Abstract
This paper addresses the problem of protecting security policies and other security-related information in security mechanisms, such as the detection policy of an Intrusion Detection System or the filtering policy of a firewall. Unauthorized disclosure of such information can reveal the fundamental principles and methods for the protection of the whole network, especially in ubiquitous environments where a large number of nodes store knowledge about the security policy of their domain. To avoid this risk we suggest a scheme for protecting stateless security policies using one-way functions. A stateless policy is one that only takes into consideration, the current event, and not the preceding chain of events, when decisions are made. The scheme has a simple and basic design but can still be used for practical implementations, as illustrated in two examples in real-life enviroments. Further research aims to extend the scheme to stateful policies.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bakhtiari, S., Safavi-Naini, R., Pieprzyk, J.: On the Weakness of Gong’s Collisionful Hash Function. Journal of Universal Computer Science 3(3), 185–196 (1997)
Bakhtiari, S., Safavi-Naini, R., Pieprzyk, J.: On Selectable Collisionful Hash Functions. In: Pieprzyk, J.P., Seberry, J. (eds.) ACISP 1996. LNCS, vol. 1172, pp. 287–292. Springer, Heidelberg (1996)
Chapman, D.B., Zwicky, E.D.: Building Internet Firewall. O’Reilly & Associates, Inc., Sebastopol (1995)
Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading (1994)
Fieldmeier, D.C., Karn, P.R.: UNIX password security - ten years later. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 44–63. Springer, Heidelberg (1990)
Gong, L.: Collisionful keyed hash functions with selectable collisions. Information Processing Letters 55, 167–170 (1995)
Hedbom, H., Kvarnström, H., Jonsson, E.: Security Implications of Distributed Intrusion Detection Architectures. In: Proceedings of the 4th Nordic Workshop on Secure IT systems - Nordsec 1999, Stockholm, Sweden, pp. 225–243 (1999)
Hedbom, H., Lindskog, S., Jonsson, E.: Risks and Dangers of Security Extensions. In: Proceedings of IFIPWorking Conference on Security and Control of IT in Society-II, SCITS-II, Bratislava, Slovakia, June 15-16 (2001) (to appear)
Juels, A., Wattenberg, M.: A Fuzzy Commitmen Scheme. In: Proceedings of the Second ACM Conferens on Computer and Communication Security CCS 1999, Singapore (1999)
Morris, R., Thompson, K.: Password security: A case history. Communications of the ACM 22(11), 594–597 (1979)
Neumann, P.G.: Architectures and formal representations for secure systems, Final Report; SRI Project 6401; Deliverable A002 (1995)
Next-generation Intrusion Detection Expert System (NIDES) - A Summary, SRI, Computer Science Laboratory (1995)
Northcutt, S.: Network Intrusion Detection: An Analyst’s Handbook. New Riders (1999)
Shamir, A., van Someren, N.: Playing hide and seek with stored keys. Weizmann Institute of Science, Israel; nCipher Corporation Limited, England (1998)
Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc
Staniford-Chen, S., Tung, B., Porras, P., Kahn, C., Schnackenberg, D., Feiertag, R., Stillman, M.: The Common Intrusion Detection Framework - Data Formats, Internet Draft (September 1998)
Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX LISA 1999 Conference (November 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kvarnström, H., Hedbom, H., Jonsson, E. (2004). Protecting Security Policies in Ubiquitous Environments Using One-Way Functions. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds) Security in Pervasive Computing. Lecture Notes in Computer Science, vol 2802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39881-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-39881-3_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20887-7
Online ISBN: 978-3-540-39881-3
eBook Packages: Springer Book Archive