Computational Intelligence in Security for Information Systems (CISIS 2011)

Comprehensive Protection of RFID Traceability Information Systems Using Aggregate Signatures (Cryptography)

Abstract This work describes how the use of aggregate signatures can contribute to the comprehensive protection of RFID systems. Following a brief description of a product traceability system based on RFID technology and made secure by the use of aggregate signatures, a review is given of the main security threats to such systems and it […]

Cryptanalysis of Multicast Protocols with Key Refreshment Based on the Extended Euclidean Algorithm (Cryptography)

Abstract Recently, Naranjo, Lopez-Ramos and Casado have proposed a key refreshment for multicast schemes based on the extended Euclidean algorithm. We show in this paper that the key refreshment is not secure, describing several weaknesses and the algorithm to obtain the private key of any user. Hence, every system in which the key refreshment is […]

Improving the Message Expansion of the Tangle Hash Function (Cryptography)

Abstract Tangle is an iterative one-way hash function based on the Merkle-Damgard scheme strengthened by a message dependent round function. It was submitted to the NIST SHA-3 competition, being accepted for first round evaluation. We propose an alternative message expansion scheme for Tangle in order to thwart the collision attacks found during such evaluation. Based […]

Cryptosystem with One Dimensional Chaotic Maps (Cryptography)

Abstract This paper presents a 64-bits chaotic block cryptosystem, which uses as noise generator one-dimensional chaotic maps with 8 bits sub-blocks data. These chaotic maps use a control parameter that allows them to operate in the chaotic region, which guarantees that each sub-block of data is mixed with unpredictable random noise. Statistical mechanic tools such […]

A Quantitative Analysis into the Economics of Correcting Software Bugs (Securing Software)

Abstract Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from "Lines of Code per day" as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as "Lines of clean, simple, correct, well-documented code per day", but with […]

Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls (Securing Software)

Abstract As with all aspects of business and the economy, information security is an economic function. Security can be modeled as a maintenance or insurance cost as a relative function but never in absolute terms. As such, security can be seen as a cost function that leads to the prevention of loss, but not one […]

An Approach for Adapting Moodle into a Secure Infrastructure (Securing Software)

Abstract Moodle is one of the most popular open source e-learning platforms. It makes available a very easy-to-deploy environment, which once installed, is ready to be used. These two characteristics, make it a very attractive choice. But regarding information security and privacy, it presents several and important drawbacks. This is mainly due to the fact […]

On Secure JAVA Application in SOA-Based PKI Mobile Government Systems (Securing Software)

Abstract In this paper, we describe a possible model of secure m-government system based on secure JAVA mobile application and SOA-Based m-government platform. The proposed model consists of additional external entities/servers, such as: PKI, XKMS, STS, UDDI and TSA. The main parts of the proposed model are secure JAVA mobile application and secure Web Service […]

Structural Feature Based Anomaly Detection for Packed Executable Identification (Applications of Intelligent Methods for Security)

Abstract Malware is any software with malicious intentions. Commercial anti-malware software relies on signature databases. This approach has proven to be effective when the threats are already known. However, malware writers employ software encryption tools and code obfuscation techniques to hide the actual behaviour of their malicious programs. One of these techniques is executable packing, […]

Produre: A Novel Proximity Discovery Mechanism in Location Tagging System (Applications of Intelligent Methods for Security)

Abstract Proximity discovery is a very interesting and useful technique which helps a user to find out his proximities who have the same or similar location with him during a certain period of time. However, current methods of discovering proximities are difficult to adopt and vulnerable when wrong location tags are provided. This paper proposes […]