This dissertation investigates two research problems to protect wireless network topology and routing: (1) designing protocols with configurable overhead to defend against wormhole attacks; (2) designing an intruder identification mechanism to locate and isolate the malicious nodes in distance vector routing protocols. Previous approaches for wormhole detection in ad hoc networks assume a relationship of trust between direct neighbors and cannot detect wormholes when the attackers are legal members in the network. As a generic approach, an end-to-end mechanismis proposed that assumes trust only between the source and the destination of a route. It integrates the positions of nodes and loosely synchronized clocks to identify fake neighbor connections. An information management scheme is designed to allow a mobile node to predetermine the resources that are consumed on wormhole detection. In our experiments, the computation overhead is less than 0.28% of the CPU time for a ten-hop route. This justifies the feasibility of the proposed mechanism. For wormhole detection in sensor networks, we propose the first group of approaches that do not depend on any special hardware. A normalized variable wormhole indicator is defined based on the distortions in edge length and angles among neighboring sensors. As a centralized approach, MDS-VOW reconstructs the network layout using inaccurate distance measurements among sensors and identifies fake neighbor connections. As a distributed approach, Dis-VoW allows every sensor to detect wormholes locally when the network topology changes. The research creates a new method to solve wireless network security problems by integrating techniques from social science, computer graphics, and scientific visualization. An intruder identification mechanism is designed to locate and isolate malicious nodes that attack the AODV protocol with false destination sequence numbers. The propagation paths of false routes are marked through reverse labeling and the suspicious attackers are put into blacklists to achieve isolation. The quorum voting method is adopted to reduce false positive alarms. In our experiments, the proposed mechanism can improve the packet delivery ratio by 30% even when there are multiple malicious nodes in the network.

An essential component of effective use of distributed systems is proper task placement, or scheduling. To produce high-quality schedules, scheduling algorithms require underlying support mechanisms that provide information describing the distributed system. The work presented here makes a clear distinction between scheduling policies and the underlying mechanism, and focuses on the problem of providing general purpose mechanisms that facilitate a broad spectrum of task placement algorithms. This dissertation proposes a model for distributed scheduling support mechanisms. This model includes scalable and extensible mechanisms that support the efficient implementation of scheduling policies on distributed systems, while preserving the autonomy of the component systems. The mechanisms include provably correct information exchange protocols for system state dissemination in distributed systems. MESSIAHS is a prototype implementation of these mechanisms, including a scheduling module that implements the basic mechanism, as well as a library of function calls and a specialized programming language for writing distributed schedulers. As a demonstration of the utility of the prototype, several algorithms from the literature are implemented and their performance is analyzed. The experimental results show average overhead of approximately 10% using MESSIAHS, measured against a theoretical ideal running time. The results indicate that it is possible to build scalable, general-purpose mechanisms that support a variety of task placement algorithms while preserving autonomy.

Data mining can extract important knowledge from large data collections, but sometimes these collections are split among various parties. Data warehousing, bringing data from multiple sources under a single authority, increases risk of privacy violations. Furthermore, privacy concerns may prevent the parties from directly sharing even some meta-data. Distributed data mining and processing provide a means to address this issue, particularly if queries are processed in a way that avoids the disclosure of any information beyond the final result. This thesis presents methods to mine horizontally partitioned data without violating privacy and shows how to use the data mining results in a privacy-preserving way. The methods incorporate cryptographic techniques to minimize the information shared, while adding as little as possible overhead to the mining and processing task.

Fueled by the exponential growth in the number of people with access to the Internet, electronic-commerce (e-commerce) transactions via the Internet have become a major part of our economy. For a wider range of e-commerce applications to take advantage of the untapped business potential of the Internet, some challenging and interesting security problems need to be solved. In this thesis, we study two such problems, and provide efficient solutions for both. In the foreseeable future, some e-commerce vendors will generate revenue by providing digital streaming applications such as information broadcasts (e.g., stock quotes). For the first issue, we investigate the problem of authenticating packet streams in multicast or broadcast networks. Our approach is to encode the hash values and digital signatures with Rabin’s Information Dispersal Algorithm (IDA) to construct an authentication scheme that amortizes a single signature operation over multiple packets. This strategy is especially efficient in terms of space overhead because just the essential elements needed for authentication (i.e., one hash per packet and one signature per group of packets) are used in conjunction with an erasure code that is space optimal. We evaluate the performance of our scheme using both analytical and empirical results. Applications such as e-commerce payment protocols using electronic money require that fair exchange be assured. For the second issue, we investigate the problem of constructing fair-exchange protocols. Our approach uses a novel signature paradigm-the gradational signature scheme-to construct protocols that are efficient and scalable. Unlike previous approaches, our scheme does not employ any costly zero-knowledge proof systems in the exchange protocol. Use of zero-knowledge proofs is needed only in the protocol setup phase-this is a one-time cost. The resulting exchange protocol is more e

Most past and present intrusion detection systems architectures assume a uni-processor environment or do not explicitly make use of multiple processors when they exist.  Yet, especially in the server world, multiple processor machines are commonplace; and with the advent of technologies such as Intel and AMD’s multi-core or Hyperthreading technologies, commodity computers are likely to have multiple processors.

This research explores how explicitly dividing the system into production and security components and running the components in parallel on different processors can improve the effectiveness of the security system. The production component contains all user tasks and most of the operating system while the security component contains security monitoring and validating tasks and the parts of the O/S that pertain to security.  We demonstrate that under some circumstances this architecture allows intrusion detection systems to use monitoring models with higher fidelity, particularly with regard to the timeliness of detection, and will also increase system robustness in the face of some types of attacks.

Empirical results with a prototype co-processing intrusion detection system (CuPIDS) architecture support the feasibility of this approach. The construction of the prototype allowed us to demonstrate the implementation costs of the architecture are reasonable. Experimentation using fine-grained protection of real-world applications resulted in about a fifteen percent slowdown while demonstrating CuPIDS’ ability to quickly detect and respond to illegitimate behavior.

There has been an increasing interest in the deployment of Public Key Infrastructures, the past few years. Security issues emerge from the operation of Certification Authorities, as well as the operation of other PKI ‑ related security service providers. Most of them have been addressed and efficient solutions have been found. One of the areas which has to be studied further is the generation and dissemination of information regarding the status of a digital certificate.

In this dissertation, we present a set of evaluation criteria for mechanisms that are used to generate and disseminate Certificate Status Information (CSI). We evaluate the proposed CSI mechanisms according to the aforementioned criteria, and identify the security and performance issues that emerge from their use.

Finally, we develop a prototype specification for a CSI dissemination mechanism, which we call Alternative Dissemination of Certificate Status Information (ADOCSI). This mechanism uses the functionality offered by Software Agents in order to disseminate CSI, and also uses some of the properties and functionality offered by the other CSI mechanisms. We believe that ADOCSI addresses some of the issues that emerge from the use of the other Certificate Status Information dissemination mechanisms.

We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication. This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security.

We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted ``honest-yet curious” service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

Most organizations today require the verification of personal information pertaining to users in order to provide service to users. Privacy of such information is of growing concern and because organizations often ask for similar information, this process can also be redundant and inefficient. Recent proposals dealing with federated identity management have the potential to alleviate such problems. A federation is a set of organizations that establish mutual trust with each other. This allows them to share client information whenever possible depending on their service disclosure policies and user privacy preferences. This paper addresses such problem by integrating federated identity management with trust negotiation techniques. We focus on a trust negotiation approach suitable for federated environments. Our federated trust negotiation approach relies on the use of special-purpose tickets, that is, signed assertions that are released by the federation members to users upon successful negotiations. The main advantage of such integration is that if a user has already successfully negotiated with a member of the federation, subsequent negotiations with other federation members may require a reduced number of interactions between the client and the service provider.

The CuPIDS project is an exploration of increasing information system security by dedicating computational resources to system security tasks in a shared resource, multi-processor (MP) architecture. Our research explores ways in which this architecture offers improvements over the traditional uni-processor (UP) model of security. There are a number of areas to explore, one of which has a protected application running on one processor in a symmetric multiprocessing (SMP) system while a shadow process specific to that application runs on a different processor, monitoring its activity, ready to respond immediately if the application veers off course. This paper describes initial work into defining such an architecture and the prototype work done to validate our ideas.

Location-based services, such as finding the nearest gas station, require users to supply their location information. However, a user

The current paper extends and matures the earlier taxonomy framework of the author (Rogers, 1999), and provides a preliminary two dimensional classification model. While there is no one generic profile of a hacker, studies indicate that there are at least eight primary classification variables: Novices (NV), Cyber-Punks (CP), Internals (IN), Petty Thieves (PT), Virus Writers (VW), Old Guard hackers (OG), Professional Criminals (PC), and Information Warriors (IW), and 2 principal components, skill and motivation. Due to the complex nature and interactions of these variables and principal components, the traditional one-dimensional continuum is inadequate for model testing. A modified circular order circumplex is presented as a better method for developing a preliminary hacker taxonomy. The paper discusses the importance of developing a meaningful understanding of the hacker community and the various sub-groups. Directions for future research are also discussed.

Current mechanisms for distributed access management are limited in their capabilities to provide federated information sharing while ensuring adequate levels of resource protection. This work presents a policy-based framework designed to address these limitations for access management in federated systems. In particular, it supports: (i) decentralized administration while preserving local autonomy, (ii) fine-grained access control while avoiding rule-explosion in the policy,(iii) credential federation through the use of interoperable protocols, (iv) specification and enforcement of semantic and contextual constraints, and (v) usage control in resource provisioning through effective session management. The paper highlights the significance of our policy-based approach in comparison with related mechanisms. It also presents a system architecture of our implementation prototype.

This paper investigates the possibilities of steganographically embedding information in the “noise” created by automatic translation of natural language documents.  Because the inherent redundancy of natural language creates plenty of room for variation in translation, machine translation is ideal for steganographic applications. Also, because there are frequent errors in legitimate automatic text translations, additional errors inserted by an information hiding mechanism are plausibly undetectable and would appear to be part of the normal noise associated with translation.  Significantly, it should be extremely difficult for an adversary to determine if inaccuracies in the translation are caused by the use of steganography or by deficiencies of the translation software.