ebook img

Communications and Multimedia Security: 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Sept. 15–18, 2004, Windermere, The Lake District, United Kingdom PDF

285 Pages·2005·4.387 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Communications and Multimedia Security: 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Sept. 15–18, 2004, Windermere, The Lake District, United Kingdom

COMMUNICATIONS AND MULTIMEDIA SECURITY IFIP - The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress held in Paris the previous year. An umbrella organization for societies working in information processing, IFIP's aim is two-fold: to support information processing within its member countries and to encourage technology transfer to developing nations. As its mission statement clearly states, IFIP's mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of information technology for the benefit of all people. IFIP is a non-profitmaking organization, run almost solely by 2500 volunteers. It operates through a number of technical committees, which organize events and publications. IFIP's events range from an international congress to local seminars, but the most important are: • The IFIP World Computer Congress, held every second year; • Open conferences; • Working conferences. The flagship event is the IFIP World Computer Congress, at which both invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejection rate is high. As with the Congress, participation in the open conferences is open to all and papers may be invited or submitted. Again, submitted papers are stringently refereed. The working conferences are structured differently. They are usually run by a working group and attendance is small and by invitation only. Their purpose is to create an atmosphere conducive to innovation and development. Refereeing is less rigorous and papers are subjected to extensive group discussion. Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of selected and edited papers. Any national society whose primary activity is in information may apply to become a full member of IFIP, although full membership is restricted to one society per country. Full members are entitled to vote at the annual General Assembly, National societies preferring a less committed involvement may apply for associate or corresponding membership. Associate members enjoy the same benefits as full members, but without voting rights. Corresponding members are not represented in IFIP bodies. Affiliated membership is open to non-national societies, and individual and honorary membership schemes are also offered. COMMUNICATIONS AND MULTIMEDIA SECURITY 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Sept 15-18, 2004, Windermere, The Lake District, United Kingdom Edited by David Chadwick University of Sal ford UK Bart Preneel Katholieke Universiteit Leuven Belgium 4y Springer Library of Congress Cataloging-in-Publication Data A C.I.P. Catalogue record for this book is available from the Library of Congress. Communications and Multimedia Security! Edited by David Chadwick, Bart Preneel p.cm. (The International Federation for Information Processing) ISBN: (HB) 0-387-24485-9 / (eBOOK) 0-387-24486-7 Printed on acid- free paper. Copyright © 2005 by International Federation for Information Processing. All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher [Springer Science+Business Media, Inc., 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if the are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed in the United States of America. 9 8 7 6 5 4 3 2 1 SPIN 11382324 (HC) / 11383185 (eBook) springeronline.com Contents Preface ix Conference Program Committee xi Conference Organising Committee xiii Part I Privacy/Anonymity DUO-Onions and Hydra-Onions - Failure and Adversary Resistant Onion Protocols 1 Jan Iwanik, Marek Klonowski, and Miroslaw Kutylowski Personal Attributes and Privacy - How to Ensure that Private Attribute Management is not Subverted by Datamining 17 Howard Chivers Part II Mobile Security 1 Local Management of Credits and Debits in Mobile Ad Hoc Networks 31 Fabio Martinelli, Marinella Petrocchi, and Anna Vaccarelli How Secure are Current Mobile Operating Systems? 47 Heiko Rossnagel and Tobias Murmann An Overview of Security Issues and Techniques in Mobile Agents 59 Mousa Alfalayleh and Ljiljana Brankovic Part III Mobile Security 2 A Secure Channel Protocol for Multi-application Smart Cards Based on Public Key Cryptography 79 Konstantinos Markantonakis and Keith Mayes Mobile Trust Negotiation 97 Timothy W van der Horst, Tore Sundelin, Kent E. Seamons, and Charles D. Knutson Weak Context Establishment Procedure for Mobility and Multi-Homing Management 111 Vesa Torvinen and Jukka Ylitalo vi CONFERENCE ON COMMUNICATIONS AND MULTIMEDIA SECURITY Part IV Security in Microsoft .Net A Generic Architecture for Web Applications to Support Threat Analysis of Infrastructural Components 125 Lieven Desmet, Bart Jacobs, Frank Piessens, and Wouter Joosen Threat Modelling for Web Services Based Web Applications 131 Lieven Desmet, Bart Jacobs, Frank Piessens, and Wouter Joosen Threat Modelling For ASP.NET 145 Rildiger Grimm and Henrik Eichstadt Threat Modelling for SQL Servers 159 E.Bertino, D.Bruschi, S.Franzoni, I.Nai-Fovino, and S.Valtolina Threat Modelling for Active Directory 173 David Chadwick Threat Modelling for Security Tokens in Web Applications 183 Danny De Cock, Karel Wouters, Dries Schellekens, Dave Singelee, and Bart Preneel Part V Cryptography Analysis of the DVB Common Scrambling Algorithm 195 Ralf-Philipp Weinmann and Kai Wirt An Extension of Typed MSR for Specifying Esoteric Protocols and their Dolev-Yao Intruder 209 Theodoros Balopoulos, Stephanos Gritzalis and Sohratis K. Katsikas Part VI Multimedia Security Robust Visual Hashing Using JPEG2000 223 Roland Norcen and Andreas Uhl A System For End-To-End Authentication Of Adaptive Multimedia Content 237 Takashi Suzuki, Zulfikar Ramzan, Hiroshi Fujimoto, Craig Gentry, Takehiro Nakayama and Ravi Jain Part VII Application Level Security Using SAML To Link The Globus Toolkit To The PERMIS Authorisation Infrastructure 251 David Chadwick, Sassa Otenko, Von Welch Secure Role Based Messaging 263 David Chadwick, Graeme Lunt, and Gansen Zhao Five Non-Technical Pillars of Network Information Security Management 277 E. Kritzinger and S.H von Solms Contents vii Author Index 289 Preface This book contains the papers presented at the Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, held in Win- dermere, The Lake District, UK, on 15-18 September 2004. This was a work- ing conference that facilitated lively debate and discussions between the par- ticipants and presenters. Thirty three papers were submitted with one being withdrawn prior to review. The reviews were conducted by an international program committee with acknowledged expertise in communications and mul- timedia security, many being well known authors of books, papers and Internet RFCs. They were aided by a small group of external volunteer reviewers. As a result, eighteen papers were shortlisted and fifteen were presented. In addition, there was a keynote speech and a Panel Session. The keynote speech was given by Karl-Heinz Brandenburg, the inventor of MP3, who talked about issues in Digital Rights Management. The Panel Session addressed security in the Microsoft .Net architecture, and the threats that builders of web services applications need to be aware of. The Panel Session consisted of six short papers followed by a question and answer session. The papers were a result of research sponsored by Microsoft at five European University research centres, and the authors presented the results of their findings. This session provoked a very lively discussion. Holding a successful working conference requires the hard work of many. The conference was organised by a group of staff and research students from the University of Salford. The editors would like to thank the authors for their submitted papers, the program committee and external reviewers for their con- scientious efforts during the review process, the organising committee for their tireless efforts to ensure the smooth running of the conference, and the Beech Hill Hotel, Windermere, for their helpful service in providing the conference facilities and the wonderful food which was some of the most delicious we have tasted at a conference. Conference Program Committee Program Chair David Chadwick, University of Salford Program Committee Jean Bacon, University of Cambridge, UK Steve Bellovin, AT&T Research, USA Elisa Bertino, CERIAS, Purdue University, USA Howard Chivers, University of York, UK Stephen Farrell, Trinity College Dublin, Ireland Russ Housley, Vigil Security, USA Stephen Kent, BBN Technologies, USA Herbert Leitold, TU Graz, Austria Javier Lopez, University of Malaga, Spain Chris Mitchell, Royal Holloway, University of London, UK Ken Moody, University of Cambridge, UK Sead Muftic, Stockholm University, Sweden Sassa Otenko, University of Salford, UK Giinther Pernul, University of Regensburg. Germany Bart Preneel, Katholieke Universiteit Leuven, Belgium Sihan Qing, Chinese Academy of Sciences, China Pierangela Samarati, University of Milan, Italy Wolfgang Schneider, Fraunhofer SIT, Germany Frank Siebenlist, Argonne National Laboratory, USA Leon Strous, Chairman of TCI 1, De Nederlandsche Bank, Netherlands Mary Thompson, Lawrence Berkeley Laboratory, USA Von Welch, National Center for Supercomputing Applications, USA xii CONFERENCE ON COMMUNICATIONS AND MULTIMEDIA SECURITY External Reviewers Ji Qingguang Linying Su Torsten Priebe Bjoern Muschall Christian Schlaeger Alex Biryukov Christope De Canniere

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.