Skip to main content
SpringerLink
Log in

Protecting Security Policies in Ubiquitous Environments Using One-Way Functions

  • Conference paper
Security in Pervasive Computing

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2802))

Abstract

This paper addresses the problem of protecting security policies and other security-related information in security mechanisms, such as the detection policy of an Intrusion Detection System or the filtering policy of a firewall. Unauthorized disclosure of such information can reveal the fundamental principles and methods for the protection of the whole network, especially in ubiquitous environments where a large number of nodes store knowledge about the security policy of their domain. To avoid this risk we suggest a scheme for protecting stateless security policies using one-way functions. A stateless policy is one that only takes into consideration, the current event, and not the preceding chain of events, when decisions are made. The scheme has a simple and basic design but can still be used for practical implementations, as illustrated in two examples in real-life enviroments. Further research aims to extend the scheme to stateful policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bakhtiari, S., Safavi-Naini, R., Pieprzyk, J.: On the Weakness of Gong’s Collisionful Hash Function. Journal of Universal Computer Science 3(3), 185–196 (1997)

    MATH  MathSciNet  Google Scholar 

  2. Bakhtiari, S., Safavi-Naini, R., Pieprzyk, J.: On Selectable Collisionful Hash Functions. In: Pieprzyk, J.P., Seberry, J. (eds.) ACISP 1996. LNCS, vol. 1172, pp. 287–292. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  3. Chapman, D.B., Zwicky, E.D.: Building Internet Firewall. O’Reilly & Associates, Inc., Sebastopol (1995)

    Google Scholar 

  4. Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading (1994)

    MATH  Google Scholar 

  5. Fieldmeier, D.C., Karn, P.R.: UNIX password security - ten years later. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 44–63. Springer, Heidelberg (1990)

    Google Scholar 

  6. Gong, L.: Collisionful keyed hash functions with selectable collisions. Information Processing Letters 55, 167–170 (1995)

    Article  MATH  MathSciNet  Google Scholar 

  7. Hedbom, H., Kvarnström, H., Jonsson, E.: Security Implications of Distributed Intrusion Detection Architectures. In: Proceedings of the 4th Nordic Workshop on Secure IT systems - Nordsec 1999, Stockholm, Sweden, pp. 225–243 (1999)

    Google Scholar 

  8. Hedbom, H., Lindskog, S., Jonsson, E.: Risks and Dangers of Security Extensions. In: Proceedings of IFIPWorking Conference on Security and Control of IT in Society-II, SCITS-II, Bratislava, Slovakia, June 15-16 (2001) (to appear)

    Google Scholar 

  9. Juels, A., Wattenberg, M.: A Fuzzy Commitmen Scheme. In: Proceedings of the Second ACM Conferens on Computer and Communication Security CCS 1999, Singapore (1999)

    Google Scholar 

  10. Morris, R., Thompson, K.: Password security: A case history. Communications of the ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  11. Neumann, P.G.: Architectures and formal representations for secure systems, Final Report; SRI Project 6401; Deliverable A002 (1995)

    Google Scholar 

  12. Next-generation Intrusion Detection Expert System (NIDES) - A Summary, SRI, Computer Science Laboratory (1995)

    Google Scholar 

  13. Northcutt, S.: Network Intrusion Detection: An Analyst’s Handbook. New Riders (1999)

    Google Scholar 

  14. Shamir, A., van Someren, N.: Playing hide and seek with stored keys. Weizmann Institute of Science, Israel; nCipher Corporation Limited, England (1998)

    Google Scholar 

  15. Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc

    Google Scholar 

  16. Staniford-Chen, S., Tung, B., Porras, P., Kahn, C., Schnackenberg, D., Feiertag, R., Stillman, M.: The Common Intrusion Detection Framework - Data Formats, Internet Draft (September 1998)

    Google Scholar 

  17. Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX LISA 1999 Conference (November 1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Chalmers University of Technology, SE-412 96, Göteborg, Sweden

    Håkan Kvarnström & Erland Jonsson

  2. Telia Research AB, Vitsandsgatan 9, SE-123 86, Farsta, Sweden

    Håkan Kvarnström

  3. Department of Computer Science, Karlstad University, SE-651 88, Karlstad, Sweden

    Hans Hedbom

Authors
  1. Håkan Kvarnström
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hans Hedbom
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Erland Jonsson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. DFKI, Stuhlsatzenhausweg 3, D-66123, Saarbrücken, Germany

    Dieter Hutter

  2. Institute of Computer Science and Social Studies, Department of Telematics, Albert-Ludwig University Freiburg, Germany

    Günter Müller

  3. German Research Center for Artificial Intelligence, DFKI GmbH,  

    Werner Stephan

  4. Federal Office for Information Security (BSI), Godesberger Allee 185-189, 53175, Bonn, Germany

    Markus Ullmann

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kvarnström, H., Hedbom, H., Jonsson, E. (2004). Protecting Security Policies in Ubiquitous Environments Using One-Way Functions. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds) Security in Pervasive Computing. Lecture Notes in Computer Science, vol 2802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39881-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39881-3_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20887-7

  • Online ISBN: 978-3-540-39881-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation