CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University
Center for Education and Research in Information Assurance and Security

Reports and Papers Archive

Browse All Papers »       Submit A Paper »

General Track - 2002 USENIX Annual Technical Conference

USENIX Association
Added 2002-07-26

ActiveSync, TCP/IP and 802.11b Wireless Vulnerabilities of WinCE-based PDAs

CERIAS TR 2002-17
Pascal Meunier, Sofie Nystrom, Seny Kamara, Scott Yost, Kyle Alexander, Dan Noland, Jared Crane
Download: PDF

Researching the vulnerabilities and security concerns of WinCE-based Personal Digital Assistants (PDAs) in an 802.11 wireless environment resulted in identifying CAN-2001-{0158 to 0163}. The full understanding and demonstration of some vulnerabilities would have required reverse engineering ActiveSync, which was beyond the scope of this research. Moreover, the WinCE IP stack demonstrated unstabilities under a number of attacks, one of which produced symptoms in hardware. The inaccessibility of the 802.11b standard documentation was a source of delays in the research; however, we created three proof-of-concept applications to defeat 802.11b security. One collects valid MAC addresses on the network, which defeats MAC-address based restrictions. Another builds a code book using known-plaintext attacks, and the third decrypts 802.11b traffic on-the-fly using the code book.

Added 2002-07-26

CS 490: Wireless Security Independent Study - Final Report

CERIAS TR 2002-16
Patrick Fitzgerald
Download: PDF

This paper presents the purpose, goals, accomplishments, and design details of this CS 490 project: design and implementation of improved security measures for wireless networks.

Added 2002-07-26

Authorization Based on Evidence and Trust

CERIAS TR 2002-21
Bharat Bhargava and Yuhui Zhong
Download: PDF
Added 2002-07-26

Hierarchical Mobile Wireless Network (HMWN)

CERIAS TR 2002-27
Yi Lu, Bharat Bhargava
Download: PDF

Ad hoc networks may not be suitable for “non ad hoc” applications due to resource, mobility, traffic pattern and incompatible wireless MAC protocols issues. We propose the Hierarchical Mobile Wireless Network for providing flexible and scalable network services to these applications. In such a system, mobile hosts are organized into hierarchical groups. Four basic operations that are used to set up and maintain the network structure are described. An efficient protocol for group membership management is discussed. The Segmented Membership-based Group Routing protocol is presented. In this routing protocol, only local message exchanging is required. Simulation-based experiments confirm the scalability of our design.

Added 2002-07-26

Watermarking Relational Databases

CERIAS TR 2002-28
Radu Sion and Mikhail Atallah and Sunil Prabhakar
Download: PDF

Digital Watermarking, in the traditional sense is the technique of embedding un-detectable (un-perceivable) hidden information into multimedia objects (i.e. images, audio, video, text) mainly to protect the data from unauthorized duplication and distribution by enabling provable ownership over the content.
  Recent research of the authors introduces the issue of digital watermarking for generic number sets. In the present paper we expand on this foundation and introduce a solution for relational database content security through watermarking. To the best of our knowledge there is no research on this issue. Our solution addresses a series of important attacks, such as data re-sorting, subset selection (up to 30% and above data loss tolerance), linear data changes. Finally we present dbwm.*, a proof-of-concept implementation of our algorithm and its application on real life data, namely in watermarking data from the outsourced Wal-Mart sales database of the years 1999-2000.

Added 2002-07-26

An Algorithm for Building User-Role Profiles in a Trust Environment

CERIAS TR 2002-29
Evimaria Terzi and Yuhui Zhong and Bharat Bhargava and Pankaj and Sanjay Madria
Download: PDF

A good direction towards building secure systems that operate efficiently in large-scale environments (like the World Wide Web) is the deployment of Role Based Access Control Methods (RBAC). RBAC architectures do not deal with each user separately, but with discrete roles that users can acquire in the system. The goal of this paper is to present a classification algorithm that during its training phase, classifies roles of the users in clusters. The behavior of each user that enters the system holding a specific role is traced via audit trails and any misbehavior is detected and reported (classification phase). This algorithm will be incorporated in the Role Server architecture, currently under development, enhancing its ability to dynamically adjust the amount of trust of each user and update the corresponding role assignments.

Added 2002-07-26

Efficient Sharing of Encrypted Data

CERIAS TR 2002-23
Krista Bennett, Christian Grothoff, Tzvetan Horozov, and Ioana Patrascu

This paper describes the design of a censorship-resistant distributed file sharing protocol which has been implemented on top of GNUnet, an anonymous, reputation-based network. We focus on the encoding layer of the GNUnet file-sharing protocol which supports efficient dissemination of encrypted data as well as queries over encrypted data. The main idea advocated in this paper is that simple cryptographic techniques are sufficient to engineer an efficient data encoding that can make it significantly harder to selectively censor information. Our encoding allows users to share files encrypted under descriptive keys which are the basis for querying the network for content. A key property of our encoding is that intermediaries can filter invalid encrypted replies without being able to decrypt the query or the reply. Files are stored in small chunks which are distributed and replicated automatically by the GNUnet infrastructure. Additionally, data files may be stored in plaintext or encrypted form or as a combination of both and encrypted on demand.

Added 2002-07-26

Comparing Authentication Techniques

Matt Bishop
Added 2002-04-16

Virtual Orality: How eBay Controls Auctions without an Auctioneer's Voice

CERIAS TR 2002-18
Josh Boyd
Download: PDF

Auctions are communication-intensive enterprises.  Most scholarly examinations of auctions, however, have come from economics and sociology.  This paper applies a communication perspective to eBay, the largest online auction, and argues that eBay has maintained safety, order, and interest in its auctions by mimicking the oral style of the auctioneer and following the rules of in-person auctions, but in a virtual space.

Added 2001-03-06

Detecting the Abnormal: Machine Learning in Computer Security

COAST TR 97-02
Lane, T., Brodley, C.
Added 2001-01-01

Use of A Taxonomy of Security Faults

COAST TR 96-05
Aslam, T., Krsul, I., Spafford, E.
Added 2001-01-01

IDIOT - Users Guide

COAST TR 96-04
Crosbie, M., Dole, B., Ellis, T., Krsul, I., Spafford, E.
Added 2001-01-01

A Secure Message Broadcast System (SMBS)

COAST TR 96-01, CSD-TR-96-019
Crosbie, M., Krsul, I., Lodin, S., Spafford, E.
Download: PDF

This paper describes the design and implementation of a secure message broadcast system (SMBS). It is a secure, multi-party chat program that ensures privacy in communication and does not rely on shared secret keys. The system was built as a study of the feasibility of building effective communication tools using zero knowledge proofs. There is a general consensus in the computer security community that traditional password based authentication mechanisms are insuficient in today’s globally connected environment. Mechanisms such as one-time-passwords are a partial solution to the problem. The issue that these protocols don’t address is the lack of mutual authentication. The Kerberos family of systems addresses the issue of mutual authentication but relies heavily on the physical security of the server and safekeeping of the password database.

Added 2001-01-01

Defending a Computer System using Autonomous Agents

COAST TR 95-02
Crosbie, M., Spafford, E.
Download: PDF
Added 2001-01-01