The Experts below are selected from a list of 318 Experts worldwide ranked by ideXlab platform
Marcel Waldvogel - One of the best experts on this subject based on the ideXlab platform.
-
ACSAC - GOSSIB vs. IP traceback rumors
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: Marcel WaldvogelAbstract:To identify sources of distributed denial-of-service Attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. We introduce a new concept, namely Groups Of Strongly SImilar Birthdays (GOSSIB), that can be used by to obtain effects similar to a successful Birthday Attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. (2000). We analyze the effects of an Attacker using GOSSIB against CEFS and show that the Attacker can seed misinformation much more efficiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effectively useless. It can be expected that GOSSIB has similar effects on other PPM traceback schemes and that standard modifications to the systems will not solve the problem.
-
GOSSIB vs. IP traceback rumors
Proceedings - Annual Computer Security Applications Conference ACSAC, 2002Co-Authors: Marcel WaldvogelAbstract:To identify sources of distributed denial-of-service Attacks, path\ntraceback mechanisms have been proposed. Traceback mechanisms relying on\nprobabilistic packet marking (PPM) have received most attention, as they\nare easy to Implement and deploy incrementally. In this paper, we\nintroduce a new concept, namely Groups Of Strongly Similar Birthdays\n(GOSSIB(1)), that can be used by to obtain effects similar to a\nsuccessful Birthday Attack on PPM schemes. The original and most widely\nknown IP traceback mechanism, compressed edge fragment sampling (CEFS),\nwas developed by Savage et al. {[}SWKA00]. We analyze the effects of an\nAttacker using GOSSIB against CEFS and show that the Attacker can seed\nmisinformation much more efficiently than the network is able to\ncontribute real traceback information. Thus, GOSSIB will render PPM\neffectively useless. It can be expected that GOSSIB has similar effects\non other PPM traceback schemes and that standard modifications to the\nsystems will not solve the problem.
-
GOSSIB vs. IP traceback rumors
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: Marcel WaldvogelAbstract:To identify sources of distributed denial-of-service Attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. We introduce a new concept, namely Groups Of Strongly SImilar Birthdays (GOSSIB), that can be used by to obtain effects similar to a successful Birthday Attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. (2000). We analyze the effects of an Attacker using GOSSIB against CEFS and show that the Attacker can seed misinformation much more efficiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effectively useless. It can be expected that GOSSIB has similar effects on other PPM traceback schemes and that standard modifications to the systems will not solve the problem.
Haila Wang - One of the best experts on this subject based on the ideXlab platform.
-
Hash function based on chaotic neural networks
2006 IEEE International Symposium on Circuits and Systems, 2006Co-Authors: Shiguo Lian, Haila WangAbstract:Chaos and neural networks have both been used in data encryption because of their cipher-suitable properties, such as parameter-sensitivity, time-varying, random-similarity, etc. Based on chaotic neural networks, a hash function is constructed, which makes use of neural networks' diffusion property and chaos' confusion property. This function encodes the plaintext of arbitrary length into the hash value of fixed length (typically, 128-bit, 256-bit or 512-bit). Its security against statistical Attack, Birthday Attack and meet-in-the-middle Attack is analyzed in detail. Its properties make it a suitable choice for data authentication
-
ISCAS - Hash function based on chaotic neural networks
2006 IEEE International Symposium on Circuits and Systems, 2006Co-Authors: Shiguo Lian, Haila WangAbstract:Chaos and neural networks have both been used in data encryption because of their cipher-suitable properties, such as parameter-sensitivity, time-varying, random-similarity, etc. Based on chaotic neural networks, a hash function is constructed, which makes use of neural networks' diffusion property and chaos' confusion property. This function encodes the plaintext of arbitrary length into the hash value of fixed length (typically, 128-bit, 256-bit or 512-bit). Its security against statistical Attack, Birthday Attack and meet-in-the-middle Attack is analyzed in detail. Its properties make it a suitable choice for data authentication.
Salim Hariri - One of the best experts on this subject based on the ideXlab platform.
-
ICCAC - DNS-IDS: Securing DNS in the Cloud Era
2015 International Conference on Cloud and Autonomic Computing, 2015Co-Authors: Pratik Satam, Hamid Alipour, Youssif Al-nashif, Salim HaririAbstract:Recently, there has been a rapid growth in cloud computing due to their ability to offer computing and storage on demand, its elasticity, and significant reduction in operational costs. However, cloud security is a grand obstacle for full deployment and utilization of cloud services. In this paper, we address the security of the DNS protocol that is widely used to translate the cloud domain names to correct IP addresses. The DNS protocol is prone to Attacks like cache poisoning Attacks and DNS hijacking Attacks that can lead to compromising user's cloud accounts and stored information. We present an anomaly based Intrusion Detection System (IDS) for the DNS protocol (DNS-IDS) that models the normal operations of the DNS protocol and accurately detects any abnormal behavior or exploitation of the protocol. The DNS-IDS system operates in two phases, the training phase and the operational phase. In the training phase, we model the normal behavior of the DNS protocol as a finite state machine and we derive the normal temporal statistics of how normal DNS traffic transition within that state machine and store them in a database. To bound the normal event space, we also apply few known DNS Attacks (e.g. Cache poisoning) and store the temporal statistics of the abnormal DNS traffic transition in a separate database. Then we develop an anomaly metric for the DNS protocol that is a function of the temporal statistics for both the normal and abnormal transitions of the DNS by applying classification algorithms like the Bagging algorithm. During the operational phase, the anomaly metric is used to detect DNS Attacks (both known and novel Attacks). We have evaluated our approach against a wide range of DNS Attacks (DNS hijacking, Kaminsky Attack, amplification Attack, Birthday Attack, DNS Rebinding Attack). Our results show Attack detection rate of 97% with very low false positive alarm rate (0.01397%), and round 3% false negatives.
-
DNS-IDS: Securing DNS in the Cloud Era
2015 International Conference on Cloud and Autonomic Computing, 2015Co-Authors: Pratik Satam, Hamid Alipour, Youssif Al-nashif, Salim HaririAbstract:Recently, there has been a rapid growth in cloud computing due to their ability to offer computing and storage on demand, its elasticity, and significant reduction in operational costs. However, cloud security is a grand obstacle for full deployment and utilization of cloud services. In this paper, we address the security of the DNS protocol that is widely used to translate the cloud domain names to correct IP addresses. The DNS protocol is prone to Attacks like cache poisoning Attacks and DNS hijacking Attacks that can lead to compromising user's cloud accounts and stored information. We present an anomaly based Intrusion Detection System (IDS) for the DNS protocol (DNS-IDS) that models the normal operations of the DNS protocol and accurately detects any abnormal behavior or exploitation of the protocol. The DNS-IDS system operates in two phases, the training phase and the operational phase. In the training phase, we model the normal behavior of the DNS protocol as a finite state machine and we derive the normal temporal statistics of how normal DNS traffic transition within that state machine and store them in a database. To bound the normal event space, we also apply few known DNS Attacks (e.g. Cache poisoning) and store the temporal statistics of the abnormal DNS traffic transition in a separate database. Then we develop an anomaly metric for the DNS protocol that is a function of the temporal statistics for both the normal and abnormal transitions of the DNS by applying classification algorithms like the Bagging algorithm. During the operational phase, the anomaly metric is used to detect DNS Attacks (both known and novel Attacks). We have evaluated our approach against a wide range of DNS Attacks (DNS hijacking, Kaminsky Attack, amplification Attack, Birthday Attack, DNS Rebinding Attack). Our results show Attack detection rate of 97% with very low false positive alarm rate (0.01397%), and round 3% false negatives.
V. Rijmen - One of the best experts on this subject based on the ideXlab platform.
-
Producing Collisions for PANAMA
Lecture Notes in Computer Science, 2020Co-Authors: V. Rijmen, Bart Preneel, Bart Van Rompay, Joos VandewalleAbstract:PANAMA is a cryptographic module that was presented at the FSE Workshop in '98 by Joan Daemen and Craig Clapp. It can serve both as a stream cipher and as a cryptographic hash function, with a hash result of 256 bits. PANAMA achieves high performance (for large amounts of data) because of its inherent parallelism. We will analyse the security of PANAMA when used as a hash function, and demonstrate an Attack able to find collisions much faster than by Birthday Attack. The computational complexity of our current Attack is 2 82 ; the required amount of memory is negligible.
-
FSE - Producing Collisions for PANAMA
Fast Software Encryption, 2002Co-Authors: V. Rijmen, Bart Preneel, Bart Van Rompay, Joos VandewalleAbstract:PANAMA is a cryptographic module that was presented at the FSE Workshop in '98 by Joan Daemen and Craig Clapp. It can serve both as a stream cipher and as a cryptographic hash function, with a hash result of 256 bits. PANAMA achieves high performance (for large amounts of data) because of its inherent parallelism. We will analyse the security of PANAMA when used as a hash function, and demonstrate an Attack able to find collisions much faster than by Birthday Attack. The computational complexity of our current Attack is 282 the required amount of memory is negligible.
-
Toward secure public-key blockwise fragile authentication watermarking
IEE Proceedings - Vision Image and Signal Processing, 2002Co-Authors: P.s.l.m. Barreto, V. RijmenAbstract:The authors describe some weaknesses of public-key blockwise fragile authentication watermarkings and the means to make them secure. Wong's (1997) original algorithm as well as a number of its variant techniques are not secure against a mere block cut-and-paste or the well known Birthday Attack. To make them secure, some schemes have been proposed to make the signature of each block depend on the contents of its neighbouring blocks. The authors attempt to maximise the change localisation resolution using only one dependency per block with a scheme they call hash block chaining version 1 (HBC1). They then show that HBC1, as well as any neighbour content-dependent scheme, are susceptible to another forgery technique that they have named a transplantation Attack. They also show a new kind of Birthday Attack that can be effectively mounted against HBC1. To thwart these Attacks, they propose using a nondeterministic digital signature together with a signature-dependent scheme (HBC2). Finally, they discuss the advantages of using discrete logarithm signatures instead of RSA for watermarking.
-
ICIP (2) - Toward a secure public-key blockwise fragile authentication watermarking
Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205), 2001Co-Authors: P.s.l.m. Barreto, V. RijmenAbstract:In this paper, we describe some weaknesses of public-key blockwise fragile authentication watermarkings and the means to make them secure. Wong's (1998) original algorithm is not secure against a mere block cut-and-paste or the well-known Birthday Attack. To make it secure, some schemes have been proposed to make the signature of each block depend on the contents of its neighboring blocks. We attempt to maximize the change localization resolution using only one dependency per block with a scheme we call hash block chaining version 1 (HBC1). We then show that HBC1, as well as any neighbor-dependent scheme, are susceptible to another forgery technique that we have named a transplantation Attack. We also show a new kind of Birthday Attack that can be effectively mounted against HBC1. To thwart these Attacks, we propose using a nondeterministic digital signature together with a signature dependent scheme (HBC2). Finally, we discuss the advantages of using discrete logarithm signatures instead of RSA for watermarking.
-
Toward a secure public-key blockwise fragile authentication watermarking
Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205), 2001Co-Authors: P.s.l.m. Barreto, V. RijmenAbstract:In this paper, we describe some weaknesses of public-key blockwise fragile authentication watermarkings and the means to make them secure. Wong's (1998) original algorithm is not secure against a mere block cut-and-paste or the well-known Birthday Attack. To make it secure, some schemes have been proposed to make the signature of each block depend on the contents of its neighboring blocks. We attempt to maximize the change localization resolution using only one dependency per block with a scheme we call hash block chaining version 1 (HBC1). We then show that HBC1, as well as any neighbor-dependent scheme, are susceptible to another forgery technique that we have named a transplantation Attack. We also show a new kind of Birthday Attack that can be effectively mounted against HBC1. To thwart these Attacks, we propose using a nondeterministic digital signature together with a signature dependent scheme (HBC2). Finally, we discuss the advantages of using discrete logarithm signatures instead of RSA for watermarking.
Shiguo Lian - One of the best experts on this subject based on the ideXlab platform.
-
Hash function based on chaotic neural networks
2006 IEEE International Symposium on Circuits and Systems, 2006Co-Authors: Shiguo Lian, Haila WangAbstract:Chaos and neural networks have both been used in data encryption because of their cipher-suitable properties, such as parameter-sensitivity, time-varying, random-similarity, etc. Based on chaotic neural networks, a hash function is constructed, which makes use of neural networks' diffusion property and chaos' confusion property. This function encodes the plaintext of arbitrary length into the hash value of fixed length (typically, 128-bit, 256-bit or 512-bit). Its security against statistical Attack, Birthday Attack and meet-in-the-middle Attack is analyzed in detail. Its properties make it a suitable choice for data authentication
-
ISCAS - Hash function based on chaotic neural networks
2006 IEEE International Symposium on Circuits and Systems, 2006Co-Authors: Shiguo Lian, Haila WangAbstract:Chaos and neural networks have both been used in data encryption because of their cipher-suitable properties, such as parameter-sensitivity, time-varying, random-similarity, etc. Based on chaotic neural networks, a hash function is constructed, which makes use of neural networks' diffusion property and chaos' confusion property. This function encodes the plaintext of arbitrary length into the hash value of fixed length (typically, 128-bit, 256-bit or 512-bit). Its security against statistical Attack, Birthday Attack and meet-in-the-middle Attack is analyzed in detail. Its properties make it a suitable choice for data authentication.
