E-based systems are ubiquitous in the modern world with applications spanning e-commerce, WLANs, health care and government organisations. The secure transfer of information has therefore become a critical area of research, development, and investment. This book presents the fundamental concepts and tools of e-based security and its range of applications. The core areas of e-based security - authentication of users; system integrity; confidentiality of communication; availability of business service; and non-repudiation of transactions - are covered in detail. Throughout the book the major trends, challenges and applications of e-security are presented, with emphasis on public key infrastructure (PKI) systems, biometric-based security systems, trust management systems, and the e-service paradigm. Intrusion detection technologies, virtual private networks (VPNs), malware, and risk management are also discussed. Technically oriented with many practical examples, this book is suitable for practitioners in network security, as well as graduate students and researchers in telecommunications and computer science.
Gordon, L. A., M. P. Loed, W. Lucyshin, and R. Richardson. (2004) 2004 CSI/BFI Computer crime and security survey, Computer Security Institute publications (available at www.gosci.com/forms/fbi/pdf.jhtml).
West-Brown, M. J., D. Stikvoort, and K. P. Kossakowski. (1998). Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-98-HB-001). Software Engineering Institute, Carnegie Mellon University.
Bellovin, S. M. and M. Merrit (1991). Limitations of Kerberos authentication system. In Proceedings of the Winter 1991 Usenix Conference (available at http://research.att.com/dist/internet_security/kerblimit.usenix.ps).
Fiat, A. and A. Shamir (1987). How to prove yourself: practical solutions to identification and signature problems. In Advances in Cryptology (CRYPTO 86), Lecture Notes in Computer Science 263, Springer-Verlag, 186–94.
Maughan, D., M. Schertler, M. Scheider, and J. Turner (1998). Internet Security Association and Key Management Proto (ISAKMP) RFC 2408. Retrieved October 25, 2006 from http.//dc.qut.edu.au/rfc/rfc2408.txt.
Housley, R., W. Polk, and W. Ford (2002). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF, RFC 3280 (available at http://www.faqs.org/rfcs/rfc3280.html).
Polk, W. T. and N. E. Hastings (2000). Bridge Certification Authorities: Connecting B2B Public Key Infrastructures. National Institute of Standards and Technology (available at cscr/nist.gov.pki/document/B2B-article.pdf).
Bryan, W. L. and N. Harter (1973). Studies in the physiology and psychology of the telegraphic language. In The Psychology of Skill: Three Studies. E. H. Gardener and J. K. Gardner (eds.), NY Time Co., pp. 35–44.
Obaidat, M. S. and B. Sadoun (1999). Keystroke dynamics based authentication. In Biometrics: Personal Identification in Networked Society, A. Jain, R. Bolle, and S. Pankanti (eds.), Kluwer, pp. 213–30.
Obaidat, M. S., A. Brodzik and B. Sadoun (1998). A performance evaluation study of four Wavelet algorithms for pitch period estimation of speech signals. Information Sciences Journal, Vol. 112, No. (1–4), 213–21.
Snelik, R., M. Indovina, J. Yen, and A. Mink (2003). Multimodal biometrics: issues in design and testing. In Proc. of the 2003 International Conference on Multimodal Interfaces (IMCI 2003), Vancouver, Canada, ACM.
Bellare, M., J. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E. Van Herreweghen, and M. Waidner (2000). Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communication. Vol. 18(4), 1–20.
Blaze, M., J. Feigenbaum, J. Ioannidis, and A. D. Keromytis (1999a). The Role of Trust Management in Distributed Systems Security. In Secure Internet Programming, 1603 LNCS, Springer-Verlag, pp. 185–210.
Boudriga, N. and M. S. Obaidat (2003). SPKI-based trust management systems in communication networks. Proc. 2003 Intern. Symp. On Perform. Evaluation of Comp. and Telecomm. Systems (SPECST'03), pp. 719–726, Montreal, Canada, July 20–24, 2003.
Damianou, N., N. Dulay, E. Lupu, and M. Salomon (2001). The Ponder specification language, in Proc. Workshop on Policies for Distributed Systems and Networks (Policy 2001), HP Labs Bristol UK, 29–31 Jan 2001, Springer-Verlag LNCS 1995, pp. 18–39.
Ioannidis, S., A. D. Keromytis, S. M. Bellovin, and J. M. Smith (2000). Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security, ACM, pp. 190–9.
Kagal, L., T. Finin, and Y. Peng (2001). A Delegation Based Model for Distributed Trust. Proceedings of the IJCAI-01 Workshop on Autonomy, Delegation, and Control: Interacting with Autonomous Agents, pp 73–80, Seattle, August 6, 2001.
Guemara-ElFatmi, S. and N. Boudriga (2003). A global Monitoring Process for securing e-government, 5th Jordanian Int. Electrical and Electronics Engineering Conf. (JIEEEC'03), Jordan, October 12–16, 2003.
Schuster, H., D. Georgapoulos, A. Cichocki, and B. Baker, Modeling and composing service-based and reference process-based multi-enterprise process. In Proceedings of CaiSE 2000, LNCS 1789, Springer-Verlag, pp. 247–63.
Benabdallah, S., S. Guemara-ElFatmi, and N. Boudriga (2002). Security issues in e-government models: what governments should do, IEEE Int. Conf on Syst. Man. and Cybernetics (SMC 2002), Hammamet, Tunisia.
Boudriga, N. and S. Benabdallah (2002). Laying out the foundation for a digital government model, case study: Tunisia. In Advances in Digital Government: Technology, Human Factors, and Policy. W. J. McIver, Jr. and A. K. Elmagarmid (eds.), Kluwer.
Cranor, L. F. and R. K. Cytron (1997). Sensus: a security-conscious electronic polling system for the Internet. Proceedings of the Hawaii International Conference on System Sciences, Jan. 7–10, 1997, Wailea, Hawaii, USA.
Dempsey, J., P. Anderson, and A. Schartw (2003). Privacy and e-government. A Report to the United Nations Department of Economic and Social Affairs as background for the World Public Sector Report: E-Government, http://www.internetpolicy.net/privacy/20030523cdt.pdf.
Freedom of Information and Privacy Office (2001). Privacy Impact Assessment Guidelines. Freedom of Information and Privacy Office, Management Board Secretariat, Ontario, Canada. http://www.gov.on.ca/MBS/english/fip/pia/index.html
Fujioka, A., T. Okamoto, and K. Ohta (1992). A practical secret voting scheme for large scale elections, Advances in Cryptography – AUSCRYPT ‘92, Lecture Notes in Computer Science 718, Springer-Verlag, pp. 244–251.
Guemara-ElFatmi, S. and Noureddine Boudriga (2003). A global monitoring process for securing e-government, 5th Jordanian Int. Electrical and Electronics Engineering Conf. (JIEEEC'03), Jordan, October 12–16, 2003.
Kohno, T., A. Stubblefield, A. D. Rubin, and D. S. Wallach (2003). Analysis of an Electronic Voting System. Johns Hopkins Information Security Institute Technical Report TR-2003-19 (http://avirubin.com/vote).
Novak, K. (2002). Digital Signature and Encryption Technology: What it Means to Local Governments and Citizens, the Public Entity Risk Institute's Internet Symposium: Safe and Secure – Cyber security and Local Government, http://www.riskinstitute.org.
Tsalgatidou, A., J. Verijaleinen, and E. Pitoura (2000). Challenges in mobile electronic commerce. In Proceedings of 3rd International Conference on Innovation through Electronic Commerce (IeC2000), Manchester, UK, Nov. 14–16, 2000.
Varshney, U. and R. Vetter (2001). A framework for the emerging mobile commerce applications. In Proceedings of the 34th Hawaii International Conference on System Sciences, 2001, IEEE Computer Society.
Veijalainen, J. and A. Tsalgatidou (2000). Electronic commerce transactions in a mobile computing environment, Proc. Int. Conf. on information society in the 21st century emerging technologies and new challenges, Nov 5–8, 2000, Japan.
Bleha, S. and M. S. Obaidat (1991). Dimensionality reduction and feature extraction applications in identifying computer users. IEEE Transactions on Systems, Man and Cybernetics, Vol. 21, No. 2, 452–6.
Brahim, H., G. Wright, B. Gleeson, R. Bach, T. Sloane, A. Young, R. Bubenik, L. Fang, C. Sargor, C. Weber, I. Negusse, and J. Yu, Network based IP VPN Architecture using Virtual Routers, Internet draft: draft-ietf-l3vpn-vpn-vr-00.txt.
Obaidat, M. S. and B. Sadoun (1999). Keystroke Dynamics based authentication. In Biometrics: Personal Identification in Networked Society, A. Jain, R. Bolle, and S. Pankanti (eds.), Kluwer, pp. 213–230.
Papadimitriou, G. I., M. S. Obaidat, C. Papazoglou, and A. S. Pomportsis (2004). Design alternatives for virtual private networks. Proceedings of the 2004 Electronic Government and Commerce: Design, Modeling, Analysis and Security, EGCDMAS 2005 (M. S. Obaidat and N. Boudriga, eds.), pp. 95–105, Setubal, Portugal, August 2004.
Arora, P., P. Vemuganti, and P. Allani (2001). Comparison of VPN Protocols – IPSec, PPTP, and L2TP. Project Report ECE 646, Fall 2001, available at: http://ece.gmu.edu/courses/ECE543/reportsF01/arveal.pdf.
Walker, J. (2002). Unsafe at any Key Size: An Analysis of the WEB Encapsulation, Tech. Report 03628E, IEEE 802.11 Committee, March 2002. Available at: http//grouper.ieee.org/groups/802/11/Documents/DocumentHolder/0-362.zip
Cuppens, F., F. Autrel, A. Miege, and S. Benferhat (2002b). Recognizing malicious intention in an intrusion detection process, Proceedings of Soft Computing Systems – Design, Management and Applications, HIS 2002, December 1–4 2002; Frontiers in Artificial Intelligence and Applications, Vol. 87, 806–17.
J. McAlemey, C. Colt, and S. Staniford (2001). Towards faster string matching for intrusion detection or exceeding the speed of snort, DARPA Information survivability conference and exposition, Anaheim, California, June 2001, pp. 367–373.
Ning, P., Y. Cui, and D. S. Reeves (2002). Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the ACM Conference on Computer and Communication Security, Washington DC, Nov. 2002, ACM, pp. 245–54.
Pennington, A. G., J. D. Strunk, J. L. Griffin, C. A. N. Soules, G. R. Goodson, and G. R. Ganger (2003). Storage-based intrusion detection: watching storage activity for suspicious behavior. Usenix Security Symposium, Washington, August 2003.
Arora, P., P. R. Vemuganti, and P. Allani (2001). Comparison of VPN Protocols – IPSec, PPTP, and L2TP, Project Report ECE 646, Fall 2001, available at http://ece.gmu.edu/courses/ECE543/reportsF01/arveal.pdf
Brahim, H. O., G. Wright, B. Gleeson, R. Bach, T. Sloane, A. Young, R. Bubenik, L. Fang, C. Sargor, C. Weber, I. Negusse, and J. J. Yu (2003). Network based IP VPN architecture using virtual routers, Internet draft <draft-ietf-l3vpn-vpn-vr-00.txt>.
Papadimitriou, G. I., M. S. Obaidat, C. Papazoglou, and A. S. Pomportis (2004). Design alternative for virtual private networks. Proceedings of the 2004 Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security, CDMA 2004, pp. 35–45, Setubal, Portugal, August 2004.
Strayer, W. T. and R. Yuan (2001). Introduction to virtual private networks, available online at http://188.8.131.52/isapi/page~1/sort~6/dir~0/st~%7B62A1DC08-8A24-47CD-B772-E55E08C2D481%7D/articles/index.asp
Anagnostakis, K. G., M. B. Greenwald, S. Ioannidis, A. D. Keromytis, and D. Li (2003). A cooperative immunization system for an untrusting internet. In Proc 11th International Conference on Networks (ICON), 2003 (available at http://www1.cs.columbia.edu/angelos/Papers/icon03-worm.pdf).
Briesemeister, L., P. Lincoln, and P. Porras. Epidemic profiles and defence of scale-free networks. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, SESSION: Defensive Technology, Washington, DC, ACM Press, pp. 67–75.
Kienzle, D. M. and M. C. Elder. Recent worms: a survey and trends (2003). In Proceedings of the 2003 ACM Workshop on Rapid Malcode, SESSION: Internet Worms: Past, Present, and Future, Washington, DC, ACM Press, pp. 1–10.
Kumar, S. and E. H. Spafford (1992). A generic virus scanner in C++. In Proceedings of the 8th Computer Security Applications Conference, Los Alamitos CA, December 1992. ACM and IEEE, IEEE Press, pp. 210–19.
Weaver, N., V. Paxson, S. Staniford, and R. Cunningham (2003). A taxonomy of computer worms. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, Washington, DC, 2003, 11–18. ACM Press. http://www.cs.berkeley.edu/nweaver/papers/taxonomy.pdf.
Fessi, B. A., M. Hamdi, S. Benabdallah, and N. Boudriga (2004). A decisional framework system for computer network intrusion detection. Conference on Multi-Objective Programming and Goal Programming, Hammamet, Tunisia, 2004.
Hamdi, M., J. Krichene, and N. Boudriga (2004). Collective Computer Incident Response using Cognitive Maps, IEEE Conference on Systems, Man, and Cybernetics (IEEE SMC 2004), The Hague, Netherlands, October 10–13, 2004.
Krichene, J., N. Boudriga, and S. Guemara (2003). SECOMO: An estimation cost model for risk management, Proceedings 7th Intern. Conf. Telecom. (ConTel'03), pp. 593–599, Zaghreb, Croatia, June 11–13, 2003.
Stolen, K., F. den Braber, T. Dimitrakos, R. Fredriksen, B. A. Gran, S.-H. Houmb, Y. C. Stamatiou, and J. O. Aagedal (2003). Model-based risk assessment in a component-based software engineering process: the CORAS approach to identify security risks. In Business Component-Based Software Engineering, F. Barbier (ed.), Kluwer, pp. 189–207.