SECRYPT 2006 Abstracts CONFERENCE Area 1 - Access Control and Intrusion Detection Area 2 - Network Security and Protocols Area 3 - Cryptographic Techniques and Key Management Area 4 - Information Assurance Area 5 - Security in Information Systems Title: WORKLOAD HIDDEN MARKOV MODEL FOR ANOMALY DETECTION Author(s): Juan Manuel García, Tomás Navarrete and Carlos Orozco Abstract: We present an approach to anomaly detection based on the construction of a Hidden Markov Model trained on processor workload data. Using HMM to define the normal state of a computer system, any deviation from this state measured under a proposed metric, is considered an anomaly. This approach is tested under several experimental conditions including simulated DoS attacks, showing that this method can be successful to detect attacks or misuse that directly affects processor performance. Title: SECURITY ENHANCEMENT FOR A LOWCOMPUTATION COST USER AUTHENTICATION SCHEME Author(s): Behnam Sattarzadeh, Mahdi Asadpour and Rasool Jalili Abstract: In 2003, Wu and Chieu proposed a user friendly remote authentication scheme using smart cards. Later, Yang and Wang pointed out that Wu and Chieu's scheme is vulnerable to the password guessing and forgery attacks. Recently, Lee et al. proposed an improved authentication scheme and claimed that their scheme is secure against forgery attack. However, in this paper, we illustrate that Lee et al.'s scheme is still vulnerable to the forgery attack. We also propose an enhancement of the scheme to resist such that attack. Title: INTRUSION DETECTION FOR WEB APPLICATIONS (SHORT VERSION) Author(s): Nathalie Dagorn Abstract: Intrusion detection systems (IDS) are usually classified into two categories: misuse- and anomaly detection systems. Misuse detection is based on signatures; it is precise but can only accommodate already known attacks. Unlike this, anomaly detection models a system’s usual behavior and is able to detect new attacks, but it often suffers from a too high number of (false) alarms, which overload their human operators. Many models were proposed to reduce this load; in the domain of Web-based attacks, which interests us, we retained in particular two papers of Kruegel and al., describing respectively a multi-model application-specific characterization of http requests and a Bayesian event classification; we retained as well an alarm clustering technique developed by Julisch. Our proposal is an attempt to extend Kruegel’s multi-model approach by combining at the same time Bayesian networks and Julisch’s clustering technique to handle even more efficiently the detection of Web-based attacks. Title: EVALUATION OF THE INTRUSION DETECTION CAPABILITIES AND PERFORMANCE OF A SECURITY OPERATION CENTER Author(s): Abdoul Karim Ganame, Julien Bourgeois, Renaud Bidou and Francois Spies Abstract: Detecting all kinds of intrusions efficiently requires a global view of the monitored network. We have developed a security operation center which is able to detect coordinated attacks that are not detected by traditional IDS. In this article, we present several methods used to test the accuracy and the performance of our security operation center. A real ISP network have been used as well as experiments in our lab. Title: SPOOFED ARP PACKETS DETECTION IN SWITCHED LAN NETWORKS Author(s): Zouheir Trabelsi and Khaled Shuaib Abstract: Spoofed ARP packets are used by malicious users to redirect network’s traffic to their hosts. The potential damage to a network from an attack of this nature can be very important. This paper discusses first how malicious users redirect network traffic using spoofed ARP packets. Then, the paper proposes a practical and efficient mechanism for detecting malicious hosts that are performing traffic redirection attack against other hosts in switched LAN networks. The proposed mechanism consists of sending first spoofed packets to the network’s hosts. Then, by collecting and analyzing the responses packets, it is shown how hosts performing traffic redirection attack can be identified efficiently and accurately. The affect of the proposed mechanism on the performance of the network is discussed and shown to be minimal. The limits of current IDSs regarding their ability to detect malicious traffic redirection attack, based on spoofed ARP packets, in switched LAN networks are discussed. Our work is concerned with the detection of malicious network traffic redirection attack, at the Data Link layer. Other works proposed protection mechanisms against this attack, but at the Application layer, using cryptographic techniques and protocols. Title: COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION Author(s): Montaceur Zaghdoud and Mohamed Ben Ahmed Abstract: Nowadays, completely protect a network from attacks is being a very hard task. Even heavily protected networks are sometimes penetrated, and an Intrusion Detection System (IDS) seems to be essential and is a key component in computer and network security. Several researchers worked on comparison between Bayesian Network (BN) and Possibilistic network (PN). But, in this paper we are interested by comparison between BN and PN network in Intrusion Detection. Comparison criteria covered detection rate and false alarms rate. Experimentation process used DARPA’99 experimentation data. Comparison results show a superiority of PN versus BN when detecting intrusion. Title: THE “SECUREPHONE” - A Mobile Phone with Biometric Authentication and e-Signature Support for Dealing Secure Transactions on the Fly Author(s): R. Ricci, G. Chollet, M. V. Crispino, S. Jassim, J. Koreman, A. Morris, M. Olivar-Dimas, S. García-Salicetti and P. Soria-Rodríguez Abstract: This article presents an overview of the SecurePhone project, with an account of the first results obtained. SecurePhone’s primary aim is to realise a mobile phone prototype - the “SecurePhone” - in which biometrical authentication enables users to deal secure, dependable transactions over a mobile network. The SecurePhone is based on a commercial PDA-phone, supplemented with specific software modules and a customised SIM card. It integrates in a single environment a number of advanced features: access to cryptographic keys through strong multimodal biometric authentication; appending and verification of digital signatures; real-time exchange and interactive modification of (e-signed) documents and voice recordings. SecurePhone’s “biometric recogniser” is based on original research. A fused combination of three different biometric methods - speaker, face and handwritten signature verification - is exploited, with no need for dedicated hardware components. The adoption of non-intrusive, psychologically neutral biometric techniques is expected to mitigate rejection problems that often inhibit the social use of biometrics, and speed up the spread of e-signature technology. Successful biometric authentication grants access to SecurePhone’s built-in e-signature services through a user-friendly interface. Special emphasis is accorded to the definition of a trustworthy security chain model covering all aspects of system operation Title: On the Self-similarity of the 1999 DARPA/Lincoln Laboratory Evaluation Data Author(s): Kun Huang and Dafang Zhang Abstract: While intrusion detection systems (IDSs) are becoming ubiquitous defense, no comprehensive and scientifically rigorous benchmark is available to test the detection accuracy of these systems. In 1998 and again in 1999, the Lincoln Laboratory of MIT conducted a comprehensive evaluation of IDSs and produced the DARPA off-line evaluation data, which can be shared by researchers to train and test IDSs. However, there is the lack of detailed characteristics of the DARPA/Lincoln Laboratory evaluation data. This paper examines the self-similarity of the attack-free training data of the 1999 DARPA/Lincoln Laboratory evaluation data sets and indicates that the evaluation data clearly exhibits self-similarity during preceding tens of hours period, while not during other time periods. And the likely causes failing self-similarity are also explored. These finding results are provided to help evaluators to understand and use the 1999 DARPA/Lincoln Laboratory evaluation data well to train and test IDSs. Title: Using Attack Graphs in Ad Hoc Networks for Intrusion prediction Correlation and Detection Author(s): Marianne Azer, Sherif El-Kassas and Magdy El-Soudani Abstract: Mobile ad hoc networks have recently been the topic of extensive research. The interest in such networks stems from their ability to provide temporary and instant wireless networking solutions in situations where cellular infrastructures are lacking and are expensive or infeasible to deploy. Ad hoc networks have lots of applications; however, a vital problem concerning their security aspects must be solved in order to realize these applications. Due to the vulnerability of this type of networks; security measures such as encryption and authentication are used to reduce intrusions, however they cannot eliminate them. Hence, there is a strong need for intrusion detection as a frontline security research area for ad hoc networks security. Among intrusion detection techniques, anomaly detection is advantageous since it does not need to store and regularly update profiles of known attacks. In addition the intrusion detection is not limited to the stored attack profiles, which allows the detection of new attacks. Therefore, anomaly detection is more suitable for the dynamic and limited resources nature of ad hoc networks. For appropriately constructed network models, attack graphs have shown their utility in organizing combinations of network attacks. In this paper, we suggest the use of attack graphs in ad hoc networks. As an example, we give an attack graph that we have created for the wormhole attack. For anomaly detection in ad hoc networks, we suggest the use of two methods that rely basically on attack graphs. The first method is based on the attack graph adjacency matrix and helps in the prediction of a single or multiple step attack and in the categorization of intrusion alarms’ relevance. The second method uses the attack graph distances for correlating intrusion events and building attack scenarios. Our approach is more more appropriate to ad hoc networks’ collaborative and dynamic nature, especially at the application level Title: QUANTITATIVE ANALYSIS AND ENFORCEMENT OF THE PRINCIPLE OF LEAST PRIVILEGE IN ROLE-BASED ACCESS CONTROL Author(s): Chunren Lai and Chang N. Zhang Abstract: Role-based access control (RBAC) models ease security administration and reduce overheads by introducing roles between users and privileges. RBAC provides the possibility to enforce the principle of least privileges that a user should be assigned just enough privileges to complete his/her job in order to prevent the possible information leaking and other wrong doing. This paper defines several concepts to quantitatively measure how well a user-role assignment meets the principle of least privilege and presents algorithms to find the perfect user-role assignment (i.e., without bringing any extra privilege) and the optimal user-role assignment (i.e., limiting any extra privilege to the minimum). The proposed approach for the enforcement of the principle of least privilege is particularly useful for automatic generation of user-role assignment in large-scale RBAC systems. Title: ACCESS CONTROL AND JOINT MANAGEMENT FOR COLLABORATIVE PEER GROUPS Author(s): Wenhua Qi Abstract: Collaborative peer groups means that multiple self-organizing peers aggregating in a controlled manner to accomplish some collective goals. Peer groups share the properties of peer-to-peer overlay network, includ-ing full decentralization, symmetric abilities, and dynamism, which make security problems more compli-cated. Most prior work focused on authentication, group key management and communication security. However, access control is an important precondition of many security services. Intend for a pure decentral-ized model without centralized server, our framework employs a distributed delegation authorization mecha-nism and proposes an authority selection scheme. Multiple authorities could exist in this design, which could avoid single point of failure. Based on the role-based trust management language RT, this paper presents an attribute-based access control framework, and describes a formal joint authorization protocol under voting scheme, to satisfy security requirements of multiple peers. We also introduce our implementation experience by applying JXTA technology. Title: DIGITAL PSEUDONYM IDENTITY FOR E-COMMERCE Author(s): Rafael Martínez-Peláez, Francisco J. Rico-Novella and Luis A. Zarza-López Abstract: The identity is a unique and intransitive property which any human being possesses. Due to its properties is indispensable to create a digital identity for a virtual world. The security offered on the electronic trade is achieved with the help of authentication which is based on a username and a password given to a client in exchange for revealing information about its genuine identity. Since there are different electronic trade sites and other virtual services, the customers must to confide their personal information between various Web sites giving an opportunity to being a fraud or attack victims. A merchant does not have any means to find out the validity of the information delivered by a client who may be a victim of genuine identity theft. This paper describes the usefulness of genuine identity in electronic security requirements, the problems related with their usage in virtual sites, and adoption of a digital pseudonymous identity as an alternative to replace the used of genuine identity in Internet. Title: PROTECTING ADAPTIVE MULTIMEDIA DELIVERY AND ADAPTATION USING PROXY BASED APPROACH Author(s): Ahmed Reda Kaced and Jean-Claude Moissinac Abstract: In mobile computing and wireless communication, proxies are mainly used to overcome the three major problems of these networks: throughput and latency differences between the wired and the wireless links, host mobility, and limited resources of the mobile hosts. By breaking the end-to-end nature of the communication, proxies render the task of providing end-to-end security much harder or even impossible in some cases. In this paper, we will address the questions of when and how end-to-end security, like confidentiality and authenticity can be preserved, when having one or more proxies in the data path. We also propose SEMAFOR, a platform for protecting adaptive multimedia content delivery in heterogeneous environments. It aims to deliver an end-to-end authenticity of original content exchanged in a heterogeneous network while allowing content adaptation by intermediary proxies between the content transmitter and the final users. Adaptation and authentication management are done by the intermediary proxies, transparently to connected hosts, which totally make abstraction of these processes. SEMAFOR provides AMCA a new content authentication based on multi-hop signature scheme using a Merkle Hash Tree, and XSST a secured transaction protocol that gives securely exchanging transactions and a message format to encapsulate these transactions in XML form. Title: LAYERED ARCHITECTURE FOR SECURE E-COMMERCE APPLICATIONS Author(s): Amir Herzberg and Igal Yoffe Abstract: We present the first layered architecture for secure e-commerce protocol with fully automated dispute-resolution process, in the presence of communication failures and malicious faults. Our design is modular, with precise yet general-purpose interfaces and functionalities, and allows usage as an underlying service to different e-commerce, e-banking and other distributed systems. The interfaces support diverse, flexible and extensible payment scenarios and instruments, including direct buyer-seller payments as well as (the more common) indirect payments via payment service providers (e.g. banks). Our construction operates efficiently, reliably and securely under realistic failure and delay conditions. Title: ON THE DESIGN OF A LOW-RATE DOS ATTACK AGAINST ITERATIVE SERVERS Author(s): Gabriel Maciá-Fernández, Jesús E. Díaz-Verdejo, Pedro García-Teodoro Abstract: Recent research exposes the vulnerability of current networked applications to a family of low-rate DoS attacks based on timing mechanisms. A kind of those attacks is targeted against iterative servers and employs an ON/OFF scheme to send attack packets during the chosen critical periods. The overall behaviour of the attack is well known and its effectiveness has been demonstrated in previous works. Nevertheless, it is possible to achieve a trade off between the performance of the attack and its detectability. This can be done by tuning some parameters of the attack waveform according to the needs of the attacker and the deployed detection mechanisms. In this paper, a mathematical model for the relationship among those parameters and their impact in the performance of the attack is evaluated. The main goal of the model is to provide a better understanding of the dynamics of the attack, which is explored through simulation. The results obtained point out the model as accurate, thus providing a framework feasible to be used to tune the attack. Title: SECURE ACCESS MODULES FOR IDENTITY PROTECTION OVER THE EAP-TLS - Smartcard Benefits for User Anonymity in Wireless Infrastructures Author(s): Pascal Urien and Mohamad Badra Abstract: Identity protection and privacy became increasingly important in network communications; especially in wireless LAN. In this optic, Privacy Enhancing Technologies (PET) have been introduced to provide anonymous exchange and to protect personal data. In this paper, we present the SAM (Secure Access Module) architecture, which is a couple of smartcards (client and server) that process EAP-TLS, a transparent transport of TLS (Transport Layer Security) over EAP (Extensible Authentication Protocol). This architecture provides mutual authentication, identity protection and data un-traceability by preventing undesired and unnecessary processing of personal data. Title: PROTECTING CIPHER BLOCK CHAINING AGAINST ADAPTIVE CHOSEN PLAINTEXT ATTACK Author(s): Chuan-Wen Loe and Khoongming Khoo Abstract: In the literature, several encryption modes of operation based on cipher block chaining (CBC) have been proven to be secure under non-adaptive chosen plaintext attack (CPA-1) in the left-or-right (LOR) or find-then-guess (FTG) security models. However, it was shown by Joux et. al. at Crypto 2002 that if we allow the adversary to perform an adaptive chosen plaintext attack (CPA-2), then CBC, ABC and GEM are susceptible to FTG attacks. In this paper, we propose a new CBC-type encryption called input-output masked CBC (IO-CBC) which can protect against FTG and LOR attacks based on forcing an input collision, protects against Joux's FTG attack, and increases the difficulty of linear and differential cryptanalysis. Moreover, we also show that the key space of a 2-key variant of IO-CBC cannot be reduced by Sung's attack at ACISP 2003. The efficiency of IO-CBC is comparable to CBC because it does only one additional encryption when compared with CBC. Finally, the IO-CBC can easily be tweaked to provide message authenticity on top of confidentiality. Title: TRUST MANAGEMENT WITHOUT REPUTATION IN P2P GAMES Author(s): Adam Wierzbicki Abstract: The article considers trust management in Peer-to-Peer (P2P) systems without trusted, centralized resources and without using reputation. The aim is to construct mechanisms that allow to enforce trust in P2P systems, where individual peers have a high possibility of unfair behaviour that is strongly adverse to the utility of other users. An example of such an application of P2P computing is P2P Massive Multi-user Online Games, where cheating by players is simple without centralized control or specialized trust management mechanisms. The article presents new techniques for trust enforcement that use cryptographic methods and are adapted to the dynamic membership and resources of P2P systems. Title: FORWARD-SECURE AUTHENTICATED-ENCRYPTION IN MULTI-RECEIVER SETTING Author(s): Kan Yasuda, Kazumaro Aoki, Eiichiro Fujisaki and Atsushi Fujioka Abstract: We provide a generic construction of forward-secure authenticated-encryption that can be efficiently implemented for use in multi-receiver scenario. The area of authenticated encryption and its forward security are well studied in bidirectional, unicast setting, but these in unidirectional, multi-receiver setting have not been fully addressed in previous works in this area. By multi-receiver setting we mean the situation in which a single center transmits large data to a dynamically changing group of receivers. In such scenario a direct application of previous methods would lead to multiple problems, including transmission inefficiency, computational overhead and vulnerability against denial-of-service (DoS) attacks. In this paper we explore these problems and present a new construction that provides us with a solution. Our construction is a composition of generic cryptographic primitives such as symmetric-key cipher, pseudo-random bit generator (PRNG) and message authentication code (MAC). The key points in our construction are (1) integration of a symmetric-key cipher into a PRNG, (2) introduction of a keyed hash-function and (3) MAC-then-MAC structure. Our construction achieves confidentiality and strong integrity (replay avoidance, in-order packet delivery, etc.) both in the sense of forward security, which can be proved in the concrete security model. Title: A CHALLENGING BUT FEASIBLE BLOCKWISE-ADAPTIVE CHOSEN-PLAINTEXT ATTACK ON SSL Author(s): Gregory V. Bard Abstract: This paper introduces a chosen-plaintext vulnerability in the Secure Sockets Layer (SSL) and Trasport Layer Security (TLS) protocols which enables recovery of low entropy strings such as can be guessed from a likely set of 2--1000 options. SSL and TLS are widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL and TLS standards mandate the use of the cipher block chaining (CBC) mode of encryption which requires an initialization vector (IV) in order to encrypt. Although the first IV used by SSL is a (pseudo)random string which is generated and shared during the initial handshake phase, subsequent IVs used by SSL are chosen in a deterministic, predictable pattern; in particular, the IV of a message is taken to be the final ciphertext block of the immediately-preceding message, and is therefore known to the adversary. The one-channel nature of web proxies, anonymizers or Virtual Private Networks (VPNs), results in all Internet traffic from one machine traveling over the same SSL channel. We show this provides a feasible point of entry'' for this attack. Moreover, we show that the location of target data among block boundaries can have a profound impact on the number of guesses required to recover that data, especially in the low-entropy case. The attack in this paper is an application of the blockwise-adaptive chosen-plaintext attack paradigm, and is the only feasible attack to use this paradigm with a reasonable probability of success. The attack will work for all versions of SSL, and TLS version 1.0. This vulnerability and others are closed in TLS 1.1 (which is still in draft status) and OpenSSL after 0.9.6d. It is hoped this paper will encourage the deprecation of SSL and speed the adoption of OpenSSL or TLS 1.1/1.2 when they are finially released. Title: INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS Author(s): Ines Feki, Xiaoli Zheng, Mohammed Achemlal and Ahmed Serhrouchni Abstract: Internet is composed of thousands of autonomous systems (AS). The Border Gateway Protocol (BGP) is the exterior routing protocol used to exchange network reachability information between border routers of each AS. The correctness of the exchanged information in BGP messages is crucial to the Internet routing system. Unfortunately, BGP is vulnerable to different attacks that have considerable impacts on routing system. Network prefix hijacking, where an AS illegitimately originates a prefix is one of the most important attacks. It allows the attacker to receive traffic in destination to the prefix owner. The attacker is then able to blackhole the traffic or to force it to take another path. Proposed solutions rely on public key infrastructures and cryptographic mechanisms to prevent incorrect routing information propagation. In practice these approaches involve many parties (Internet Service Providers, Operators, Vendors, and Regional Internet Registries) and are difficult to deploy. In this paper we formally define routing information correctness, especially the legitimacy of an AS to originate a prefix. We also propose a method to associate with an AS a legitimacy level to originate a prefix. We use Regional Internet Registry databases to initialize the legitimacy level. We also use received announcements and public routing data to update this legitimacy level. We finally describe all conceivable reactions facing origin AS changes. Title: SECURE EFFICIENT DISTANCE VECTOR ( S E A D ) ROUTING Author(s): Morteza Seradj Abstract: An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol (DSDV). In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service (DoS) attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network. Title: SECURITY CONSIDERATIONS IN CURRENT VOIP PROTOCOLS Author(s): Steffen Fries Abstract: This document describes current state of the art security functionality provided in the four mainly used and standardized Voice over IP (VoIP) signaling protocols, as there are the Session Initiation Protocol (SIP), H.323, Megaco, and the Media Gateway Control Protocol (MGCP). It outlines the security provided by the protocols itself or by dedicated security extensions including lower layer security protocols like Transport Layer Security (TLS) or IPSec. Moreover, vulnerabilities, which still remain in protocols or certain scenarios, are depicted as well. Furthermore discussed are also security approaches for the media data provided by the Secure Real-time Transport Protocol (SRTP) and associated key management schemes. This document concludes by identifying work areas, in which further security related work in the area of multimedia communication in general and VoIP in specific has to be done. Title: A DOS ATTACK AGAINST THE INTEGRITY-LESS ESP (IPSEC) Author(s): Ventzislav Nikov Abstract: This paper describes a new practical DoS attack that can be mounted against the ""encryption-only"" configuration (i.e. without authenticated integrity) of ESP as allowed by IPSec. Title: ACTION-TRIGGERED PUBLIC-KEY SYSTEM FOR GSM USING RSA WITH PHONE-DEPENDENT ENCRYPTION Author(s): Rehab K. El Nemr, Imane Aly Saroit Ismail and S. H. Ahmed Abstract: Security is a burning issue and intelligent security will remain relevant, as it is important in all types of applications. GSM Security flaws have been identified several years ago. Some of these flaws have been fixed by the 3GPP but others are left to discussion. In this paper we will integrate a very well known technique in the system, namely Public-key technique. Yet, we will introduce the solutions in a different point of view. These solutions are Action-Triggered, meaning; it will work only if the flaw occurs. That will leave the original system working in normal cases. End-to-End security will be discussed also and a mechanism of Key management is proposed if this service is requested by the customer. Phone-Dependent technique is conducted to consider Service provider attacks. Title: A SERVICE DISCOVERY THREAT MODEL FOR AD HOC NETWORKS Author(s): Adrian Leung and Chris Mitchell Abstract: The dynamic yet vulnerable nature of an hoc network presents many new security and privacy challenges. Securing the process of service discovery is one of them. Novel solutions are therefore required. However, in order for appropriate security measures to be devised, all possible security threats must first be identified and thoroughly analysed. In this paper, we present a threat model for service discovery in ad hoc networks. Based on these threats, we proceed to derive the security services required to achieve secure service discovery. Title: COMBINATION OF A SMARTCARD E-PURSE AND E-COIN TO MAKE ELECTRONIC PAYMENTS ON THE INTERNET Author(s): Antonio Ruiz-Martínez, Antonio F. Gómez-Skarmeta and Óscar Cánovas Abstract: Although e-purses are both commonly used in Automatic Teller Machines and well accepted by end-users as prepaid method, nowadays they are not being offered as payment method on the Internet. This is mainly due to the fact that vendors have to integrate in their e-commerce applications, the use of point of sale devices with a security application module (SAM) to communicate the e-purse with that module along the payment phase. In this paper we introduce a new payment method that combines the main advantages of e-purses and the use of e-coins to make payments. This new proposal does not need a SAM to make and verify payments on the Internet. Furthermore, it does not require that the e-coin is checked on-line. Thus, we introduce the possibility that this e-purse can be easily integrated in the payment applications that vendors offer on the Internet. Title: PROTOCOL INDEPENDENT LIGHTWEIGHT SECURE COMMUNICATION Author(s): M. Amaç Güvensan and A. Gökhan Yavuz Abstract: This paper introduces a new protocol independent security mechanism, called PILSC (Protocol Independent Lightweight Secure Communication). PILSC utilizes the security feature of IPv4, defined but not used yet, in order to have standardization in secure communication. We aim to increase the efficiency of the secure data transfer by means of examining the shortages of different security protocols. Although IPSec is the only protocol independent protocol, the redundant overhead and its hardly configurable structure encourages us to design a more fast and easy configurable mechanism, whose architecture is presented in detail in this paper. The implementation of PILSC on the kernel-level brings %75-%90 performance enhancement on cryptographic process time in comparison to the implementation of cryptographic processes in the user-space. Moreover, secure data transfer rate of PILSC is %20-25 faster than IPSec and SSL. Title: ACHIEVING UNCONDITIONAL SECURITY IN EXISTING NETWORKS USING QUANTUM CRYPTOGRAPHY Author(s): Stefan Rass, Mohamed Ali Sfaxi and Solange Ghernaouti-Hélie Abstract: Based on extensions to the protocols PPP and IPSEC, we present a working proposal for building a network over which messages can be sent unconditionally secure. We will show how quantum cryptography can be implemented in classical protocols and how existing networks can be efficiently extended to suit our needs for unconditional security. We show that graph connectivity is crucial for the security of the transmission. For that matter, we provide secure routing services, so an adversary cannot penetrate any message flow successfully.Furthermore, our protocols are extensible to allow up to t - 1 adversaries (possibly cooperating) while remaining unconditionally secure. Title: PRIVATE BIDDING FOR MOBILE AGENTS Author(s): Bartek Gedrojc, Kathy Cartrysse and Jan C. A. van der Lubbe Abstract: A major security and privacy threat for Mobile Software Agents are Untrustworthy Environments; which are able to spy on the agents' code and private data. By combining Multi-Party Computation with ElGamal public-key encryption system we are able to create a protocol capable of letting two agents have a private bidding within an Honest-but-Curious environment only with the help of an Oblivious Third Party. The Oblivious party is able to compare two encrypted inputs without being able to retrieve any information about the inputs. Title: EFFICIENT ALL-OR-NOTHING ENCRYPTION USING CTR MODE Author(s): Robert P. McEvoy and Colin C. Murphy Abstract: All-or-Nothing Encryption is a useful technique which can heighten the security of block ciphers. It can also be used to design faster symmetric-key cryptosystems, by decreasing the number of required encryption operations at run-time. An open problem in the literature regards the speed of all-or-nothing encryption, which we address in this paper by proposing a new all-or-nothing mode of operation. Trade-offs in the implementation of this design are considered, and theoretical proofs of security are provided. Title: DIGITAL OBJECT RIGHTS MANAGEMENT - Interoperable Client-side DRM Middleware Author(s): Carlos Serrão, Miguel Dias and Jaime Delgado Abstract: In a more and more interconnected world where the available bandwidths are increasing at a pace hard to imagine some time ago, multimedia e-content distribution over digital networks has become one of the biggest available services online. Powered not only by the network high availability but also by the emergence of new compression techniques and digital content consumer device, digital content is gaining momentum. However the same factors that power this emergence are also causing some problems, specially related with the digital content IPR management and protection. These problems are being handled employing DRM - Digital Rights Management technology which lack interoperability. This paper presents and discusses a solution that provides interoperability to DRM-protected content through the employment of a client-side DRM middleware layer. This middleware layer sits at the client-side of a broader DRM system (called DoRM) providing the necessary mechanisms to achieve interoperability between the different digital content rendering applications that the users possesses. Title: PARALLEL MULTIPLICATION IN GF(2^n) USING CONDENSED MATRIX REPRESENTATION Author(s): Christophe Negre Abstract: In this paper we explore a matrix representation of binary field GF(2^n) defined by an irreducible trinomial $P = X^n+X^k+1$. We obtain a multiplier with time complexity of T_A + (\log_2 (n)) T_X and space complexity of (2n-1)n AND and (2n-1)(n-1) XOR. This multiplier reaches the lower bound on time complexity. Until now this was possible only for binary field defined by AOP, which are quite few. The interest of this multiplier remains theoretical since the size of the architecture is rouhghtly two times bigger than using usual polynomial basis multiplier (Mastrovito). Title: CHOSEN-IV STATISTICAL ATTACKS ON eSTREAM CIPHERS Author(s): Markku-Juhani O Saarinen Abstract: d-Monomial tests are statistical randomness tests based on Algebraic Normal Form representation of a Boolean function, and were first introduced by Filiol in 2002. We show that there are strong indications that the Gate Complexity of a Boolean function is related to a bias detectable in a d-Monomial test. We then discuss how to effectively apply d-Monomial tests in chosen-IV attacks against stream ciphers. Finally we present results of tests performed on eSTREAM proposals, and show that six of these new ciphers can be broken using the d-Monomial test in a chosen-IV attack. Many ciphers even fail a trivial (ANF) bit-flipping test. Title: PROPOSALS FOR ITERATED HASH FUNCTIONS Author(s): Lars R. Knudsen and Søren S. Thomsen Abstract: The past few years have seen an increase in the number of attacks on cryptographic hash functions. These include attacks directed at specific hash functions, and generic attacks on the typical method of constructing hash functions. In this paper we discuss possible methods for protecting against some generic attacks. We also give a concrete proposal for a new hash function construction, given a secure compression function which, unlike in typical existing constructions, is not required to be resistant to all types of collisions. Finally, we show how members of the SHA-family can be turned into constructions of our proposed type. Title: DIGITAL CONTRACT SIGNATURE SCHEME BASED ON MULTIPLE CRYPTOSYSTEM Author(s): Lianhai Wang and Manu Malek Abstract: This paper presents a new type of signature, contract digital signature, based on Discrete Logarithm(DL) and Elliptic Curve(EC) cryptosystems. Contract signature is similar to a real-life contract. No less than two signers take part in a contract signature. After introducing the concept and definition of contract signature, a scheme based on Discrete Logarithm (DL) and Elliptic Curve (EC) cryptosystems is presented. This scheme allows signers, whose ordinary signature schemes use many different cryptographic systems, to generate a single signature. The scheme requires neither a trusted arbitrator nor a high degree of interaction between signers. We then prove that this scheme is secure under the discrete logarithm assumption. Title: TRAITOR TRACING FOR SUBSCRIPTION-BASED SYSTEMS Author(s): Hongxia Jin, Jeffory Lotspiech and Mario Blaum Abstract: In this paper we study the traitor tracing problem, which originates in attempting to combat piracy of copyrighted materials. When a pirated copy of the material is observed, a traitor tracing scheme should allow to identify at least one of the real subscribers (traitors) who participate in the construction of a pirated copy. In this paper, we focus on the pay-per-view type of subscription-based scenarios, in which materials are divided into multiple segments and each segment has multiple variations. We present a systematic way to assign the variations for each segment and for each subscriber using an error-correcting code. We give sufficient conditions for a code to be able to trace at least a traitor when faced with a coalition of $m$ traitors. We also prove that these sufficient conditions are also necessary when the code is an MDS code. Title: AN INFINITE PHASE-SIZE BMAP/M/1 QUEUE AND ITS APPLICATION TO SECURE GROUP COMMUNICATION Author(s): Hiroshi Toyoizumi Abstract: We derive the bounds of the mean queue length of an infinite phase size BMAP/M/1 queue which has an M/M/¥infty-type phase transition, and use them to evaluate the performance of secure group communication. Secure communication inside a groups on an open network is critical to enhance the internet capability. Extending the usual matrix analysis to the operator analysis, we derive a new estimation of the degradation of secure group communication model. Title: AN ALGORITHM FOR AUTHENTICATION OF DIGITAL IMAGES Author(s): Dan Dumitru Burdescu and Liana Stanescu Abstract: The rapid growth of digital multimedia technologies brings tremendous attention to the field of digital authentication. The owner or the distributor of the digital images can insert a unique watermark into copies for different customers or receivers, which will be helpful to identify the source of illegal copies. In digital watermarking, robustness is still a challenging problem if different sets of attacks need to be tolerated simultaneously. In this paper we present an original spatial authentication technique for digital images. Our approach modifies blocks of the image by insertion of a spatial watermark. A spatial mask of suitable size is used to hide data with less visual impairments. The watermark insertion process exploits average color of the homogeneity regions of the cover image. The complexity of the algorithms is proved to be O(n2), where ‘n’ is the nodes number of virtual graph for watermark. The authentication method developed below works for all types of digital image. Title: ON USE OF IDENTITY-BASED ENCRYPTION FOR SECURE EMAILING Author(s): Christian Veigner and Chunming Rong Abstract: Abstract—In 1984 Adi Shamir requested a solution for a novel public-key encryption scheme, called identity-based encryption. The original motivation for identity-based encryption was to help the deployment of a public-key infrastructure. The idea of an identity-based encryption scheme is that the public key can be any arbitrary string, for example, an email address, a name or a role. Several solutions were proposed in the following years. In 2001 the first practical and efficient scheme was proposed by Boneh and Franklin. Their encryption scheme was based on the Weil pairing on elliptic curves and proved secure in the random oracle model. In 2005, a new promising suggestion due to Waters was proposed, this time as an efficient solution without random oracles. An identity-based encryption (IBE) scheme does not need to download certificates to authenticate public keys as in a public-key infrastructure (PKI). A public key in an identity-based cryptosystem is simply the receiver’s identity, e.g. an email address. As often, when new technology occurs, the focus is on the functionality of the technology and not on its security. In this paper we briefly review about identity-based encryption and decryption, particularly, the Boneh-Franklin algorithms. We later on show that IBE schemes used for secure emailing render spamming far easier for spammers compared to if a PKI certificate approach is used. With the IBE approach, viruses may also be spread out more efficiently. Title: More Robust Private Information Retrieval Scheme Author(s): Chun-Hua Chen and Gwoboa Horng Abstract: In e-commerce, the protection of users’ privacy from a server was not considered feasible until the private information retrieval (PIR) problem was stated and solved. A PIR scheme allows a user to retrieve a data item from an online database while hiding the identity of the item from a database server. In this paper, a new PIR scheme using a secure coprocessor (SC) and including mutual authentication by DSA signature algorithm for protecting the privacy of users, is proposed. Because of using only one server and including the mutual authentication process in the proposed scheme, it is more efficient and more robust (secure) in the real e-commerce environment compared with previous PIR solutions. In addition, a security analysis (proof) for the proposed scheme and comparisons to other PIR schemes are given. Title: USING OMA DRM 2.0 PROTECTED CONTENT - Ogg Vorbis protected Audio under Symbian OS Author(s): Carlos Serrao and Francisco Pimenta Abstract: The lack of control inherent to digital content has been put on the spotlight by copyright infringement coupled with massive content distribution online (e.g., Peer-to-Peer). Digital Rights Management seems to be the solution to counter this problem advocating the use of cryptography and other related security mechanisms to protect digital content and to associate rights with it which determine how, when and by whom it can be consumed. The Open Mobile Alliance (OMA) specifies mobile service enablers in order to ensure interoperability throughout the mobile spectrum. As prominent mobile devices, Symbian OS smartphones offer an interesting platform for the demonstration of OMA DRM for the consumption of multimedia content. This article outlines the mechanisms enabling the protected consumption of the open and patent-free audio format, Ogg Vorbis using an OMA DRM 2.0 compliant audio player application running under Symbian OS (directed for mobile devices). Title: DESIGN OF CRYPTOGRAPHIC PROTOCOLS BY MEANS OF GENETIC ALGORITHMS TECHNIQUES Author(s): Luis Zarza, Josep Pegueroles, Miguel Soriano and Rafael Martínez Abstract: Genetic algorithms techniques are broadly accepted as an easy way to solve optimization problems. They provide, in a reasonable time, optimal or near-to-the-optimal solutions to problems involving a large amount of variables and entries. In this work we present Genetic Algorithms as a tool aiding the design of security protocols. The design process is divided in the following steps: a population consisting in a set of protocols is established; the population evolves according the benefits criteria programmed in the evolution process. The mapping of valid protocol messages to individuals in a population and the election of proper genetic algorithm evolution mechanisms are presented as key items in the whole process. All proposals in this work have been implemented in a software tool including basic features as cryptographic protocols design using public key and symmetric cryptography. Results achieved with simple examples confirm our expectations and point as future work the development of new versions including advanced features. Title: FINITE FIELD MULTIPLICATION IN LAGRANGE REPRESENTATION USING FAST FOURRIER TRANSFORM Author(s): Christophe Negre Abstract: The multiplication in GF(p^n) can be performed using a polynomial version of Montgomery multiplication. In Arith'03 Bajard et al. improved this method by using a Lagrange representation: the elements of GF(p^n) are represented by their values at a fixed set of points. The costly operations in this new algorithm are the two changes of Lagrange representation which require 2r^2 operations in GF(p) with n \leq r \leq 2^\lceil \log_2(n)\rceil. In this paper we present a new method to perform the change of Lagrange representation. This method uses Fast Fourier Transform and has a cost equal to 3rlog_2(r) operations in GF(p) with \$r= 2^(\lceil \log_2(n) \rceil). Title: JASTEG2000 - Steganography for JPEG2000 Coded Images Author(s): Domenico Introna and Francescomaria Marino Abstract: The steganography is the concept of making invisible a communication, and not only incomprehensible its content (as cryptography does). This is generally achieved hiding a secret message into another one (“cover”), which appears as the only object of the communication. This paper proposes a steganographic method employing JPEG2000 images as “cover”. It reaches high embedding even introducing a low distortion. Experimental results have shown up to 35%-45% embedding rate, with 2 dB of distortion (in the worst case) at 0.5 bpp and 30%-40% with less than 4 dB at 1.0 bpp. Comparing these results with those achieved by JPEG2000-BPCS, it can be seen that our method produces considerably less post-embedding growth and distortion (in some case, they differ for more than 5 dB). Title: NETWORK SECURITY EVALUATION BASED ON SIMULATION OF MALFACTOR’S BEHAVIOR Author(s): Igor Kotenko and Mikhail Stepashkin Abstract: The approach to computer network security analysis intended for using both at design and operation stages is suggested. This approach is based on simulation of malefactor’s behavior, generating common attack graphs and calculating different security metrics. The graph represents all possible attack scenarios taking into account network configuration, security policy, malefactor’s locations (as external as well as internal), knowledge level and strategy. The security metrics describe computer network security at different levels of detail and take into account various aspects of security. Attack scenarios model, common attack graph building procedures, used security metrics, and general security level evaluation are defined. The implemented version of the security analysis system is described, and examples of express-evaluations of security level are considered. Title: SMOOTH BLOCKS-BASED BLIND WATERMARKING ALGORITHM IN COMPRESSED DCT DOMAIN Author(s): Chun Qi, Haitao Zhou and Bin Long Abstract: A novel blind watermarking scheme based on smooth blocks in compressed DCT domain is proposed. The smooth blocks are detected by a criterion which uses a relation between the quantized DC coefficients and the variance of AC coefficients in the block and deduced from the Weber’s Law. In the approach, the watermark is embedded by modifying the average value of some low-frequency DCT coefficients in selected blocks, and recovered by the sign of the mean value of corresponding coefficients in detected blocks and there is no need for original image. The experimental results demonstrate that almost no perceptible distortion is found in the watermarked images, and the watermark is robust to some image processing operations such as scaling, cropping, noise, filtering and JPEG compression. Title: SECURE ONLINE ENGLISH AUCTIONS Author(s): Jarrod Trevathan and Wayne Read Abstract: Security and privacy in online auctions is a major concern as auction participants have many opportunities to cheat (e.g., repudiate bids, not deliver items,~etc.). Online auctions such as those used by eBay are based on a type of auction referred to as an English auction. Dispite the English auction being the most popular type of auction, it has received less security coverage than other types of auctions (e.g.,~sealed-bid auctions). An existing proposal for a secure"" English auction prevents the Auctioneer from closing the auction early and from blocking bids, but does not protect a bidder's anonymity. Another proposal provides anonymity, but does not stop an Auctioneer from skewing its clock or blocking bids. This paper proposes a new scheme for conducting secure and anonymous online English auctions using a modified type of group signature. Trust is divided among three servers owned by separate companies to ensure anonymity and fairness. Our scheme solves the problems of the existing English auction schemes and has following characteristics: {\it unforgeability, anonymity, unlinkability, exculpability, coalition-resistance, verifiability, robustness}, {\it traceability}, {\it revocation}, {\it one-off registration}, {\it unskewability} and {\it unblockability}. Our scheme has comparable efficiency to the existing schemes for the enhanced security and privacy it provides. Title: COLLABORATION SECURITY FOR MODERN INFORMATION SYSTEMS Author(s): Richard Whittaker, Gonzalo Argote-Garcia, Peter J. Clarke and Raimund K. Ege Abstract: One of the main approaches to accessing heterogeneous data is via the use of a mediation framework. The current problem with mediation systems is that they are viewed as black boxes from the perspective of their clients. As clients enter their data, they are unable to control the access to their data from entities within the mediation system. In this paper we present a solution in the form of a security framework, named Collaboration Security Framework that addresses the needs of all entities, i.e. external clients, mediators or data sources, to have autonomy in applying security policies during collaboration. As a result all entities participating in a collaboration have control over the access to their data by applying local, global and collaboration channel security rules, which can be changed at runtime and that are security model independent. Title: INTER-NODE RELATIONSHIP LABELING: A FINE-GRAINED XML ACCESS CONTROL IMPLEMENTATION USING GENERIC SECURITY LABELS Author(s): Zheng Zhang and Walid Rjaibi Abstract: Most work on XML access control considers XML nodes as the smallest protection unit. This paper shows the limitation of this approach and introduces an XML access control mechanism that protects inter-node relationships. Our approach provides a finer granularity of access control than the node-based approaches(\emph{i.e.}, more expressive). Moreover, our approach helps achieve the need-to-know" security principle and the choice" privacy principle. This paper also shows how our approach can be implemented using a generic label infrastructure and suggests algorithms to create/check a secure set of labeled relationships in an XML document. Title: FLEXIBLE LICENSE TRANSFER SYSTEM USING MOBILE TERMINAL Author(s): Masaki Inamura, Toshiaki Tanaka, Toshiyuki Fujisawa, Kazuto Ogawa and Takeshi Kimura Abstract: Content delivery is one of the promising services for both digital broadcasting and the Internet. The provision of home gateway for connecting the internet provider or set top box for broadcasting causes a variety of content services and convenient functions. However, if a user wants to enjoy digital content not only in his home but also outside of it, it is difficult to use, because a license for digital content is usually bound to the set top box or home gateway. For the purpose to utilize the digital content in the open space, we propose a new system where a user can purchase a license and securely delegate the license stored in the set top box to the mobile terminal. Therefore he can enjoy content by showing the license stored in the mobile terminal as a prepaid ticket. Moreover, to protect user’s privacy, our proposed mechanism supports anonymity when using the ticket. Title: USING MICROSOFT OFFICE INFOPATH TO GENERATE XACML POLICIES Author(s): Manuel Sánchez, Gabriel López, Antonio F. Gómez-Skarmeta and Óscar Cánovas Abstract: Today, when organizations perform access control over their resources they are not only interested in the user’s identity, but in other data such as user’s attributes or contextual information. These requirements can be found, for example, in a network access control scenario where end users pay for a specific access level and depending on it, they can get different network quality of service. The network provider has to check, not only the user identity, but the user’s attributes to make sure that he can access to the specified resource. These systems are based on the use of policy languages to define the authorization process. However, due to the increasing complexity of current systems, policies are becoming more and more complex to be managed by system administrators. Therefore, in this paper we present an user friendly approach to policy specification, based on the use of high level templates and common desktop applications. These templates are easily built from XML schemas, and once they have been filled, a XACML policy is automatically generated using a XML transformation. Title: LEAST PRIVILEGE IN SEPARATION KERNELS Author(s): Timothy E. Levin, Cynthia E. Irvine and Thuy D. Nguyen Abstract: We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects provides enhanced protection for secure systems. Title: DEFINING VIEWPOINTS FOR SECURITY ARCHITECTURAL PATTERNS Author(s): David G. Rosado, Carlos Gutiérrez, Eduardo Fernández-Medina and Mario Piattini Abstract: For decades, the security community has undertaken detailed research into specific areas of security, while largely ignoring the design process. Software architecture has emerged as an important sub-discipline of software engineering, particularly in the realm of large system development. This paper describes how security architectural patterns lack of a comprehensive and complete well-structured documentation that conveys essential information of their logical structure, deployment-time, run-time behaviour, monitoring configuration, and so on. Thus we will propose a viewpoints model for describing security architectural patterns. We will investigate security architectural patterns from several IEEE 1471-2000 compliant viewpoints and develop an example that demonstrates how to describe a security architectural pattern with viewpoints. We will make use of well-known language notations such as UML to maximize comprehensibility. Title: MODELLING E-BUSINESS SECURITY USING BUSINESS PROCESSES Author(s): Sharon Nachtigal and Chris J. Mitchell Abstract: Organizations (enterprizes,business firms, governmental institutions, etc...) have changed their way of doing business from traditional way to E-Business processes. That change makes the perimeter security approach as a non-relevant for such new types of organizations. The well-known and widely used security mechanisms,including cryptography-based tools and techniques, can not provide a sufficient level of security, while being used alone, without being a part of a comprehensive organizational approach/phylosophy. The approach has to be different from the nowadays ruling approach, which is perimeter security, by focusing on different organizational components. Here we suggest a process security approach. The following paper describes the work-in-progress of a research which aim is to develop an E-Business security model based on that new approach---namely, process security approach. Title: EXTENDING XML SIGNATURE AND APPLYING IT TO WEB PAGE SIGNING Author(s): Takahito Tsukuba and Kenichiro Noguchi Abstract: Security technologies for XML, the XML Encryption and the XML Signature developed by the World Wide Web Consortium, will play a vital role in security on the Internet. A binary X.509 certificate encoded in ASN.1 is included in the XML Signature. We propose to extend the XML Signature to fully represent X.509 certificate information in XML. We developed the specifications for extensions. We implemented a converter that transforms between the ASN.1 representation and XML representation of an X.509 certificate that was aimed at verifying the validity of our proposal. World Wide Web security is an important issue on the Internet and trusted information is critical. We experimented with Web page signing, applying the extended XML Signature. We propose the architecture for signed Web pages based on the XML Signature. We conducted a test implementation of the architecture with the extended XML Signature. We verified that the proposed architecture could easily be implemented and incorporated into the current Web environment as well as the effectiveness of the extended XML Signature. The paper concludes by identifying necessary areas for future standardization. Title: UNDESIRABLE AND FRAUDULENT BEHAVIOUR IN ONLINE AUCTIONS Author(s): Jarrod Trevathan and Wayne Read Abstract: Online auctions are a popular means for exchanging items over the Internet. However, are many inherent security and fairness concerns. Participants can behave in an undesirable and fraudulent manner in an attempt to gain an advantage at the expense of rivals. For example, a bidder might seek to suppress the price by bid sniping, or the seller could introduce fake bids to inflate the price. In addition, an outsider or rival seller can lure away bidders by directly offering them better deals, or a malicious seller can auction mis-represented or non-existent items. This conduct is a problem as it results in market failure, thereby inhibiting the usefulness of online auctions as an exchange medium. While cryptography has been used to provide security in terms of bid authentication and privacy, there is no documented means to prevent many of the aforementioned problems. This paper investigates undesirable and fraudulent behaviour in online auctions. We examine the following practices: bid shielding, shill bidding, bid sniping, siphoning and selling non-existent or misrepresented items. We describe the characteristics of such behaviour and how to identify it in an auction. We also provide recommendations for recourse against undesirable and fraudulent participants. Title: SECURING WEB SERVICES USING IDENTITY-BASED ENCRYPTION (IBE) Author(s): Kari Anne Haaland and Chunming Rong Abstract: There is obvious need in cooperation between organizations. A recent trend is cooperation online, which result in the need of facilitating and managing cross-domain access to information and applications. It is important to utilize open standards that leverage existing technologies instead of replacing them. Ws-Security, emitted by OASIS, defines standards on how to encode security tokens. In this paper we look at the use of Identity-based Encryption to leverage the exchange of security tokens, and how it can be implemented with WS-Security. Identity-based encryption offers, compared to the more conventional PKI, some additional advantages. For instance: databases maintaining public-key certificates are now longer necessary, which simplify key management, saves space, and eliminate the threat of attacks on these databases. It is also more suitable to grant collective access to groups, and is therefore suited for role based access control. Title: SECURITY RISK ANALYSIS IN WEB SERVICES SYSTEMS Author(s): Carlos Gutiérrez, Eduardo Fernández-Medina, Mario Piattini Abstract: Nowadays, best practices dictate that security requirements of distributed software-intensive systems should be based on security risk assessments. Web services-based systems supporting network alliances among organizations through Internet are such type of systems. In this article we present how we’ve adopted the risk analysis and management methodology of the Spanish Public Administration, which conforms to ISO 15408 Common Criteria Framework (CCF), to the Process for Web Services Security (PWSSec) developed by the authors. In addition, a real case study where this adaptation was applied is shown. Title: A New Multi-Secret Sharing Scheme Based on Linear Algebra Author(s): Seyed Hamed Hassani and Mohammad Reza Aref Abstract: In this paper, a new multi-secret threshold scheme based on linear algebra and matrices is proposed. Unlike many recently proposed methods, this method lets the use of conventional cryptographic algorithms in sharing multiple secrets. Our scheme is a multi-use scheme, which in some cases, the amount of computations is considerably reduced. Also, in this paper bounds on the maximum number of participants, for a given threshold value, are obtained. Title: IMPROVING SOFTWARE SECURITY THROUGH AN INTEGRATED APPROACH Author(s): Zaobin Gan, Dengwei Wei and Vijay Varadharajan Abstract: Presently it has been recognized that the main source of problems with application software security is in most cases software poorly designed and developed in authentication and authorization. Aiming at preventing the security issues in the course of software design and development, this paper presents a framework for integrating security policy specification with systems function integration. On the basis of the Role-Based Access Control (RBAC) model, this framework moves the responsibility of security through a central authorization management mechanism, Single Sign-On (SSO) access and integration management of security resources. The design can integrate enterprises’ multiple new developing and existing application systems, and provide end users access them with specific collaboration as a single system. Therefore, it may provide enterprises with uniform and robust enforcement policies to improve the security of sensitive information systems. Title: DESIGN AND IMPLEMENTATION OF A PRACTICAL SECURE DISTRIBUTED HEALTHCARE APPLICATION Author(s): Zaobin Gan and Vijay Varadharajan Abstract: Security plays a vital role in the design and practical deployment of distributed applications. All companies have to repeatedly spend considerable time, capital and effort on the implementation of the security mechanism for their applications, and the result is unsatisfactory as well. In this paper, we investigate an integrated security management tool - ManageSecure, present a formal description of the healthcare system requirements. and then describe how to implement the healthcare system security objectives by means of ManageSecure. The result shows that ManageSecure can greatly cut down the development schedule of applications and the cost, and the security of applications can be guaranteed as well. Title: SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process Author(s): Daniel Mellado, Eduardo Fernández-Medina and Mario Piattini Abstract: Integration of security into the early stages of the system development is necessary to build secure systems. However, in the majority of software projects security is dealt with when the system has already been designed and put into operation. This paper will propose an approach called SREP (Security Requirements Engineering Process) for the development of secure software. We will present an iterative and incremental micro-process for the security requirements analysis that is repeatedly performed at each phase. It integrates the Common Criteria into the software lifecycle model as well as it is based on the reuse of security requirements, by providing a security resources repository. In brief, we will present an approach which deals with the security requirements at the early stages of software development in a systematic and intuitive way, and which also conforms to ISO/IEC 17799:2005. Title: AN EXTENDED ROLE-BASED ACCESS CONTROL FOR WEB SERVICES Author(s): Yi-qun Zhu, Jian-hua Li and Quan-hai Zhang Abstract: A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lacks of dynamic and hierarchical models for access control for Web services. In this paper, we present a dynamic hierarchical role-based access control model (DHRBAC) to addresses these issues. The proposed approach introduces authorization group, which is used to enforce the dynamic changes for web services and dynamically manages privileges, and hierarchical access control mechanism which is used to protect the services and services patameters. We outline the configuration mechanism needed to apply our model to the Web services environment.