-Tser Huang

Subjects

Service (business), Object-oriented programming, Computer science, business.industry, media_common.quotation_subject, String (computer science), Computer security, computer.software_genre, Mode (computer interface), Server, Accountability, Obligation, business, Duty, computer, Computer network, media_common

Abstract

In today's distributed service system which is often composed of heterogeneous servers and clients, the assurance of continuous operation of such system relies heavily on two things: the server continues to faithfully fulfill its duties, and the client continues to faithfully fulfill its obligations. However, as the complexity of distributed service system grows, it becomes much harder to correctly identify who is accountable for a service interruption or discontinuation when it occurs. In this paper, we propose an object-oriented approach to model and automate the analysis of server duty and client obligation for achieving high assurance of continuous service. With the formal model of server duty-client obligation interaction string and the use of an Accountability Analysis Engine, the proposed approach can effectively identify the party at fault in either online or offline mode when service interruption or discontinuation occurs.

Published

2012

29. A practical implementation of veiled certificate for user-centric privacy protection

Author

Will Goss and Chin-Tser Huang

Subjects

Public key certificate, Computer science, business.industry, Process (engineering), Cryptography, Self-signed certificate, Computer security, computer.software_genre, Certificate, Root certificate, business, Implicit certificate, computer, User-centered design

Abstract

We describe an implementation of the veiled certificate for providing user-centric privacy protection. This description gives details on the process of cryptographic algorithm selection, the execution and design of the selected algorithm.

Published

2012

30. Improving transmission efficiency of large sequence alignment/map (SAM) files

Author

Muhammad N. Sakib, Jijun Tang, W. Jim Zheng, and Chin-Tser Huang

Subjects

Time Factors, 0206 medical engineering, lcsh:Medicine, Sequence Databases, Biological Data Management, 02 engineering and technology, Data_CODINGANDINFORMATIONTHEORY, Lossy compression, computer.software_genre, Bioinformatics, 03 medical and health sciences, Computer Communication Networks, Databases, Genome Databases, Genome Sequencing, lcsh:Science, Biology, 030304 developmental biology, Lossless compression, Physics, 0303 health sciences, Multidisciplinary, Computers, lcsh:R, Computational Biology, Genomics, Sequence Analysis, DNA, File format, Data Compression, Compression ratio, Computer Science, lcsh:Q, Programming Languages, Data mining, Transmission time, Information Technology, computer, Sequence Alignment, Sequence Analysis, 020602 bioinformatics, Algorithms, Software, Data compression, Volume (compression), Image compression, Research Article

Abstract

Research in bioinformatics primarily involves collection and analysis of a large volume of genomic data. Naturally, it demands efficient storage and transfer of this huge amount of data. In recent years, some research has been done to find efficient compression algorithms to reduce the size of various sequencing data. One way to improve the transmission time of large files is to apply a maximum lossless compression on them. In this paper, we present SAMZIP, a specialized encoding scheme, for sequence alignment data in SAM (Sequence Alignment/Map) format, which improves the compression ratio of existing compression tools available. In order to achieve this, we exploit the prior knowledge of the file format and specifications. Our experimental results show that our encoding scheme improves compression ratio, thereby reducing overall transmission time significantly.

Published

2011

31. Secure Mutual Authentication Protocols for Mobile Multi-Hop Relay WiMAX Networks against Rogue Base/Relay Stations

Author

Chin-Tser Huang and Jie Huang

Subjects

Mobile radio, Authentication, Network security, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Mutual authentication, Cryptographic protocol, Computer security, computer.software_genre, Authentication server, WiMAX, Base station, Authentication protocol, Wireless, business, computer, Computer network

Abstract

Mobile multi-hop relay (MMR) WiMAX networks have attracted lots of interest in the wireless communication industry recently because of its scalable coverage, improved data rates and relatively low cost. However, security of MMR WiMAX networks is the main challenge. In this paper, we first identify a possible attack on MMR WiMAX networks in which a rogue base station (BS) or relay station (RS) can get authenticated and gain control over the connections. We also show that the current standard does not address this problem well. We then propose a set of new authentication protocols for protecting MMR WiMAX networks from rogue BS and rogue RS attacks. Our protocols provide centralized authentication by using a trusted authentication server to support mutual authentication between RS and BS, between RS and RS, and between MS and RS. Our protocols can also provide distributed authentication with a license issued by the trusted server.

Published

2011

32. On the Benefits of Early Filtering of Botnet Unwanted Traffic

Author

Prasanth Kalakota and Chin-Tser Huang

Subjects

Telecommunication network reliability, business.industry, Computer science, Filtering theory, Botnet, business, Computer security, computer.software_genre, computer, Computer network

Published

2009

33. Privacy-preserving multi-dimensional credentialing using veiled certificates

Author

Chin-Tser Huang and John H. Gerdes

Subjects

Revocation list, Public key certificate, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, Certificate policy, Computer science, Internet privacy, Computer security, computer.software_genre, Self-signed certificate, X.509, Certification Practice Statement, Certificate authority, business, computer, Implicit certificate

Abstract

Traditional certificates are designed to establish and document characteristics belonging to a specific individual, be it an identification number, a level of achievement, or membership status. The digital certificate extends this concept into the electronic world, identifying and linking the certificate holder to a public encryption key that is subsequently used as a means of identification. Current identity certificates provide unique identification and tracking, however it is exactly these characteristics that have led to concerns over identity theft and privacy of personal information. In this paper, we introduce a new type of certificate, called veiled certificate, which addresses these issues by providing means of linking certificates from multiple certifying authorities while masking the user's identity from non-authorized individuals and satisfying the regulatory need of unique, explicit identification. With the ability to be implemented within existing X.509 standards, veiled certification extends traditional digital certificates with features useful in combating identity theft and invasion of privacy.

Published

2009

34. P2F: A User-Centric Privacy Protection Framework

Author

Csilla Farkas, Chin-Tser Huang, and Maryam Jafari-lafti

Subjects

Information privacy, Privacy by Design, business.industry, Privacy software, Computer science, Internet privacy, Data security, Service provider, computer.software_genre, Computer security, Web service, business, Database transaction, computer, User-centered design

Abstract

In this paper, we present an end-user tool called the Privacy Protection Framework (P2F) which aims to support users in protecting their privacy when obtaining web-based services. P2F acts as a recommendation tool that analyzes the user's transaction history and privacy preferences in addition to real-world privacy privacy guidelines to prevent undesirable disclosure of personal data. The framework is based on a novel qualitative privacy compromise risk assessment approach designed to support decision-making in settings where server-side support for user-centric privacy protection frameworks is minimal or unkown. Our risk assessment model uses service provider properties, likelihood of collusion between providers, the sensitivity of the personal data to be released, and undesirable transaction linkability to determine the privacy compromise potential of a transaction.

Published

2009

35. Secure Multicast in WiMAX

Author

Manton M. Matthews, Sen Xu, and Chin-Tser Huang

Subjects

Secure multicast, Protocol Independent Multicast, Multicast, Computer Networks and Communications, Computer science, computer.internet_protocol, business.industry, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Data_CODINGANDINFORMATIONTHEORY, Source-specific multicast, Multicast address, IP multicast, Xcast, business, computer, Pragmatic General Multicast, Computer network

Abstract

Multicast enables efficient large-scale content distribution and has become more and more popular in network service. Security is a critical issue for multicast because many applications require access control and privacy. This issue is more sensitive to wireless network, which is lack of physical boundaries. IEEE 802.16 is the standard for next generation wireless network, which aims to provide the last mile access for Wireless Metropolitan Area Network (WirelessMAN). Multicast is also supported in IEEE 802.16, and a Multicast and Broadcast Rekeying Algorithm (MBRA) was proposed in the standard as an optional function for secure multicast. However, this algorithm does not provide backward and forward secrecy. It is not scalable to a large group either. This paper reviews the above two deficiencies of MBRA and proposes revision to address these problems for Intra-BS multicast. We also propose algorithms for secure multicast in different scenarios of WirelessMAN besides its basic schema, including Inter-BS multicast, multicast for mesh network, and multicast during handover.

Published

2008

36. Securing VoIP Services in Multi-Hop Wireless Mesh Networks

Author

Yi Xian and Chin-Tser Huang

Subjects

Voice over IP, Wireless mesh network, Computer science, business.industry, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Mesh networking, Order One Network Protocol, Mobile communications over IP, Computer security, computer.software_genre, Message authentication code, The Internet, business, computer, Computer network

Abstract

Voice over Internet Protocol (VoIP) service has been a very popular and important application over the Internet. Wireless VoIP also becomes more and more popular due to its features of low cost and convenience. Recently, wireless mesh network has been considered as a good solution for VoIP services since it is easy to deploy and provides a larger area coverage. However, the security and performance are the main challenges. In this work, we focus on the security issues and present a new protocol for securing the voice traffic over the wireless mesh network, including the client authentication, intermediate mesh nodes authentication to ensure secure multi-hop communication, voice traffic confidentiality and secure optimal routing selection by using the probing packets.

Published

2007

37. Containing Hitlist-Based Worms with Polymorphic Signatures

Author

T. Richardson and Chin-Tser Huang

Subjects

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Class (computer programming), Computer science, Computer security, computer.software_genre, Host (network), computer, Electronic mail

Abstract

Worms are a significant threat to network systems, both through resource consumption and malicious activity. This paper examines the spread of a class of hitlist-based worms that attempt to propagate by searching for address book files on the host system and using the host's mail program to spread to the addresses found. This threat becomes more severe when the worms are assumed to be polymorphic in nature - able to dynamically change their signature to elude capture. Because the method of propagation for these worms is predictable, it is possible to contain their spread through the use of honeytoken e-mail addresses in the client address book. Any e-mail received by the honeytoken address will be immediately recognized as malicious and can therefore be used to flag client machines as infected. This paper provides a complete description of a method to allow for better containment of this class of worms. The results of the proposed method are examined and compared to a previous method of capturing this type of worm.

Published

2007

38. Fates: A Granular Approach to Real-Time Anomaly Detection

Author

Jeff Janies and Chin-Tser Huang

Subjects

Scheme (programming language), Computer science, Network packet, Anomaly (natural sciences), Face (geometry), Real-time computing, Anomaly detection, Intrusion detection system, Host (network), Threat assessment, computer, computer.programming_language

Abstract

Anomaly-based intrusion detection systems have the ability of detecting novel attacks, but in real-time detection, they face the challenges of producing many false alarms and failing to contend with the high speed of modern networks due to their computationally demanding algorithms. In this paper, we present Fates, an anomaly-based NIDS designed to alleviate the two challenges. Fates views the monitored network as a collection of individual hosts instead of as a single autonomous entity and uses dynamic, individual threshold for each monitored host, such that it can differentiate between characteristics of individual hosts and independently assess their threat to the network. Each packet to and from a monitored host is analyzed with an adaptive and efficient charging scheme that considers the packet's type, number of occurrences, source, and destination. The resulting charge is applied to the individual hosts' threat assessment, providing pinpointed analysis of anomalous activities. We use various datasets to validate Fates's ability to distinguish scanning behavior from benign traffic in real time.

Published

2007

39. Secure multicast in various scenarios of WirelessMAN

Author

Sen Xu, Manton M. Matthews, and Chin-Tser Huang

Subjects

Secure multicast, Protocol Independent Multicast, Multicast, business.industry, Computer science, computer.internet_protocol, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Source-specific multicast, Multicast address, IP multicast, Xcast, business, computer, Pragmatic General Multicast, Computer network

Abstract

Multicast enables efficient large-scale content distribution and has become more and more popular in network service. Security is a critical issue for multicast because many applications require access control and privacy. This issue is more sensitive to wireless network, which is lack of physical boundaries. IEEE 802.16 is the standard for next generation wireless network, which aims to provide the last mile access for wireless metropolitan area network (WirelessMAN). Multicast is also supported in IEEE 802.16, and a multicast and broadcast rekeying algorithm (MBRA) is proposed as an optional function for secure multicast. However, this algorithm does not provide backward and forward secrecy, and is not scalable to large group. This paper reviews the above two deficiencies of MBRA and proposes a new algorithm to address them. We also propose algorithms for secure multicast in different scenarios of WirelessMAN besides its basic scheme.

Published

2007

40. Efficient and Secure Multicast in WirelessMAN

Author

Sen Xu, M. Ginley, Chin-Tser Huang, and Manton M. Matthews

Subjects

Secure multicast, Protocol Independent Multicast, Multicast, business.industry, computer.internet_protocol, Computer science, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Source-specific multicast, Multicast address, IP multicast, Xcast, business, computer, Pragmatic General Multicast, Computer network

Abstract

Multicast delivery of data is a powerful mechanism that has strong potential in next generation networks. The increased efficiency over unicast is a definite advantage, but the use of multicast poses many security risks. Effectively adding security measures to a multicast service is an intriguing problem, especially when the service is deployed in a wireless setting. Next generation IEEE 802.16 standard WirelessMAN networks are a perfect example of this problem, and the latest draft specification of the standard includes a secure protocol solution called multicast and broadcast rekeying algorithm (MBRA). In this paper, we expose the security problems of MBRA, including non-scalability and omission of backward and forward secrecy, and propose a new approach, ELAPSE, to address these problems. We analyze the security property of ELAPSE and use Qualnet simulations to show its efficiency

Published

2007

41. A secure cookie protocol

Author

Mohamed G. Gouda, Alex X. Liu, J.M. Kovacs, and Chin-Tser Huang

Subjects

Challenge-Handshake Authentication Protocol, Web server, Authentication, Stateless protocol, SSLIOP, Hypertext Transfer Protocol, computer.internet_protocol, business.industry, Computer science, computer.software_genre, Computer security, Hypertext Transfer Protocol over Secure Socket Layer, law.invention, Internet protocol suite, law, Authentication protocol, IPsec, Secure Hypertext Transfer Protocol, Internet Protocol, Web application, The Internet, business, computer, Reverse Address Resolution Protocol, Computer network

Abstract

Cookies are the primary means for Web applications to authenticate HTTP requests and to maintain client states. Many Web applications (such as electronic commerce) demand a secure cookie protocol. Such a protocol needs to provide the following four services: authentication, confidentiality, integrity and antireplay. Several secure cookie protocols have been proposed in previous literature; however, none of them are completely satisfactory. In this paper, we propose a secure cookie protocol that is effective, efficient, and easy to deploy. In terms of effectiveness, our protocol provides all of the above four security services. In terms of efficiency, our protocol does not involve any database lookup or public key cryptography. In terms of deployability, our protocol can be easily deployed on an existing Web server, and it does not require any change to the Internet cookie specification. We implemented our secure cookie protocol using PHP, and the experimental results show that our protocol is very efficient.

Published

2006

42. Attacks on PKM Protocols of IEEE 802.16 and Its Later Versions

Author

Sen Xu and Chin-Tser Huang

Subjects

IEEE 802, IEEE 802.11u, IEEE 802.11w-2009, business.industry, Inter-Access Point Protocol, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Computer security, computer.software_genre, IEEE 802.11i-2004, IEEE 802.1X, business, computer, Computer network, IEEE 802.11r-2008, IEEE 802.11s

Abstract

Without physical boundaries, a wireless network faces many more vulnerabilities than a wired network does. IEEE 802.16 provides a security sublayer in the MAC layer to address the privacy issues across the fixed BWA (broadband wireless access). Several articles have been published to address the flaws in IEEE 802.16 security after IEEE 802.16-2001 was released. However, even the enhanced version IEEE 802.16-2004 does not settle all the problems and additional flaws emerge. In addition, we found that PKM (privacy and key management) protocols version 2 (PKMv2), proposed by recently released IEEE 802.16e, is also vulnerable to new attacks. In this paper, we first overview the IEEE 802.16 standard, especially the security sublayer, and then investigate possible attacks on the basic PKM protocol in IEEE 802.16 as well as in its other versions from related works and the newest PKMv2. We also give possible solutions to counter those attacks and verify our analysis using formal (BAN) logic.

Published

2006

43. Wavelet-based Real Time Detection of Network Traffic Anomalies

Author

Sachin Thareja, Yong-June Shin, and Chin-Tser Huang

Subjects

Signal processing, Computer science, business.industry, Wavelet transform, Denial-of-service attack, Intrusion detection system, computer.software_genre, Coiflet, Wavelet, Entropy (information theory), Data mining, Pattern matching, business, computer, Computer network

Abstract

Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.

Published

2006

44. On Capturing and Containing E-mail Worms

Author

Alex X. Liu, Nathan L. Johnson, Chin-Tser Huang, and Jeff Janies

Subjects

business.industry, Computer science, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Registered user, Construct (python library), Computer security, computer.software_genre, Electronic mail, Blacklist, Signature (logic), ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Digital signature, Local domain, Address book, business, GeneralLiterature_REFERENCE(e.g.,dictionaries,encyclopedias,glossaries), computer, Computer network

Abstract

Capturing an E-mail worm and containing its propagation as early as possible is desirable in order to provide better protection for the networks and hosts against severe damage that may be caused by the worm. In this paper, we propose a new approach that makes use of the propagating nature of E-mail worms. This approach inserts into each client's address book a dummy E-mail address that is not used by any registered user of the local domain, such that we can be confident that any E-mail destined to this dummy E-mail address is generated by an E-mail worm. The captured signatures can then be used to construct a user blacklist and a signature blacklist to contain the propagation of this E-mail worm. We also discuss how E-mail worms can attempt to bypass the dummy E-mail address, and propose countermeasures against these attempts. Our prototype implementation shows that this approach is easily deployable and is effective in containing E-mail worms.

Published

2006

45. Security issues in privacy and key management protocols of IEEE 802.16

Author

Chin-Tser Huang, Manton M. Matthews, and Sen Xu

Subjects

IEEE 802.11u, IEEE 802.11w-2009, Computer science, business.industry, Inter-Access Point Protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Computer security, computer.software_genre, WLAN Authentication and Privacy Infrastructure, IEEE 802.11i-2004, IEEE 802.1X, business, computer, IEEE 802.11r-2008, IEEE 802.11s, Computer network

Abstract

Without physical boundaries, a wireless network faces many more security threats than a wired network does. Therefore, in the IEEE 802.16 standard a security sublayer is specified in the MAC layer to address the privacy issues across the fixed Broadband Wireless Access (BWA). Several articles have been published to address the flaws in IEEE 802.16 security after the IEEE standard 802.16-2001 was released. However, the IEEE standard 802.16-2004 revision does not settle all the discovered problems and additional flaws remain. This paper gives an overview of the IEEE 802.16 standard, focusing on the MAC layer and especially the security sublayer. We analyze the security flaws in the standard as well as in related works, and illustrate possible attacks to the authentication and key management protocols. Possible solutions are also proposed to prevent these attacks. Finally, we propose a security handover protocol that should be supported in the future 802.16e for mobility.

Published

2006

46. SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks

Author

Jeff Janies, Chin-Tser Huang, and Nathan L. Johnson

Subjects

Routing protocol, business.industry, Network packet, Computer science, Wireless network, computer.internet_protocol, Wireless ad hoc network, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Wireless Routing Protocol, Exposed node problem, Hop (networking), Key distribution in wireless sensor networks, Base station, Optimized Link State Routing Protocol, Sensor node, Wireless Application Protocol, Unicast, business, Wireless sensor network, computer, Computer network

Abstract

Most wireless ad hoc sensor networks are susceptible to routing level attacks, in which an adversary masquerades as a legitimate node to convince neighboring nodes that it is the "logical" next hop or is on a "better" path for forwarding packets, and arbitrarily drops the packets forwarded by neighboring nodes. In this paper, we propose a secure unicast messaging protocol (SUMP) for wireless ad hoc sensor networks to mitigate the threat of routing level attacks. SUMP groups nodes into levels based on hop count to provide hop-by-hop group authentication using Merkel hash trees. This method allows for varied levels of security in accordance with a node's hop count from the base station and secure, directed unicast communications from the base station to individual nodes. Unlike other sensor network security protocols that require the storage of parent node information, a sensor node running SUMP does not store parent node information, therefore preventing an adversary from gaining information of other nodes from a compromised node.

Published

2006

47. Message from the WSNet Workshop Co-chairs

Author

Bin Wang, Masakatsu Ogawa, Xiaoyan Hong, Jen-Yao Chung, Ten-Hwang Lai, Jianping Jiang, Xinwen Fu, Chin-Tser Huang, Chung Kuo Chang, Sandeep S. Kulkarni, Sheikh Iqbal Ahamed, Cho Yu Chiang, Richard R. Brooks, Qun Li, Saad Biaz, Phillip G. Bradford, Chikara Ohta, Yu Wang, Wenye Wang, Min-Te Sun, and Ying Jing

Subjects

Multimedia, Computer science, business.industry, media_common.quotation_subject, Research findings, computer.software_genre, Field (computer science), Presentation, Wireless, Telecommunications, business, computer, Wireless sensor network, media_common

Abstract

W elcome to WSNET 2006, the International Workshop on Wireless and Sensor Networks to be held in conjunction with the 35 th International Conference on Parallel Processing. The research on ad hoc and sensor networks has experienced an explosive growth in the past decade. Without the need of a fixed infrastructure, ad hoc and sensor networks can be deployed quickly and inexpensively. Today ad hoc and sensor networks have become an enabling wireless technology for many commercial and military applications. This workshop intends to bring together the leading researchers and practitioners in this field to exchange and share the research findings and prospects of ad hoc and sensor networks. A total of twenty two papers were submitted to the workshop in response to the Call for Papers. Each paper was reviewed by three program committee members. The decision on the acceptance of papers are primarily based on the reviewer's input. In case if multiple papers received the similar review scores, the final decision was made by the Workshop co-Chairs. As a result, a total of eleven papers were selected for presentation in three sessions at WSNET 2006. We hope you will find the workshop to be both informative and enjoyable.

Published

2006

48. Convergence of IPsec in presence of resets

Author

Mohamed G. Gouda, Elmootazbellah Nabil Elnozahy, and Chin-Tser Huang

Subjects

Sequence, Authentication, business.industry, Computer science, computer.internet_protocol, Message passing, Cryptography, Security association, IPsec, business, Reset (computing), computer, Anti-replay, Computer network

Abstract

IPsec is the current security standard for the Internet Protocol IP. According to IPsec, a selected computer pair (p. q) in the Internet can be designated a "security association". This designation guarantees that all sent IP messages whose original source is computer p and whose ultimate destination is computer q cannot be replayed in the future (by an adversary between p and q) and still be received by q as fresh messages from p. This guarantee is provided by adding increasing sequence numbers to all IP messages sent from p to q. Thus, p needs to always remember the sequence number of the last sent message, and q needs to always remember the sequence number of the last received message. Unfortunately, when computer p or q is reset these sequence numbers can be forgotten, and this leads to two bad possibilities: unbounded number of fresh messages from p can be discarded by q. and unbounded number qf replayed messages can be accepted by q. In this paper, we propose two operations, "SAVE"' and "FETCH", to prevent these possibilities. The SAVE operation can be used to store the last sent sequence member in persistent memory of p once every K/sub p/ sent messages, and can be used to store the last received sequence number in persistent memory of q once every K/sub q/ received messages. The FETCH operation can be used to fetch the last stored sequence number for a computer when that computer wakes tip after a reset. We show that the following three conditions hold when SAVE and FETCH are adopted in both p and q. First, when p is reset, at most 2K/sub p/ sequence numbers will be lost but no fresh message sent from p to q will be discarded if no message reorder occurs. Second, when q is reset, the number of discarded fresh messages is bounded by 2K/sub q/, In either case, no replayed message will be accepted by q.

Published

2004

49. Key trees and the security of interval multicast

Author

Chin-Tser Huang, Elmootazbellah Nabil Elnozahy, and Mohamed G. Gouda

Subjects

Theoretical computer science, Protocol Independent Multicast, Multicast, business.industry, Computer science, computer.internet_protocol, Inter-domain, Cryptography, Encryption, Source-specific multicast, IP multicast, Xcast, business, computer, Pragmatic General Multicast, Computer network

Abstract

A key tree is a distributed data structure of security keys that can be used by a group of users. In this paper we describe how any user in the group can use the different keys in the key tree to securely multicast data to different subgroups within the group. The cost of securely multicasting data to a subgroup whose users are "consecutive" is O(log n) encryptions, where n is the total number of users in the group. The cost of securely multicasting data to an arbitrary subgroup is O(n/2) encryptions. However this cost can be reduced to one encryption by introducing an additional key tree to the group.

Published

2003

50. An anti-replay window protocol with controlled shift

Author

Mohamed G. Gouda and Chin-Tser Huang

Subjects

Otway–Rees protocol, Internet Protocol Control Protocol, Port Control Protocol, computer.internet_protocol, Computer science, Internet layer, Tunneling protocol, Internet security, Neighbor Discovery Protocol, law.invention, Internet Control Message Protocol, Internet protocol suite, law, Internet Protocol, Universal composability, User Datagram Protocol, Stateless protocol, business.industry, Resource Reservation Protocol, Link Control Protocol, Adversary, IPsec, Internetwork protocol, The Internet, business, computer, Reverse Address Resolution Protocol, Anti-replay, Computer network

Abstract

The anti-replay window protocol is used to secure IP against an adversary that can insert (possibly replayed) messages in the message stream from a source computer to a destination computer in the Internet. We discuss this important protocol and point out a potential problem faced by the protocol, in which severe reordering of messages can cause the protocol to discard a lot of good messages. We then introduce a controlled shift mechanism that can reduce the number of discarded good messages by sacrificing a relatively small number of messages. We use simulation to show that the modified protocol is more effective than the original protocol when a severe reordering of messages occurs. In particular, we show that the modified protocol reduces the number of discarded good messages by up to 70%.

Published

2002