Many media watermarking techniques require the use of a secret key to detect/decode the watermark in/from the marked object. Court proofs of ownership are strongly related to the ability of the rights holder (i.e. Alice) to convince a judge (i.e. Jared) or a jury of the safety of the encoding/decoding key in the frame of the considered watermarking algorithm.
  Multimedia Watermarking algorithms operate often in high bandwidth, noisy domains, that empower defendant (i.e. evil Mallory) court time claims of exhaustive key-space searches for matching keys. In other words, Mallory’s position claims that Alice cannot prove her associated rights over the disputed content as the actual data domain in case allowed her to “try” different keys until one of them made the watermark magically “appear” in the (allegedly) un-marked object.
  Watermarking algorithms in general and in the media framework in particular, would thus benefit from an intrinsic component of the security assessment step, namely a solution offering the ability to fight exactly such claims.
  One mechanism for securing this ability is to precommit to the watermarking key, at any time {\em before} watermark embedding. Precommitting to secrets in the framework of watermarking presents a whole new set of challenges, derived from the particularities of the domain.
  The main contribution of this paper is to define the main problem behind it and offer a solution to key precommitment in watermarking, solution augmented by a practical, illustrative example of an actual key precommitment method.
  Given any watermarking scheme our solution increases its ability to “convince” that the associated watermark is not embedded through some post-facto matching key choice (or even fortuitously), and was in fact deliberately inserted.
  In some sense we are providing a mechanism for the “amplification of convinceability” of any watermarking algorithm. That is, if the watermarked object makes it to court then its watermark proof is dramatically more convincing, and in particular immune to claims of matching key searches.

Thus, we introduce the main motivation behind precommitment to keys in the process of watermarking and present an algorithm for key precommitment, analyzing its integration as part of any existing watermarking application.
  Our solution, while relying on new (e.g. tolerant hashing) and existing concepts (e.g. key-space size reduction, watermark randomization) ties them together to produce a drastic (i.e. to virtually 0) reduction of the probability of success in the case of random key-space searches for matching keys, thus making a convincing counter-point to claims as the one above.
  We analyze trade-offs and present some alternative ideas for key precommitment. We discuss properties of the presented scheme as well as some other envisioned solutions.

It is desirable to hold network attackers accountable for their actions in both criminal investigatoins and information warfare situations.  Currently, attackers are able to hide their location effectively by creating a chain of connections through a series of hosts.  This method is effective because current host audit systems do not maintain enough information to allow association of incoming and outgoing network connections.  In this paper, we introduce an inexpensive method that allows both on-line and forensic matching of incoming and outgoing network traffic.  Our methd associates origin information with each process in the system process table, and enhances the audit information by logging the origin and destination of network sockets.  We present implementation results and show that our methos can effecively record origin information abou the common cases of stepping stone connections and denial of service zombies, and describe the limitations of our approach.

As e-commerce and virtual communities fundamentally change the way Americans do business and build relationships, how can people be assured of safety in unfamiliar cyberspaces? This essay focuses on online auction site eBay to understand how eBay has successfully attracted millions of users in spite of perceived risks and uncertainties. It argues that eBay is, in fact, a community (of commerce), and that the rhetorical construction of “community” on the site provides a foundation for trust between users. Based on trust theory, this essay isolates eBay’s “community trust” model as consisting of seven elements that work together to give users reasons to trust and to be trustworthy. Finally, the essay examines recent changes to eBay’s system, suggesting that so-called improvements for control might actually weaken the “community trust” system already in place—a warning to other sites that might imitate eBay’s community approach.

Network Intrusion Detection Systems today are used to detect when the network they are defending is being attacked from the outside.  Consequently, IDSs primarily watch traffic coming into the protected network.  This paper reverses this paradigm and explores the implications of monitoring traffic that is leaving the network; thus detecting when the protected network is being used to launch or relay attacks.  While the infrastructure and mechanics of this type of monitoring are similar to those used in existing intrusion detection techniques, there are a number of benefits and advantages.  The benefits include increasing the overall safety of the network, policy enforcement, and limiting liability.  Outbound monitoring also has an advantage in that certain attacks can be detected that are otherwise undetectable when entering the targeted network.  Further, there is also greater reactive power, both manual and automated, to a detected attack.  This paper examines these issues and others to conclude that outbound misuse detection should be a fundamental component of a network security infrastructure.

Many emerging applications (e.g., teleconference, real-time information services, pay per view, distrubuted interactive simulation, and collaborative work) are based upon a group communications model, i.e., they require packet delivery from one or more authorized senders to a very large number of authorized receivers.  As a result, securing group communications (i.e., providing confidentiality, integrity, and authenticity of messages delivered between group members) will become a critical networking issue. In this paper, we present a novel solution to the scalability problem of group/multicast key management.  We formalize the notion of a secure group as a triple (U, K, R) where U denotes a set of users, K a set pf keys held the users, and R a user-key relation.  We then introduce key graphs to specify secure groups.  For a special class of key graphs, we present three strategies for securely distributing rekey messages after a join/leave, and specify protocols for joining and leaving a secure group.  The rekeying strategies and join/leave protocols are implemented in a prototype group key server we have built.  We present measurement results from experiments and discuss performance comparisons.  We show that our groujp key management service, using any of the three rekeying strategies, is scalable to large groups with frequent joins and leaves.  In particular, the average measured processing time per join /leave increases linearly with the logarithm of group size.

The 4.2 Berkeley Software Distribution of the Unix operating system (4.2BSD for short) features an extensive body of software based on the TCP/IP family of protocols.  In particular, each 4.2BSD system trusts some set of other systems, allowing users logged into trusted systems to execute commands via a TCP/IP network without supplying a password.  These notes describe how the design of TCP/IP and the 4.2BSD implementation allow users on untrusted and possibly very distant hosts to masquerade as users on trusted hosts.  Bell Labs has a growing TCP/IP network connecting machines with varying security needs; perhaps steps should be taken to reduce their vulnerability to each other.

An artificial immune system is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and adaptation and slef-monitoring….

Automated intrusion response is an important unsolved problem in computer security.  A system called pH (for process homeostasis) is described which can successfully detect and stop intrusions before the target system is compromised….

AAFID is a distributed intrusion detection architecture and system, developed in CERIAS at Purdue University.  AAFID was the first architecture that proposed the use of autonomous agents for doing intrusion detection…...

State politico-military are re-evaluating definitions of state security and threats posed to it by the Internet.  Numerous initiatives have been undertaken at state-level to attempt to limit the possible consequences of information warfare….

Computer network attacks are a relatively recent phenomenon.  CNA have been tentatively described as operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves…..

The Internet has brought with it a whole revolution and new challenges that were previously unanticipated.  Countries, both small and large, face a myriad of challenges in teh legal, policy, and technical realms….

Critical infrastructure protection is not only a national problem but, because so many parts of the infrastructure are connected, it’s also a global one and international fora such as this will go a long way, we believe, in helping us deal with this significant challenge…