Special issue: Security in the digital world

Vol. 62, n° 11-12, November-December 2007
Content available on Springerlink

Guest editors
Emmanuel Kessous, France Télécom R&D, France
Serge Proulx, Université du Québec à Montréal, Canada

Foreword

Emmanuel Kessous, Serge Proulx

When objects communicate gaining the trust of human actors and exploring the issue of digital tracking

Emmanuel KESSOUS

Laboratoire SENSE, France Télécom, division Recherche et Développement – 38-40, rue du Général Leclerc, 92794 Issy les Moulineaux Cedex 9, France

Abstract  The “Internet of things” is likely to give a second breath to the information society. However, the loss of control over personal information is both problematical and widely criticized. The “promise” of a better society offered by new services based on communication between machines carries with it frightening corollaries: it evokes a totalitarian space, where anonymous exchanges are no longer possible and the various traits of people’s digital identities are stored by agents of public and business powers. It is thus the management of digital tracking technologies that we wish to explore in this publication. Our hypothesis is that current criticism of a police state or of new forms of economic alienation is taking place at far too general a level. It obscures the real problem with the profusion of tracking methods, which for us reveals a crisis of confidence (as Giddens means it), at the individual level, in the means of production of telecommunications, which is the result of a deficit in the standardization process. From this perspective, the issue of the profusion of tracing technologies and their management transcends the issue of social control to encompass that of social responsibility and of modalities of proofs when the system fails.

Keywords Sociology, Private life, Traceability, Machine to machine communication, Public opinion.

Identity control, activity control: from trust to suspicion

Meryem MARZOUKI

Laboratoire d’informatique de Paris 6 (LIP6/PolyTIC-CNRS) -104, avenue du Président Kennedy, 75016 Paris, France

Abstract Processes introducing biometric identity control and communicating activity controls through data retention sign, in France and Europe, a reversal of perspective. Taking into account the legislative and regulatory transformations as well as the strategies of government and industry actors, and considering the various means of consent from the general public, we will analyze several levels of this change of paradigm: security objectives centered on intelligence rather than legal investigation; legislative and judicial proceedings oriented towards soft and contract law; intervention of private actors with prerogatives of public power; preventive rather than repressive civil or penal actions, specially through the use of technical means; sometimes inversion of the burden of the proof, requiring proving innocence rather than guilt. This results in the change from a conception of society based on mutual trust into a situation of generalized suspicion.

Keywords Biometrics, Retention, Security, Information technology, Political aspect, Legal aspect, France, Private life protection, Political sociology.

The utility of electronic identity cards for a safer digital world

Fabrice MATTATIA

Agence Nationale des Titres Sécurisés – 5 rue de l’Église, 08000 Charleville-Mézières, France

Abstract The increase of identity theft and illegal access to data threatens heavily the trust in the digital world. Passwords fail to protect efficiently online services which create value by handling personal data or privacy information, such as e-government or financial services. eID cards are identity cards supporting a chip with a personal authentication key and a certificate. Already in use in several European countries, they are a secure and user-friendly means to prove one’s identity in the digital world, at low cost, and for all applications. These cards do not increase the threat to privacy, such as tracking, divulgation of privacy data, or the constitution of illegal databases, compared to traditional authentication means.

Keywords Internet, Authentication, Identification, Integrated circuit card, Private life protection, e-signature, Internet security, European union.

Radiofrequency identification device (RFID), a technology running out of legal regulation

Stéphanie LACOUR

CNRS-CECOJI – 27, rue Paul Bert, 94204 Ivry-sur-Seine Cedex, France.

Abstract Today’s RFID expansion makes waves. Only a few of these concerns can be technically regulated. The French’s privacy and personal data protections, especially, may be changed by these near-invisible and powerful technologies. After a short introduction and in consideration of this new technology and its informational contents, we will try to evaluate the relevance and the possible evolutions of our Law.

Keywords RFID, Private life protection, Information protection, Labour law, Intellectual property, CNIL.

Children, security and new media: a review of anglo-saxon research

Benoît LELONG*, Céline METTON**

* Laboratoire SENSE, France Télécom, Recherche et Développement – 38-40, rue du Général Leclerc, 92794 Issyles- Moulineaux cedex 9, France.
** EHESS – 54, bd Raspail, 75006 Paris, France.

Abstract In international researches in social sciences, an abundant literature crosses the three themes of youth, new technologies and security. On this last point, contrasts between English- and French-speaking researches are important: the bibliographical analysis presented underlines the strong specificity of the United Kingdom and the United States, as well in the communication practices themselves as in the researchers who study them. Parental concerns appear particularly strong there, especially by comparison with continental Europe. In the United Kingdom for example, those result in a media and family over-investment in the children bedroom that Sonia Livingstone called the bedroom culture : the overequipment of multimedia terminals appears as a compensation offered by the parents for the assignment of the children to the home. Within this framework, the adoption of new communication technologies has changed both social uses and research agendas. Indeed, textual and thus more discrete than vocal telephony, the new tools enable the children to communicate with the outside world while more easily escaping from parental control. These devices, because they are true supports of autonomization for the children, deeply redistributed the territorial arrangements of the bedroom culture as well as its forms of regulation. The family management of technical and informational risks is an area of conflicts where the domestic territories, the intergenerational relations, and social and economic concerns are played. The article describes specificities of Anglo-Saxon literature, both in the research programs and in the empirical results, and contrasts them with their French-speaking equivalents when the bibliography allows it.

Keywords Social science, Youth, Security, Review, Communication sociology, Multimedia, Bibliography.

Security: always too much and never enough – Anthropology of a non-starter market

Dominique BOULLIER*, Pascal JOLLIVET**, Frédéric AUDREN***

* Université Rennes 2, LAS EA 2241 – ZAC Atalante Champeaux ; 3, allée Adolphe Bobierre, 35000 Rennes, France.
** Université de Technologie de Compiègne, Costech EA2223 – Rue Roger Couttolenc, 60206 Compiègne cedex, France.
*** CNRS, CURAPP, UMR 6054 – Pôle universitaire Cathédrale, 10, placette Lafleur, BP 2716, 80027 AMIENS cedex 1, France.

Abstract The security market, based on public Key Infrastructures (PKI) did not succeed because security remains a paradoxical market. We observed security practices and reciprocal expectations, in this study the ones generated by the design of PKI devices. Using the framework of Actor Network Theory, we describe all the mediations required for sustaining a digital security chain… often based on very material stuff. A whole vision of the world should be designed, an ontology, doomed to failure if it formats practices and users by constraint. This vision should retain a variable-geometry, while calling on guarantors that transcend it, and not merely on commercial certification authorities. Will security architecture design be able to integrate the users’ demand for “adequate security”, which renders security policies bearable as long as users are not aware of them?

Keywords Cryptography, Public key infrastructure, Communication security, Telecommunication service usage, Sociology, Economic market, Computer security, e-signature, User behavior, Theory of action.

Invisible watchmen: network administrators and computer security

Francis CHATEAURAYNAUD*, Patrick TRABAL*

* GSPR/EHESS, 131 Bd Saint Michel – 75005 Paris, France.
** Université Paris X Nanterre, Bât. S, 200 av. de la République – 92000 Nanterre, France.

Abstract The aim of this paper is to describe the activity of Network Administrators, in analyzing the ways used to manage the critical situations and alerts which punctuate the ordinary operations of computer networks. Our empirical material leads us to identify different kinds of risks and the manners to anticipate and manage them. To spot, qualify and make tangible, vulnerabilities, these professionals have to hold inquiries. Their works suffer a lack of gratitude from the other actors who conceive the network as a magical world running without human intervention. Administrators try to convince users of the need for some collective vigilance. By so doing, they hope their activities will be made visible and will appeal to a sense of responsibility towards technical devices. In this way, the Virtual has not killed the Real but, on the contrary, has given a has given a most important substance to it.

Key words Computer security, Sociology, Network administration, Internet, Risk, Responsability, Alarm, User behavior, Computer security, Work sociology.

The professionalisation paths of hackers in IT security: The sociology of a divided identity

Nicolas AURAY, Danielle KAMINSKY

GET/Télécom Paris – 46, rue Barrault, 75634 Paris cedex 13, France

Abstract This article analyses the professionalisation paths pursued by hackers. More specifically, it focuses on the group of those who became socialised as enthusiastic fans of security between 1995 and 2002. The analysis of paths shows that there are four professional routes: integration as an employee, opting to be independent, the path of fraud and parallel remuneration under a masked identity. These paths progressively reflect the procedures for building a divided identity. Either the hacker transforms himself into a security professional through a change of mentality. Or he develops a split identity, by fragmenting his professional identity. Finally, the article highlights two key parameters explaining the orientation towards one or other of these two forms of divided identity: the internalisation of a code of professional practice, a professional ethic and moderation of strategies to build a media reputation.

Keywords Computer hacking, Computer security, Sociology, Profession.

Network and information systems security

Introduction : Selection of articles from the SAR-SSI 2006

A Framework to Enforce Access Control, Usage Control and Obligations

Thierry SANS, Frédéric CUPPENS, Nora CUPPENS-BOULAHIA

GET/ENST-Bretagne, École Nationale Supérieure des Télécomunications de Bretagne – 2, rue de la Châtaigneraie, 35576 Cesson Sévigné, France

Abstract In this paper, we define a core language to express access control, usage control and obligation policies and we specify a policy controller in charge of evaluating such policies. This policy language can be used to specify security requirements of many applications such as DRM (Digital Right Management), P2P or Web Service applications. It is used to express both contextual permissions and obligations. In our formalism, a permission is associated with two conditions: The “start condition” that must be true just when the access request is evaluated (access control) and the “ongoing condition” that must be always satisfied while the access is in progress (usage control). Moreover, we introduce the concept of cancellation actions to authorize users to cancel access in progress. Obligations are mandatory access that users must perform. An obligation is associated with two conditions as well: The “raise condition” to trigger the obligation and the “deadline condition” to determine when the obligation is violated. Moreover, we introduce the concept of non-persistent obligation where the raise condition must be true until the corresponding request is received or the deadline expires, otherwise the corresponding access is no longer mandatory.

Keywords Computer security, Temporal logic, Information protection, Information system, Access control, Theoretical model, Formal language.

Threshold signature for distributed time stamping scheme

Alexis BONNECAZE*, Philippe TREBUCHET**

* Laboratoire IML, Université de la Méditerranée, ESIL, département Réseaux et Multimédia, Luminy case 925, 13288 Marseille cedex 09, France ; Alexis. Bonnecaze at esil.univmed.fr
** LIP6, Université de Paris 6, INRIA, projet SALSA, 4 place jussieu 75006 Paris, France ; Philippe. Trebuchet at lip6.fr

Abstract The aim of a time-stamping system is to prove the existence of a digital document at a particular time in the past. Implemented time-stamping systems are generally based on a centralized server model. However, the unique server may represent a weakness for the system. In this paper, we propose a distributed time-stamping scheme which is more robust against a denial of service attack. Our protocol is based on a multisignature scheme. In order to be valid, time-stamps need to be accepted by at least ë servers. The interesting point is that the size of the time-stamp token does not depend on ë and that there is no publication process.

Keywords Computer security, Distributed systems, e-signature, Cryptography, Dating.

Automated Verification of a Key Management Architecture for Hierarchical Group Protocols

Mohamed Salah BOUASSIDA, Najah CHRIDI, Isabelle CHRISMENT, Olivier FESTOR, Laurent VIGNERON

LORIA, Campus scientifique, B.P. 239, 54506 Vandoeuvre-lès-Nancy Cedex – France.

Abstract Emerging applications require secure group communications involving hierarchical architecture protocols. Designing such secure hierarchical protocols is not straightforward, and their verification becomes a major issue in order to avoid any possible security attack and vulnerability. Several attempts have been made to deal with formal verification of group protocols, but to our knowledge, none of them did address the security of hierarchical ones. In this paper, we present the specific challenges and security issues of hierarchical secure group communications, and the work we did for their verification. We show how the AtSe back-end of the AVISPA tool was used to verify one of these protocols.

Keywords Communication security, Key management, Hierarchical system, Multicast, Program proof, Formal language.

Optimization study of a packet classification algorithm

Ons JELASSI, Olivier PAUL

GET/INT, 9 rue Charles Fourier, 91011 Evry cedex, France

Abstract Packet classification is a central function in filtering systems such as firewalls or intrusion detection mechanisms. Several mechanisms for fast packet classification have been proposed. But, existing algorithms are not always scalable to large filters databases in terms of search time and memory storage requirements. In this paper, we present a novel multi fields packet classification algorithm based on an existing algorithm called PACARS and we show its advantages compared to previously proposed algorithms. We give performance measurements using a publicly available benchmark developed at Washington University. We show how our algorithm offers improved search times without any limitation in terms of incremental updates.

Keywords Computer security, Communication security, Packet transmission, Access control, Automatic classification.

Non gaussian long memory model for internet traffic: experimental validation and application to DDoS detection

Pierre BORGNAT1, Patrice ABRY1, Guillaume DEWAELE1, Antoine SCHERRER1,2, Nicolas LARRIEU3, Philippe OWEZARSKI3, Yann LABIT3, Laurent GALLON4, Julien AUSSIBAL4

1. Laboratoire de physique, UMR 5672 CNRS, ENS de Lyon – 46 allée d’Italie 69364 Lyon cedex 07 France.
2. LIP, UMR 5668 CNRS, INRIA, ENS de Lyon – 46 allée d’Italie 69364 Lyon cedex 07 France.
3. LAAS-CNRS, UPR 8001, Toulouse – 7 avenue du Colonel Roche 31077 Toulouse cedex 4, France.
4. Laboratoire d’informatique de Pau et des Pays de l’Adour, IUT de Mont de Marsan – 371 rue du Ruisseau, BP 201, 40004 Mont de Marsan, France.

Abstract Being now a mainstream communication, Internet is subject to many kinds of anomalies (failures, flash-crowds, attacks). In order to compare the statistics of normal traffic with traffic with anomalies, we collect both regular and anomalous traffic. The traffic is collected on the RENATER network by the METROSEC project and we produce both Denial of Service (DoS) attacks with real attack softwares (TFN2K, TRIN00) aimed at various services (ICMP, SYN, UDP, TCP), and flash-crowd anomalies. We propose a multiresolution, non-Gaussian model with long memory and the corresponding estimators. It models, jointly at all aggregation levels, normal traffic, and also traffic containing anomalies. We show that the model enables to detect the anomalies in the traffic and distinguish between flash-crowd and DoS types of anomaly.

Keywords Internet security, Traffic metering, Modeling, Anomaly, Multiple service network, Variability, Stochastic model , Experimentation.