Security is an increasingly important attribute for multimedia applications that require prevention of unauthorized access to copyrighted data.  Two approaches have been used to protect scalable video content in distribution:  Partial encryption and progressive encryption.  Partial encryption provides protection for only selected portions of the video.  Progressive encryption allows transcoding with simple packet truncation, and eliminates the need to decrypt the video packets at intermediate network nodes with low complexity.  Centralized Key Management with Secret Sharing (CKMSS) is a recent approach in which the group manager assigns unique secret shares to the nodes in the hierarchical key distribution tree.  It allows the reconstruction of different keys by communicating different activating shares for the same prepositioned information.  Once the group key is established,  it is used until a member joins/leaves the multicast group or periodic rekeying occurs.  In this paper, we will present simulation results regarding the communication and processing requirements of the CKMSS scheme applied to scalable video.  In particular, we have measured the rekey message size and the processing time needed by the server for each join/leave request and periodic rekey event.

Digital multimedia content is delivered to homes via the Internet, satellite, terrestrial and cable net- works. Scrambling is a common approach used by conditional access systems to prevent unauthorized access to au- dio/visual data. The descrambling keys are securely distributed to the receivers in the same transmission channel. Their protection is an important part of the key management problem. Although public-key cryptography provides a viable solution, alternative methods are sought for economy and efficiency. Message authentication is an important objective of information security in modern electronic distribution networks. This objective is met by providing the receiver of a message an assurance of the sender’s identity. As physical protection such as sealed envelopes is not possible for messages expressed as binary sequences, digital tools have been developed using cryptography. A major limitation of all cryptographic methods for message authentication lies in their use of algorithms with fixed symmetric or public keys. This paper presents a key transport protocol based on se- cret sharing. Conditional access and message authentication are two important application areas for which the advantages of the proposed protocol are discussed. The protocol eliminates the need for a cipher, yet effectively combines the advantages of symmetric and public-key ciphers. It can be used to build a new key management scheme that allows the service providers to generate different keys for different sets of receivers, and to renew these keys in a convenient way.

A fraudster can be an impersonator or a swindler. An impersonator is an illegitimate user who steals resources from the victims by “taking over” their accounts. A swindler is a legitimate user who intentionally harms the system or other users by deception. Previous research efforts in fraud detection concentrate on identifying frauds caused by impersonators. Detecting frauds conducted by swindlers is a challenging issue. We propose an architecture to catch swindlers. It consists of four components: profile-based anomaly detector, state transition analysis, deceiving intention predictor, and decision-making component. Profile-  based anomaly detector outputs fraud confidence indicating the possibil-  ity of fraud when there is a sharp deviation from usual patterns. State transition analysis provides state description to users when an activity results in entering a dangerous state leading to fraud. Deceiving inten-  tion predictor discovers malicious intentions. Three types of deceiving intentions, namely uncovered deceiving intention, trapping intention, and illusive intention, are defined. A deceiving intention prediction algorithm is developed. A user-configurable risk evaluation function is used for decision making. A fraud alarm is raised when the expected risk is greater than the fraud investigation cost.

Software selection is an important consideration in risk management for information security. Additionally, the underlying robustness and security of a technology under consideration has become increasingly important in total cost of ownership and other calculations of business value. Open source software is often touted as being robust to many of the problems that seem to plague so-called “proprietary” or non-open source software. This study seeks to empirically investigate, from an information security perspective specific security characteristics of open source software compared to those of proprietary software. Software vulnerability data spanning several years were collected and analyzed to determine if significant differences exist in terms of inter-arrival times of published vulnerabilities, median time to release ‘fixes’ (commonly referred to as patches), type of vulnerability reported and the respective severity of the vulnerabilities. It appears that both open source and proprietary software are each likely to report similar vulnerabilities and that open source software is quicker in releasing patches for problems identified in their software. However, comparisons of yearly statistics reveal improvements in the performance of proprietary software companies. This suggests that they are quickly realizing the competition presented by the open source software community.

Genetic algorithms (GAs) are routinely used to search problem spaces of interest. A lesser known but growing group of applications of GAs is the modeling of so-called “evolutionary processes”, for example, organizational learning and group decision-making. Given such an application, we show it is possible to compute the likely GA parameter settings given observed populations of such an evolutionary process. We examine the parameter estimation process using estimation procedures for learning hidden Markov models, with mathematical models that exactly capture expected GA behavior. We then explore the sampling distributions relevant to this estimation problem using an experimental approach.

Groups using group decision support systems (GDSS) to address particular tasks can be viewed as performing a search. Such tasks involve arriving at a solution or decision within the context of a complex search space, warranting the use of computerized decision support tools. The type of search undertaken by the groups appears to be a form of adaptive, rather than enumerative, search. Recently, efforts have been made to incorporate this adaptation into an analytical model of GDSS usage. One possible method for incorporating adaptation into an analytical model is to use an evolutionary algorithm, such as a genetic algorithm (GA), as an analogy for the group problem-solving process. In this paper, a test is made to determine whether GDSS behaves similarly to a GA process utilizing rank selection, uniform crossover, and uniform mutation operators. A Markov model for GAs is used to make this determination. Using GDSS experimental data, the best-fit transition probabilities are estimated and various hypotheses regarding the relation of GA parameters to GDSS functionality are proposed and tested. Implications for researchers in both GAs and group decision support systems are discussed.

We propose modeling Group Support System (GSS) search tasks with Genetic Algorithms. Using explicit mathematical models for Genetic Algorithms (GAs), we show how to estimate the underlying GA parameters from an observed GSS solution path.  Once these parameters are estimated, they may be related to GSS variables such as group composition and membership, leadership presence, the specific GSS tools available, incen-  tive structure, and organizational culture. The estimated Genetic Algorithm parameters can be used with the mathematical models for GAs to compute or simulate expected GSS pro-  cess outcomes.

Certain tasks undertaken by groups using Group Decision Support Systems (GDSS) can be viewed as search problems. These tasks involve arriving at a solution or decision where the problem is complex enough to warrant the use of computerized decision support tools. For these types of GDSS tasks, we propose to model the information exchange and convergence toward a solution by the group as a simple genetic algorithm. The simple genetic algorithm is a generalized search technique that is based on the principles of evolution and natural selection. Simply put, the best points in the current population are more likely to be selected and combined through genetic operators to determine new points. We propose that groups using GDSS to address certain tasks behave like a simple genetic algorithm in the manner in which possible solutions are generated, enhanced and altered in attempting to reach a decision or consensus.

Most experimental uses of group decision support systems (GDSS) are associated with relatively unrestricted domains, for example, idea generation and preference specification, where few restrictions on potential solutions exist. However, an important GDSS task is that of resource allocation across functional areas of the organization, including supply chain applications. These types of tasks, such as budget planning and production planning, are typically highly constrained and difficult to solve optimally, necessitating the use of decision aids, such as those found in GDSS. We use a model based on adaptive search of a genetic algorithm as the analogy for the group decision making process. We apply this model to experimental data gathered from GDSS groups solving a production planning task. The results indicate very low estimated crossover rates in the experimental data. We also run computational experiments based on adaptive search to mimic the GDSS data and find that the low estimated crossover rate might be due to the highly constrained search space explored by the decision making groups. The results suggest further investigation into the presumed beneficial effects of group interaction in such highly constrained task domains, as it appears very little true information exchange occurs between group members in such an environment. Furthermore, the simulation technique can be used to help predict certain GDSS behaviors, thus improving the entire GDSS process.

Groups using group decision support systems (GDSS) for addressing organizational problems is an evolutionary process. An analytical model incorporating evolutionary processes exists, capturing this adaptation in the group decision-making process. This model is based on the genetic algorithm (GA) and can be used to estimate GA parameter values from experimental data. This research effort examines possible relationships between the GA crossover and mutation parameters and the group context variables of leadership. Both the presence of and the activity level of group leaders are considered. Particular attention is paid to model implementation for a specific instance of GDSS use. The results of this effort are generally encouraging, hinting at the need to conduct further research in this area.

Groups using group decision support systems (GDSS) for addressing organizational problems is an evolutionary process. An analytical model incorporating evolutionary processes exists, capturing this adaptation in the group decision-making process. This model is based on the genetic algorithm (GA) and can be used to estimate GA parameter values from experimental data. This research effort examines possible relationships between the GA crossover and mutation parameters and the group context variables of leadership. Both the presence of and the activity level of group leaders are considered. Particular attention is paid to model implementation for a specific instance of GDSS use. The results of this effort are generally encouraging, hinting at the need to conduct further research in this area.

This paper presents Value at Risk (VAR), a new methodology for Information Security Risk Assessment.  VAR summarizes the worst loss due to a security breach over a target horizon,  with a given level of confidence.  More formally, VAR describes the quantile of the projected distribution of losses over a given time period.  Most of the tools that are used for ISEC risk assessment are qualitative in nature and are not grounded in theory. VAR is a useful tool in the hands of an ISEC expert as it provides a theoretically based, quantitative measure of information security risk.  Using this measure of risk, the best possible balance between risk and cost of providing security can be achieved.  Most organizations, especially those heavily invested in eBusiness, already have determined the acceptable level of risk.  The dollar amount of this risk is then computed.  When the total VAR of an organization exceeds this amount, the organization is alerted to the fact that an increased security investment is required.

Certain tasks undertaken by groups using Group Decision Support Systems (GDSS) can be viewed as search problems. These tasks involve arriving at a solution or decision where the problem is complex enough to warrant the use of computerized decision support tools. Also, the task or situation must require more than one person to adequately address the problem. For these types of GDSS tasks, we propose to model the brainstorming, negotiating and learning processes undertaken by the group as a simple genetic algorithm. The simple genetic algorithm is a generalized search technique that is based on the principles of evolution and natural selection. Simply put, the best points in the search space are more likely to be selected and combined through genetic operators to determine new points. We propose that groups using GDSS to address certain tasks behave like a simple genetic algorithm in the manner in which possible solutions are generated, enhanced and altered in attempting to reach a decision or consensus