Special issue: Network and information systems security

Vol. 61, n° 3-4, March-April 2006
Content available on Springerlink

Guest editors
Frédéric Cuppens, GET/ENST Bretagne, France
Hervé Debar, France Télécom R&D, France
Elisa Bertino, Purdue University, USA

Foreword

Frédéric Cuppens, Hervé Debar, Elisa Bertino

The European regulatory framework for security and privacy protection in electronic communications

Jos DUMORTIER*, Christoph DE PRETER**

* Professor of Law at the K.U. Leuven, Faculty of Law, Director of the Interdisciplinary Center for Law and ICT (ICRI), lawyer at Lawfort – Woluwedal 20, B-1932 Sint-Stevens-Woluwe, Brussels, Belgium.
** Crowell & Moring – 71, rue Royale, B-1000 Brussels, Blegium.

Abstract The European Directive 2002/58/EC of July 12, 2002 introduced important provisions with regard to security and privacy protection in the electronic communications sector. The Directive contains legal rules with regard to widely debated issues such as network security, unsolicited messages (“spam”), spy-ware and cookies, traffic data retention for law enforcement purposes or location based services. In their contribution, the authors give an overview of the most important provisions of the new European regulatory framework and examine their practical consequences for the electronic communications sector.

Keywords Telecommunication regulation, European union, Communication security, Computer security, Privacy protection, Legal aspect, Internet.

A survey on identity federation solutions

Eric MALVILLE*, Jean-Michel CROM**, Gaël GOURMELEN***

* France Télécom, division R&D – 42, rue des Coutures, 14066 Caen cedex, France
** France Télécom, division R&D – 4, rue du Clos Courtel, 35512 Cesson Sévigné cedex, France
*** France Télécom, division R&D – 2, ave Pierre Marzin, 22307 Lannion Cedex

Abstract As Internet is a prime vehicle for business and personal interactions, more and more organizations provide their users with personalized online services. Identity Management is, therefore, a key component for these organizations to manage users’ accounts (i.e. identities) and secure access to their personal services and information. Today, however, users’ personal information and authentication are confined to organizations’ boundaries. This brings to a situation where the users have multiple identities on the Internet preventing both users and organizations to benefit from registrations and authentications already done at other organizations. Identity federation becomes, therefore, a key component of identity management enabling authentications and personal information to pass through organizations’ boundaries in a privacy-friendly way. This article focuses on Single Sign-On and attribute sharing, two of the main functions Identity Management systems provide. It gives an overview of the main solutions available today.

Keywords Internet, Authentication, Identification, Privacy protection, Internet service provider, System architecture, Standardization, Identity management.

Strong and privacy-friendly management of federated identities for service provision over UMTS

Christos K. DIMITRIADIS, Despna POLEMI

University of Piraeus – 80 A. Dimitriou, 18534 Piraeus, Greece

Abstract Mobile subscribers who wish to mutually authenticate to service providers on the Internet utilize existing identity management mechanisms, such as Microsoft .net passport, overlooking the existing trust relationship between the subscriber and the 3G mobile operator and increasing network resources consumption, in an environment that requires security mechanisms that are as lightweight as possible. Furthermore, knowledge as well as the possession of an item, does not distinguish a person uniquely, revealing an inherent security weakness of PIN authentication mechanisms. This paper proposes a protocol (3GBioID) for implementing strong identity management for Internet applications over 3G mobile networks. 3GBioID introduces biometrics, as well as the principles of the Liberty Alliance, into the 3G mobile security architecture, targeting to a more effective, secure and lightweight identity management alternative to the existing protocols. The results of a security, privacy, performance, usability and complexity evaluation indicate 3GBioID’s benefits and limits.

Keywords Mobile radiocommunication, UMTS, Identify management, Privacy protection, Internet service provider, Biometrics, e-commerce, Internet, Authentication, Communication security, 3G network.

Current and future privacy enhancing technologies for the Internet

Yves DESWARTE, Carlos AGUILAR MELCHOR

LAAS-CNRS – 7 avenue du Colonel Roche, 31077 Toulouse cedex 4, France

Abstract This paper presents an overview of the current and next solutions for privacy protection on the Internet. We highlight five categories of Privacy Enhancing Technologies (PETS). First, we introduce the multiple virtual identities that can represent a person, and the way the person can manage them. Then, we focus on the untraceability problem, which has been a major field of research since the very first papers on privacy protection in the early eighties. Anonymous access to services will be the central point of the third category of PETS we consider. To complete this overview, we describe the current and future authorization pets, and finish by a presentation of personal data management. For each of these categories we present some of the current technologies and the most promising ones under development.

Keywords: Internet, Privacy protection, Review, Identification, Identity management, Authentication.

Designing the mobile IPv6 security protocol

Tuomas AURA, Michael ROE

Microsoft Research, Roger Needham Building, 7 JJ Thomson Avenue, Cambridge, CB3 0FB, UK

Abstract Mobile IPv6 is a network-layer mobility protocol for the IPv6 Internet. The protocol includes several security mechanisms, such as the return-routability tests for the mobile’s home address and care-of addresses. This paper explains the threat model and design principles that motivated the Mobile IPv6 security features. While many of the ideas have become parts of the standard toolkit for designing Internet mobility protocols, some details of the reasoning have not been previously documented.

Keywords Mobile radiocommunication, Internet Security, Communication security, Authentication, Internet protocol, IPv6.

Data confidentiality: to which extent cryptography and secured hardware can help

Nicolas ANCIAUX*,**, Luc BOUGANIM*, Philippe PUCHERAL*,**

* INRIA Rocquencourt, SMIS Project – Domaine de Voluceau, 78153 Le Chesnay cedex, France
** PRiSM Laboratory, University of Versailles – 45, avenue des États-Unis, 78035 Versailles cedex, France

Abstract Data confidentiality has become a major concern for individuals as well as for companies and administrations. In a classical client-server setting, the access control management is performed on the server, relying on the assumption that the server is a trusted party. However, this assumption no longer holds given the increasing vulnerability of database servers facing a growing number of external and even internal attacks. This paper studies different alternatives exploiting cryptographic techniques and/or tamper-resistant hardware to fight against these attacks. The pros and cons of each alternative are analyzed in terms of security, access control granularity and preserved database features (performance, query processing, volume of data). Finally, this paper sketches a hybrid approach mixing data encryption, integrity control and secured hardware that could pave the way for future highly secured DBMS.

Keywords Database, Confidentiality, Cryptography, Securization, Information access, Computer security, Access control.

A distributed cross-layer intrusion detection system for ad hocnetworks

Yu LIU, Yang LI, Hong MAN

Department of Electrical and Computer Engineering, Stevens Institute of Technology Hoboken, New Jersey 07030, USA

Abstract Most existing intrusion detection systems (IDSs) for ad hoc networks are proposed for single layer detection. Although they may apply to other layers of network protocol stack, individual layers of data is still being analyzed separately. In addition, most have not been able to emphasize localization of attack source. In this paper, we propose an anomaly-based IDS that utilizes cross-layer features to detect attacks, and localizes attack sources within onehop perimeter. Specifically, we suggest a compact feature set that incorporate intelligence from both MAC layer and network layer to profile normal behaviors of mobile nodes; we adapt a data mining anomaly detection technique from wired networks to ad hoc networks; and we develop a novel collaborative detection scheme that enables the IDS to correlate local and global alerts. We validate our work through ns-2 simulation experiments. Experimental results demonstrate the effectiveness of our method.

Key words Radiocommunication, Ad hoc network, Security, Intrusion detection, Modeling, Performance evaluation.

LicenseScript: a logical language for digital rights management

Cheun Ngen CHONG1, Ricardo CORIN2, Jeroen DOUMEN2, Sandro ETALLE2, Pieter HARTEL2,Yee WEI LAW3, Andrew TOKMAKOFF4

1. Philips Research Laboratories – Prof. Holtslaan 4, 5656 AA Eindhoven, The Netherlands
2. University of Twente – P.O. Box 2100, 7500 AE Enschede, The Netherlands
3. Riscure BV – Rotterdamseweg 183/C, 2629 HD Delft, The Netherlands
4. Telematica Instituut – P.O. Box 589, 7500 AN Enschede, The Netherlands

Abstract We propose LicenseScript, a language for digital rights management (DRM) based on multiset rewriting and logic programming. LicenseScript enjoys a precise syntax and semantics, and it is rich enough to embed other rights expression languages (REL). We show that LicenseScript is expressive and flexible by exploring several application domains representing different aspects of DRM. We present an implementation. Finally, we extend the core of the language to account for multiple devices in authorized domains.

Keywords Intellectual property, Literary artistic property, Digital recording, Copyright, PROLOG language, Security, Management, Logical programming.

Access control for web data: models and policy languages

Barbara CARMINATI*, Elena FERRARI*, Bhavani THURAISINGHAM**

* Universita dell’Insubria, Dipartimento di Scienze della Cultura, Politiche e Informazione – Via Carloni, 78, 22100 Como, Italy
** The University of Texas at Dallas, Department of Computer Science EC 31 – PO Box 830688, Richardson TX 75083-0688, USA

Abstract The web has made easily available an enormous amount of information in digital form and has facilitated the exchange of such information. In this environment, access control is a primary concern. The key issue is how to trade-off between maximizing the sharing of information and enforcing a controlled access to web data. In this paper we start by outlining which are the main access control requirements of web data. Then, we review researches carried on in the field, by mainly focusing on XML. Finally, we discuss policy languages for the semantic web, and outline which are the main research directions in this field.

Keywords Internet, World Wide Web, Information access, Access control, Semantic Web, XML.

Accurate modelling of the static effective permittivity of uniform suspended microstrip line applicable to FCEL method

Tarik Bouzian BERBAR, Ahmed ZERGUERRAS

Laboratoire Télécommunications, Département Électronique, École Nationale Polytechnique – 10 ave Hassen Badi, BP 182 EL-Harrach, Alger, Algérie

Abstract An accurate modelling of static effective permittivity eeff of a uniform suspended microstrip line is presented. This modelling is built on the variational method of moments (VM). But this method requires high times computing for line of arbitrary shape, the width w of the uniforme line is reduced by the thickness h1 of the air gap. The stratified microstrip patch antennas with an air gap, of arbitrary shape present this type of situation in the analysis with the method of the Finished Coupled Elementary Lines (F.C.E.L). À formal model proposed in this work, is free of integration and derivation, and is connecting the physical parameters (such as the relative permittivities eri of the mediums i = 1,2…) with those of the geometrical structure (u = w/h1 and m = h2/h1 where h2 is the thickness of dielectric). The new model is valid for the full 1 ² er ² 20, 0.5 ² m ² 1.5, 10-2 ² u < + ¥ranges. The model is successfully compared with mesured data. This work give an accurate evaluation of eeff then the frequency dependence of the effective permittivity can be easily determined.

Keywords Transmission line, Suspended microstrip line, Patch antenna, Permittivity, Resonance frequency, Wave dispersion, Coupled line, Multilayered structure.

10 gigabit Ethernet long-haul transmission without in-line EDFAs

Miroslav KARÁSEK*, Pavel PETERKA*, Jan RADIL**

* Institute of Radio Engineering and Electronics, Academy of Sciences of the Czech Republic, Chaberska 57, 182 51 Prague, Czech Republic.
** CESNET a.l.e. Zikova 4, 160 00 Prague, Czech Republic

Abstract In this contribution, we present experimental results on optical packet transmission of two 10 gigabit ethernet channels (10 GE) over 252 km link of standard single mode fibre (SSMF, ITU-T Recommendation G.652) and 287 km long link composed of 85 km of SSMF and 202 km of non-zero dispersion-shifted (NZ DSF, ITU-T Recommendation G.655) without deployment of in-line erbium-doped fiber amplifiers (EDFAs). All the active components, dispersion compensating fibre (DCF) modules and optical band-pass filters were placed at the transmitter and at the receiver side of the link. To our best knowledge, this is the first report of pure Ethernet transmission without in-line EDFAs over such a distance. The results are encouraging especially for operators of national research and educational networks who rely on leased dark fibres and prefer as long transmission as possible without deployment of in-line amplifiers.

Keywords Optical telecommunication, Long distance transmission, Ethernet, Single mode optical fiber, Optical amplifier, Wavelength division multiplexing, Experimental result.

New method of restoration of color photographic images corrupted by the noise of transformation RGB®YCbCr

Jean M’BOLIGUIPA, Emmanuel TONYÉ, Raoul NANCI YOSSI, Melouta MEZOM

Laboratoire d’Électronique et de Traitement du Signal, BP 8390, ENSP, Université de Yaoundé 1, Cameroun

Abstract This paper presents a new method of restoration of photographic color images corrupted by the noise of transformation RGB®YCbCr. This transformation introduces into certain images a high frequency type noise. This noise is highlighted and corrected. The correction is made by attenuation of the coefficients Y, Cb and Cr followed by their rebuilding by multiplicative factors, which come from transformation relations analysis of spaces RGB and YCbCr. A comparative study with the Wiener’s filter shows its effectiveness to restore images corrupted even by other noises like the black caused by an insufficiency light during snapping process and its superiority on the median filter as for the correction of this noise.

Keywords Image restoration, Photography, Image compression, Color image, JPEG, Luminance, Chrominance signal, Filtering, Statistical analysis, Impulsive noise, Noise reduction, Wiever filtering