Claudia Eckert

Distributed Attribute-Based Encryption

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows to encrypt data under an access policy, specified as a logical combination of attributes. Such ciphertexts can be decrypted by anyone with a set of attributes that fits the policy. In this paper, we introduce the concept of Distributed Attribute-Based Encryption (DABE), where an arbitrary number of parties can be present to maintain attributes and their corresponding secret keys. This is in stark contrast to the classic CP-ABE schemes, where all secret keys are distributed by one central trusted party. We provide the first construction of a DABE scheme; the construction is very efficient, as it requires only a constant number of pairing operations during encryption and decryption.

Is negative selection appropriate for anomaly detection

Negative selection algorithms for hamming and real-valued shape-spaces are reviewed. Problems are identified with the use of these shape-spaces, and the negative selection algorithm in general, when applied to anomaly detection. A straightforward self detector classification principle is proposed and its classification performance is compared to a real-valued negative selection algorithm and to a one-class support vector machine. Earlier work suggests that real-value negative selection requires a single class to learn from. The investigations presented in this paper reveal, however, that when applied to anomaly detection, the real-valued negative selection and self detector classification techniques require positive and negative examples to achieve a high classification accuracy. Whereas, one-class SVMs only require examples from a single class.

A comparative study of real-valued negative selection to statistical anomaly detection techniques

The (randomized) real-valued negative selection algorithm is an anomaly detection approach, inspired by the negative selection immune system principle. The algorithm was proposed to overcome scaling problems inherent in the hamming shape-space negative selection algorithm. In this paper, we investigate termination behavior of the real-valued negative selection algorithm with variable-sized detectors on an artificial data set. We then undertake an analysis and comparison of the classification performance on the high-dimensional KDD data set of the real-valued negative selection, a real-valued positive selection and statistical anomaly detection techniques. Results reveal that in terms of detection rate, real-valued negative selection with variable-sized detectors is not competitive to statistical anomaly detection techniques on the KDD data set. In addition, we suggest that the termination guarantee of the real-valued negative selection with variable-sized detectors is very sensitive to several parameters.

A formal model for virtual machine introspection

Virtual machine introspection (VMI) describes the method of monitoring and analyzing the state of a virtual machine from the hypervisor level. In this paper, we present a formal discussion of the development of VMI-based security applications. We begin by identifying three major challenges that all VMI-based security applications must overcome. The main contribution of our work is the definition of a formal model for describing VMI techniques. This model is broken down in such a way that allows for thorough discussion of any VMI approach with regard to each of the three challenges. Then, we specify three design patterns for interpreting state information using our model. We argue that these patterns are complete, that is, they cover all possible methods for state interpretation. The properties of all patterns are thoroughly discussed so that the pros and cons of their application may be fully understood. Finally, we describe and discuss an ideal VMI-based intrusion detection system using our model and begin to detail the practical implications in building such a system.

On Multi-Authority Ciphertext-Policy Attribute-Based Encryption

In classical encryption schemes, data is encrypted under a single key that is associated with a user or group. In Ciphertext-Policy Attribute-Based Encryption(CP-ABE) keys are associated with attributes of users, given to them by a central trusted authority, and data is en- crypted under a logical formula over these attributes. We extend this idea to the case where an arbitrary number of independent parties can be present to maintain attributes and their corresponding secret keys. We present a scheme for multi-authority CP-ABE, propose the first two constructions that fully implement the scheme, and prove their security against chosen plaintext attacks.

Nitro: hardware-based system call tracing for virtual machines

Virtual machine introspection (VMI) describes the method of monitoring and analyzing the state of a virtual machine from the hypervisor level. This lends itself well to security applications, though the hardware virtualization support from Intel and AMD was not designed with VMI in mind. This results in many challenges for developers of hardware-supported VMI systems. This paper describes the design and implementation of our prototype framework, Nitro, for system call tracing and monitoring. Since Nitro is a purely VMI-based system, it remains isolated from attacks originating within the guest operating system and is not directly visible from within the guest. Nitro is extremely flexible as it supports all three system call mechanisms provided by the Intel ×86 architecture and has been proven to work in Windows, Linux, 32-bit, and 64-bit environments. The high performance of our system allows for real-time capturing and dissemination of data without hindering usability. This is supported by extensive testing with various guest operating systems. In addition, Nitro is resistant to circumvention attempts due to a construction called hardware rooting. Finally, Nitro surpasses similar systems in both performance and functionality.

On the appropriateness of negative selection defined over Hamming shape-space as a network intrusion detection system

Artificial immune systems have become popular in recent years as a new approach for intrusion detection systems. Indeed, the (natural) immune system applies very effective mechanisms to protect the body against foreign intruders. We present empirical and theoretical arguments, that the artificial immune system negative selection principle, which is primarily used for network intrusion detection systems, has been copied to naively and is not appropriate and not applicable for network intrusion detection systems.

Enhancing Trusted Platform Modules with Hardware-Based Virtualization Techniques

We present the design of a trusted platform module (TPM) that supports hardware-based virtualization techniques. Our approach enables multiple virtual machines to use the complete power of a hardware TPM by providing for every virtual machine (VM) the illusion that it has its own hardware TPM. For this purpose, we introduce an additional privilege level that is only used by a virtual machine monitor to issue management commands, such as scheduling commands, to the TPM. Based on a TPM Control Structure, we can ensure that state information of a virtual machines TPM cannot corrupt the TPM state of another VM. Our approach uses recent developments in the virtualization technology of processor architectures.

Improving the scalability of platform attestation

In the process of platform attestation, a Trusted Platform Module is a performance bottleneck, which causes enormous delays if multiple simultaneously attestation requests arrive in a short period of time. In this paper we show how the scalability of platform attestation can be improved. In this context, we propose three protocols that enable fast and secure integrity reporting for servers that have to handle many attestation requests. We implemented all of our protocols and compared them in terms of security and performance. Our proposed protocols enable a highly frequented entity to timely answer incoming attestation requests.

Detecting node compromise in hybrid wireless sensor networks using attestation techniques

Node compromise is a serious threat in wireless sensor networks. Particular in networks which are organized in clusters, nodes acting as cluster heads for many cluster nodes are a valuable target for an adversary. We present two efficient hardware-based attestation protocols for detecting compromised cluster heads. Cluster heads are equipped with a Trusted Platform Module and possess much more resources than the majority of cluster nodes which are very constrained in their capabilities. A cluster node can verify the trustworthiness of a cluster head using the Trusted Platform Module as a trust anchor and therefore validate whether the system integrity of a cluster head has not been tampered with. The first protocol provides a broadcast attestation, i.e., allowing a cluster head to attest its system integrity to multiple cluster nodes simultaneously, while the second protocol is able to carry out a direct attestation between a single cluster node (or the sink) and one cluster head. In contrast to timing-based software approaches, the attestation can be performed even if nodes are multiple hops away from each other.