Today’s world of increasingly dynamic environments naturally results in more and more data being available as fast streams. Applications such as stock market analysis, environmental sensing, Web clicks, and intrusion detection are just a few of the examples where valuable data is streamed. Often, streaming information is offered on the basis of a nonexclusive, single-use customer license. One major concern, especially given the digital nature of the valuable stream, is the ability to easily record and potentially “replay†parts of it in the future. If there is value associated with such future replays, it could constitute enough incentive for a malicious customer (Mallory) to record and duplicate data segments, subsequently reselling them for profit. Being able to protect against such infringements becomes a necessity. In this work, we introduce the issue of rights protection for discrete streaming data through watermarking. This is a novel problem with many associated challenges including: operating in a finite window, single-pass, (possibly) high-speed streaming model, and surviving natural domain specific transforms and attacks (e.g., extreme sparse sampling and summarizations), while at the same time keeping data alterations within allowable bounds. We propose a solution and analyze its resilience to various types of attacks as well as some of the important expected domain-specific transforms, such as sampling and summarization. We implement a proof of concept software (wms.*) and perform experiments on real sensor data from the NASA Infrared Telescope Facility at the University of Hawaii, to assess encoding resilience levels in practice. Our solution proves to be well suited for this new domain. For example, we can recover an over 97 percent confidence watermark from a highly down-sampled (e.g., less than 8 percent) stream or survive stream summarization (e.g., 20 percent) and random alteration attacks with very high confidence levels, often above 99 percent.
Even though collaborative computing can yield substantial economic, social, and scientific benefits, a serious impediment to fully achieving that potential is a reluctance to share data, for fear of losing control over its subsequent dissemination and usage. An organization’s most valuable and useful data is often proprietary/ confidential, or the law may forbid its disclosure or regulate the form of that disclosure. We survey security technologies that mitigate this problem, and discuss research directions towards enforcing the data owner’s approved purposes on the data used in collaborative computing. These include techniques for cooperatively computing answers without revealing any private data, even though the computed answers depend on all the participants’ private data. They also include computational outsourcing, where computationally weak entities use computationally powerful entities to carry out intensive computing tasks without revealing to them either their inputs or the computed outputs.
The vast majority of the literature on watermarking has dealt with media such as images, video, and audio - all of which are ultimately destined for consumption by the human perceptual system. There has recently been growing interest in watermarking non-media such as relational data, software, natural language text, sensor streams, etc. The challenges posed by these new domains are quite different from the traditional ones. For example, some (like relational data and software) are destined for automated processing rather than for perception by a human. Others (like natural language text) are destined for human consumption, but by the cognitive rather than the perceptual system. Streaming data poses its own set of challenges. The talk will survey these areas, their problematics, the progress made, and the remaining challenges.
As society increasingly relies on computing and networks for commerce, government, social services, entertainment, and communication, it also becomes more vulnerable to accidents, disasters, criminal behavior, and malicious activity involving this crucial infrastructure. However, the current infrastructure was simply not designed for the kind of usage it is being put to today. An event that involves and/or affects the computing/communications infrastructure in an extreme way is uncomfortably likely. The recent outbreaks of denial-of-service attacks and computer viruses are, unfortunately, the tip of a very large iceberg that is still largely out of the public view: What could easily occur is orders of magnitude worse than what has occurred. Many events that routinely occur today could easily take on an “extreme” character in the future, but two prime candidates are financial fraud and accidental losses:
This paper concentrates on one technological aspect of providing communications security, firewall technology. It introduces a formalism called Hierarchical Colored Petri Nets (HCPN) in tutorial style. The main contribution of the paper is a description of how to model fire- wall systems using Hierarchical Colored Petri Nets. A byproduct of this approach is a novel way of modeling audit streams in distributed systems. HCPNs are well suited for modeling concurrent, distributed systems in which regulated flows of information are significant, such as firewall systems which enforce access control policies on network packets. The paper introduces the basics of this modeling technique. It demonstrates with several examples how firewalls can be modeled. It outlines how simulations of such models can facilitate testing, performance analysis, and interactive design exploration. Finally, the approach can serve as the basis for formal analysis techniques available through Applied Petri Net Theory.
The problem of key management in access hierarchies studies ways to assign keys to users and classes such that each user, after receiving her secret key(s), is able to independently compute access keys for (and thus obtain access to) the appropriate resources defined by the hierarchical structure. If user privi- leges additionally are time-based, the key(s) a user receives should permit access to the resources only at the appropriate times. This paper presents a new, prov- ably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic op- erations; and (iv) if the total number of time intervals in the system is n, then the server needs to maintain public storage larger than n by only a small asymptotic factor, e.g., O(log ∗ n log log n) with a small constant.
This paper studies the notion of point-based policies for trust management, and gives protocols for realizing them in a disclosure-minimizing fashion. Specifically, Bob values each credential with a certain number of points, and requires a minimum total threshold of points before granting Alice access to a resource. In turn, Alice values each of her credentials with a privacy score that indicates her reluctance to reveal that credential. Bob’s valuation of credentials and his threshold are private. Alice’s privacy-valuation of her credentials is also private. Alice wants to find a subset of her credentials that achieves Bob’s required threshold for access, yet is of as small a value to her as possible. We give protocols for computing such a subset of Alice’s credentials without revealing any of the two parties’ above-mentioned private information.