In this thesis we investigate applications of natural language processing (NLP) techniques to information security problems. We present our results in this direction for two important areas: password authentication, and information hiding in natural language text. We have limited this thesis to the realm of language engineering, i.e., our emphasis is on adapting the existing NLP techniques for our purposes, rather than in developing new NLP techniques. Our password mnemonics system helps users to remember random passwords, hence making it possible to implement organizational policies that mandate strong password choices by users. Moreover, in our system password changes do not necessitate a new mnemonic, thereby further easing the users’ task of memorizing their respective mnemonics. Our robust natural language text watermarking system can avoid the removal of the watermark text by an automated adversary, in the same way used by authentication systems to avoid an automated adversary’s compromise of the password string hidden within the password mnemonic. We have also laid the groundwork for followup research in this area.

  Contributing our own creativity (in the form of text, image, audio, and video) to the pool of online information is fast becoming an essential part of online experience. However, it is still an open question as to how we, as authors, can control the way that the information we create is distributed or re-used.
  Rights management problems are serious for text since it is particularly easy for other people to download and manipulate copyrighted text from the Internet and later re-use it free from control. There is a need for a rights protection system that “travels with the content”. Digital watermarking is a mechanism that embeds the copyright information in the document. besides traveling with the content of the documents, digital watermarks can also be imperceptible to the user, which makes the process of removing them from the document challenging.
  The goal of this thesis is to design practical and resilient natural language watermarking systems. I have designed and implemented several natural language watermarking algorithms that use the linguistic features of the cover text in order to embed information. Using linguistic features provides resilience through making the message an elemental part of the content of the text, and through the judicious use of ambiguity in the usage of natural language and richness of features of natural language constituents. In this thesis, I propose several practical and resilient natural language watermarking systems for a variety of genres of text (short, long, edited and cursory text) and analyze their resilience and feasibility.

Wireless mesh networks (WMNs) have emerged as a promising technology for providing low-cost community wireless services.  Despite recent advancement in securing wireless networks, the problem of secure group communication on wireless networks has received relatively little attention. Characteristics specific to WMNs, such as limited communication range and high link error rate, raise unique challenges in designing such protocols.

In this paper we focus on providing data confidentiality for group communications on WMNs.  First, we propose W-LKH, a protocol that combines centralized key management and reliable key delivery, to address the less robust communication present in wireless networks. Next, we introduce WSOM, a new protocol framework designed specifically for the WMNs to overcome the performance and security limitations of W-LKH. Simulation results show that all of the proposed protocols can provide good performance to the upper layer applications, while the WSOM protocols incur smaller overhead and are more responsive than W-LKH. Finally, we suggest the applicability of each of the proposed protocols under different application requirements.

Virtual coordinate system (VCS) based routing provides a practical, efficient and scalable means for point-to-point routing in wireless sensor networks.  Several VCS-based routing protocols have been proposed in the last few years, all assuming that nodes are cooperative. However, malicious nodes may violate this assumption, making VCS-based routing protocols vulnerable to numerous attacks. Thus, it is critical to provide security mechanisms for these protocols to ensure correct operations in adversarial deployment environments.
    In this work, we study the security of VCS-based routing protocols. We identify new attacks targeting the accuracy and stability of virtual coordinates that VCS-based routing relies on and propose several defense mechanisms against the identified attacks. We evaluate the impact of the attacks and the effectiveness of our defense mechanisms using a well-known VCS-based routing protocol, BVR.

The internet and related technologies have made multidomain collaborations a reality. Collaboration enables domains to effectively share resources; however it introduced several security challenges. Managing security in the absence of a central mediator is even more challenging. in this dissertation, we propose a distributed secure interoperability framework for mediator-free collaboration environments.

Losses due to information security breaches are notoriously difficult to measure. An event study of the effect of such breaches on financial performance found that they do not earn significantly negative abnormal returns. To verify whether this finding resulted from the aggregation of data across different characteristics (e.g., the nature of the breaches, the types of firms, the time periods of the study) the impact of each characteristic was analyzed. Again the results were not significantly negative. The study found that a negative bias followed the events of September 11, 2001. It also found that there was a difference in investor reactions to events during the dot-com era, when firms earned higher negative abnormal returns, and after the dot-com era. The implications are discussed.

Trust negotiation supports authentication and access control across multiple security domains by allowing parties to use non-forgeable digital credentials to establish trust. By their nature trust negotiation systems are used in environments that are not always reliable. In particular, it is important not only to protect negotiations against malicious attacks, but also against failures and crashes of the parties or of the communication means. To address the problem of failures and crashes, we propose an efficient and secure recovery mechanism. The mechanism includes two recovery protocols, one for each of the two main negotiation phases. In fact, because of the requirements that both services and credentials have to be protected on the basis of the associated disclosure policies, most approaches distinguish between a phase of disclosure policy evaluation from a phase devoted to actual credentials exchange. We prove that the protocols, besides being efficient, are secure with respect to integrity, and confidentiality and are idempotent. To the best of our knowledge, this is the first effort for achieving robustness and fault tolerance of trust negotiation systems.

In many business scenarios, record matching is performed across different data sources with the aim of identifying common information shared among these sources. However such need is often in contrast with privacy requirements concerning the data stored by the sources. In this paper, we propose a protocol for record matching that preserves privacy both at the data level and at the schema level. Specifically, if two sources need to identify their common data, by running the protocol they can compute the matching of their datasets without sharing their data in clear and only sharing the result of the matching.The protocol uses a third party, and maps records into a vector space in order to preserve their privacy. Experimental results show the efficiency of the matching protocol in terms of precision and recall as well as the good computational performance.

In a history-based trust-management system, users and service providers use information about past transactions to make trust-based decisions concerning current transactions. One category of such systems is represented by the reputation systems. However, despite the growing body of experience in building reputation systems, there are several limitations on how they are typically implemented. They often rely on scores that are evaluated by service providers and are often not reliable or well understood. We believe that reputation has to be based on objective and reliable information. In such context, transaction histories play an important role. In this paper, we present the VeryIDX system that implements an electronic receipt infrastructure and supports protocols to build and manage online transaction history of users. The receipt protocols are shown to have several essential security and privacy properties. We present a basic yet reasonably expressive language which provides service providers with a new way to establish trust based on users’ transaction history. We also describe the architecture and prototype implementation of VeryIDX, based on several important design considerations of a real-world e-commerce system infrastructure.

Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.

In a hierarchical access control system, users are partitioned into a number of classes—called security classes—which are organized in a hierarchy. Hierarchies arise in systems where some users have higher privileges than others and a security class inherits the privileges of its descendant classes. The problem of key assignment in such systems is how to assign cryptographic keys to users and resources to properly enforce access rights. Its crucial goal is efficiency: the number of keys a user obtains, computation a user performs, and amount of resources the server is required to maintain should be minimized.

In this work, we present a fully-dynamic and very efficient solution to the key assignment problem that is also provably secure for a strong notion of security. We then show how the model can be extended to time-based policies where users obtain access rights only for a specific duration of time, and subsequently present our time-based key assignment solution. Finally, we explain how similar techniques can be used to efficiently enforce access control policies in geo-spatial systems and describe our construction for such systems as well.

    The use of finite fields of low characteristic can make the implementation of elliptic curve cryptography more efficient. There are two approaches to lower the characteristic of the finite field in ECC while maintaining the same security level: Elliptic curves over a finite field extension and hyperelliptic curves over a finite field. This thesis solves some problems in both approaches.
  The group orders of elliptic curves over finite field extensions are described as polynomials. The irreducibility of these polynomials is proved, and hence the primality of the group orders can be studied.          Asymptotic formulas for the number of traces of elliptic curves over field extensions with almost prime orders are given and a proof based on Bateman-Horn