Sokratis K. Katsikas

Trust, Privacy and Security in Digital Business

Kerberos is one of the most deployed protocols to achieve a controlled access to application services by ensuring a secure authentication and key distribution process. Given its growing popularity, Kerberos is envisaged to become a widespread solution for single sign-on access. For this reason, the evolution of the protocol still continues in order to address new features or challenges which were not considered when initially designed. This paper focuses on the ticket acquisition process and proposes a new mechanism called Kerberos Ticket Pre-distribution that reduces the time required to recover tickets from the Key Distribution Center (KDC). We offer a flexible solution which is able to work in three different modes of operation, depending on what entity (the user, the network or both) controls the pre-distribution process. By employing the extensibility mechanisms available in Kerberos, we maintain interoperability with current implementations without compromising the security and robustness of the protocol. Using an implemented prototype, we evaluate our solution and demonstrate that our proposal significantly improves the standard Kerberos ticket acquisition process.

Effective identification of source code authors using byte-level information

Source code author identification deals with the task of identifying the most likely author of a computer program, given a set of predefined author candidates. This is usually .based on the analysis of other program samples of undisputed authorship by the same programmer. There are several cases where the application of such a method could be of a major benefit, such as authorship disputes, proof of authorship in court, tracing the source of code left in the system after a cyber attack, etc. We present a new approach, called the SCAP (Source Code Author Profiles) approach, based on byte-level n-gram profiles in order to represent a source code authors style. Experiments on data sets of different programming-language (Java or C++) and varying difficulty (6 to 30 candidate authors) demonstrate the effectiveness of the proposed approach.A comparison with a previous source code authorship identification study based on more complicated information shows that the SCAP approach is language independent and that n-gram author profiles are better able to capture the idiosyncrasies of the source code authors. Moreover, the SCAP approach is able to deal surprisingly well with cases where only a limited amount of very short programs per programmer is available for training. It is also demonstrated that the effectiveness of the proposed model is not affected by the absence of comments in the source code, a condition usually met in cyber-crime cases.

Reducing false positives in intrusion detection systems

A post-processing filter is proposed to reduce false positives in network-based intrusion detection systems. The filter comprises three components, each one of which is based upon statistical properties of the input alert set. Special characteristics of alerts corresponding to true attacks are exploited. These alerts may be observed in batches, which contain similarities in the source or destination IPs, or they may produce abnormalities in the distribution of alerts of the same signature. False alerts can be recognized by the frequency with which their signature triggers false positives. The filter architecture and design are discussed. Evaluation results performed using the DARPA 1999 dataset indicate that the proposed approach can significantly reduce the number and percentage of false positives produced by Snort(C) (Roesch, 1999). Our filter limited false positives by a percentage up to 75%.

Health care management and information systems security: awareness, training or education?

In this paper, a methodology for determining the training needs of personnel classes within health care establishments (HCEs) with respect to information systems security is discussed. This methodology, in way of an example, is applied to a particular class of HCE personnel, namely managers, whose training needs are derived. Further, the ISHTAR training course on information systems security for HCE managers is evaluated against these requirements and improvements to it are proposed.

Trust, privacy and security in e-business: requirements and solutions

An important aspect of e-business is the area of e-commerce. One of the most severe restraining factors for the proliferation of e-commerce, is the lack of trust between customers and sellers, consumer privacy concerns and the lack of security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. This paper considers trust privacy and security issues in e-commerce applications and discusses methods and technologies that can be used to fulfil the pertinent requirements.

Electronic Voting: Constitutional and Legal Requirements, and Their Technical Implications

This paper provides a systematic overview of the major constitutional and legalaspects of e-voting, together with their technical implications. All democracy-oriented legal and constitutional requirements of an Internet-based voting system are identified. Such a voting system has to comply with these, in order to encourage and promote the participation of citizens, without violating any of their fundamental rights (privacy, anonymity, equality, etc.).

Revisiting Legal and Regulatory Requirements for Secure E-Voting

This paper addresses the democracy-oriented legal and constitutional requirements that an electronic voting system has to comply with. Its scope covers every election or decision-making process, which takes place through voting. Due mainly to the digital divide and to current technological limitation, electronic voting cannot be proposed as a universal means of voting but rather as an alternative option, supplemental to traditional voting means. An electronic voting process must be designed in such a way as to guarantee the general, free, equal and secret character of elections. In a democratic context an electronic voting system should respect and ensure attributes and properties such as transparency, verifiability, accountability, security and accuracy. Only then can it foster and promote the participation of the citizens, the legitimacy and the democratic transaction of the election process.

Source Code Author Identification Based on N-gram Author Profiles

Source code author identification deals with the task of identifying the most likely author of a computer program, given a set of predefined author candidates. This is usually. based on the analysis of other program samples of undisputed authorship by the same programmer. There are several cases where the application of such a method could be of a major benefit, such as authorship disputes, proof of authorship in court, tracing the source of code left in the system after a cyber attack, etc. We present a new approach, called the SCAP (Source Code Author Profiles) approach, based on byte-level n-gram profiles in order to represent a source code author’s style. Experiments on data sets of different programming language (Java or C++) and varying difficulty (6 to 30 candidate authors) demonstrate the effectiveness of the proposed approach. A comparison with a previous source code authorship identification study based on more complicated information shows that the SCAP approach is language independent and that n-gram author profiles are better able to capture the idiosyncrasies of the source code authors. Moreover the SCAP approach is able to deal surprisingly well with cases where only a limited amount of very short programs per programmer is available for training. It is also demonstrated that the effectiveness of the proposed model is not affected by the absence of comments in the source code, a condition usually met in cyber-crime cases.

Evaluating certificate status information mechanisms

A wide spectrum of certificate revocation mechanisms is currently in use. A number of them have been proposed by standardisation bodies, while some others have originated from academic or private institutions. What is still missing is a systematic and robust framework for the sound evaluation of these mechanisms. We present a mechanism-neutral framework for the evaluation of mechanisms, which collect, process and distribute certificate status information. A detailed demonstration of its exploitation is also provided. The demonstration is mainly based on the evaluation of Certificate Revocation Lists, as well as of the Online Certificate Status Protocol.

Trusted third party services for deploying secure telemedical applications over the WWW

The EUROMED-ETS schema provides a robust security framework for telemedical applications operating over the World Wide Web. It is based on a trusted third party architecture under which certificate authorities store the public-key certificates of participating hospitals and medical practitioners. Digital signatures are used to provide peer and data origin authentication, and, in combination with access control lists, to provide access control. The deployed infrastructure is based on off-the-shelf available clients and servers, and provides functions for electronic registration of participants, session initialization, user authentication, key generation and personalization, certificate generation, distribution, storage and retrieval, certificate revocation lists, and auditing. It was found that, as the underlying technologies mature, a Web-based trusted third party architecture provides a viable solution for delivering secure telemedical applications.