Friday, May 4, 2007

Application of Ring Signatures

The below cryptographic scheme has many applications, both in security-related systems and in building other cryptographic schemes. Please help suggesting more applications!

Ring signature is a "signer-ambiguous" signature, the verifier can only ensure the message is signed by 1 out of n purported users, but not exactly whom. For signing, (i.e. to produce a ring signature), the actual signer declares an arbitrary set of possible signers that
must include himself, and computes the signature entirely by himself using only
his secret key and the others' public keys. In particular, the other possible "members of this group"may be completely unaware that their public keys are used by a
stranger to produce such a ring signature on a message they have never seen and
would not wish to sign.

You may assume additional properties that you find useful, e.g. 1. perfect anonymity, 2. there exists a guy who can revoke the anonymity of the signature; or 3. we can tell if two signatures are signed by the same signer, but with the identity remains hidden. You name it, I (try to) build it!

A generic anti-spyware solution by access control list at kernel level

Our class has a project about monitoring the access patterns of processes to flag potential abnormalities. The idea is good and I think the combination of this project and the following work will be useful.

Title: A generic anti-spyware solution by access control list at kernel level

URL: http://portal.acm.org/citation.cfm?id=1063041

Abstract:

Spyware refers to programs that steal the user information stored in the user's computer and transmit this information via the internet to a designated home server without the user being aware of this transmission. Existing anti-spyware solutions are not generic and flexible. These solutions either check for the existence of known spyware or try to block the transmission of the private information at the packet level. In this paper, we propose a more generic and flexible anti-spyware solution by utilizing an access control ist in kernel mode of the operating system. The major difference between our approach and the existing approaches is that instead of asking a guard to look for the theft (spyware) or control the exit of the computer (and hence giving the spyware enough time to hide the information to be transmitted). we put a guard besides the treasure (the private information) and carefully control the access to it in the kernel mode. We also show the details of an implementation that realizes our proposed solution.

Monday, April 30, 2007

Hacking!!!! Not always negative.....

With the technological advances in the internet, we also come accross certain evil faces of the internet: criminal hackers. Governments, companies, and private citizens around the world are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization's secrets to the open Internet. They then turn to ethical hackers for help.

Ethical Hacking services - the positive side of hacking are sold under the modern name of "Network Security Services".
Ethical hackers help their customers to find and plug in the security loop holes in their respective sites. Watch out guys their is more to more...this is just an introduction

Reputation in P2P

Reputation-based systems are used to establish trust among members of on-line communities where parties with no prior knowledge of each other use the feedback from their peers to assess the trust worthiness of the peers in the community. Generally the reputation system in P2P network follows four steps.
Step 1: a requestor r locates available resources sending a broadcast Query message to ask for the files it needs to download. Other peers will answer with a QueryHit message to the requesting node to notify that they have the requested resource.
Step 2: Upon receiving a set of QueryHit messages, r selects an offerer o and polls the community for any available reputation information on o sending a Poll message. As a result of step 2, r receives a set V of votes, some of which express a good opinion while others express a bad one.
step 3: r evaluates the votes to collapse any set of votes that may belong to a clique and explicitly selects a random set of votes for verifying their trustworthiness.
step 4: the set of reputations collected in step 3 is computed into an aggregated community-wide reputation value. Base on this reputation value, the requestor r can take a decision on whether accessing the resource offered by o or not.After accessing the resource r can update its local trust on o (depending on whether the downloaded resource was satisfactory of not).
P2PRep is a reputation-based protocol runs in a completely anonymous P2P networks. In P2PReP, local reputation management and community-wide reputation management are two different levels. Local reputation is defined as one single peer’s opinion of one other peer’s reputation, based on its formal experience. The community reputation means the aggregated general opinion given by multiple peers. P2PRep is generally combine these two factors togeter.
P2Prep works well in the environments of the percentage of malicious peers’ increasing and decreasing by changing well-behaved ones to rogues ones and changing rogue ones into well-behaved ones. As to the turn over case in peers’ population, P2PReP confirms its robust-ness showing a percentage of malicious downloads greater about 1% than scenario with no change.

Monday, April 2, 2007

Analyzing network traffic

The following paper seems to be relevant to the topic we discussed in class and takes a look at how to analyze network traffic by generating a state machine from traces. Could these state machines be also feasibly used in an IDS to filter bad traces?

http://comet.lehman.cuny.edu/griffeth/Papers/Agate.pdf

Friday, March 23, 2007

Unusual E-mail Activity


I've been noticing unusual e-mail activities at my nyu account. 3-4 tomes in the past month I've got 'MAILER-DAEMON' failure notice e-mail when I've not send mails at those addresses.

An example is :

Subject failure notice
Hi. This is the qmail-send program at mail.yifansoft.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)



So, have other people also been getting such emails too ?
And what could these signify ?