CrySyS Lab Publications

Total number of publications: 420

2024 | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997 | 1996 | 1995 | 1994 | 1993 | 1992 | 1991 | 1990 | 1987 | 1985 | 1983 | 1982 | 1980 | 1979 | 1978 | 1977

2024

On the Performance Evaluation of Protocol State Machine Reverse Engineering Methods

G. Ládi and T. Holczer

Journal of Communications Software and Systems, 2024.

Bibtex | Abstract | PDF | Link

@article {
   author = {Gergõ Ládi and Tamas Holczer},
   title = {On the Performance Evaluation of Protocol State Machine Reverse Engineering Methods},
   journal = {Journal of Communications Software and Systems},
   year = {2024},
   howpublished = "\url{https://doi.org/10.24138/jcomss-2023-0149}"
}

Keywords

protocol reverse engineering, protocol state machine, performance evaluation, runtime analysis, bounded runtime, incomplete input

Abstract

Having access to the specifications of network pro- tocols is essential for several reasons in IT security. When the specifications are not known, one may turn to protocol reverse engineering methods to reconstruct these, typically by analysing recorded network traffic or inspecting an executable that implements the protocol. First, the format and structure of the messages need to be recovered, then the state machine of the protocol itself. Over the years, several solutions have been proposed for both tasks. As a consequence, picking the right solution for a given scenario is often a complex problem that involves evaluating and comparing various solutions. In this paper, we review the current means of evaluating the perfor- mance of protocol state machine reverse engineering methods. To help alleviate the shortcomings of the current methodology, we propose two new metrics of performance to be measured: correctness and completeness of output for partial runs (when runtime is bounded). These, combined with previously used metrics should make it easier to pick the most ideal choice for a given use case. We also propose the examination of cases where the algorithms have to work with incomplete or inaccurate syntactical information. We showcase how these new metrics and related information may be useful for the evaluation and comparison of various algorithms by applying these new methods to evaluate the performance of a recent protocol state machine reverse engineering method.

Supporting CAN Bus Anomaly Detection With Correlation Data

B. Koltai and A. Gazdag and G. Ács

Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, 2024.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Beatrix Koltai and András Gazdag and Gergely Ács},
   title = {Supporting CAN Bus Anomaly Detection With Correlation Data},
   booktitle = {Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
   year = {2024},
   howpublished = "\url{https://www.scitepress.org/PublicationsDetail.aspx?ID=Tk17bfTiwAg=}"
}

Keywords

CAN, Anomaly Detection, TCN, Correlation

Abstract

Communication on the Controller Area Network (CAN) in vehicles is notably lacking in security measures, rendering it susceptible to remote attacks. These cyberattacks can potentially compromise safety-critical vehicle subsystems, and therefore endanger passengers and others around them. Identifying these intrusions could be done by monitoring the CAN traffic and detecting abnormalities in sensor measurements. To achieve this, we propose integrating time-series forecasting and signal correlation analysis to improve the detection accuracy of an onboard intrusion detection system (IDS). We predict sets of correlated signals collectively and report anomaly if their combined prediction error surpasses a predefined threshold. We show that this integrated approach enables the identification of a broader spectrum of attacks and significantly outperforms existing state-of-the-art solutions.

2023

6G for Connected Sky: A Vision for Integrating Terrestrial and Non-Terrestrial Networks

M. Ozger and I. Gódor and A. Nordlow and T. Heyn and S. Pandi and I. Peterson and A. Viseras and J. Holis and C. Raffelsberger and A. Kercek and B. Mölleryd and L. Toka and G. Biczók and R. de Candido and F. Laimer and U. Tarmann and D. Schupke and C. Cavdar

Proceedings of EuCNC & 6G Summit, 2023.

Bibtex

@inproceedings {
   author = {Mustafa Ozger and István Gódor and Anders Nordlow and Thomas Heyn and Sreekrishna Pandi and Ian Peterson and Alberto Viseras and Jaroslav Holis and Christian Raffelsberger and Andreas Kercek and Bengt Mölleryd and Laszlo Toka and Gergely Biczók and Robby de Candido and Felix Laimer and Udo Tarmann and Dominic A. Schupke and Cicek Cavdar},
   title = {6G for Connected Sky: A Vision for Integrating Terrestrial and Non-Terrestrial Networks},
   booktitle = {Proceedings of EuCNC & 6G Summit},
   year = {2023}
}

Abstract

A Practical Attack on the TLSH Similarity Digest Scheme

G. Fuchs and R. Nagy and L. Buttyán

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Gabor Fuchs and Roland Nagy and Levente Buttyán},
   title = {A Practical Attack on the TLSH Similarity Digest Scheme},
   booktitle = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
   year = {2023},
   howpublished = "\url{https://dl.acm.org/doi/10.1145/3600160.3600173}"
}

Keywords

Similarity digest schemes, locality sensitive hashing, TLSH, similarity- based malware detection

Abstract

Similarity digest schemes are used in various applications (e.g., digital forensics, spam filtering, malware clustering, and malware detection), which require them to be resistant to attacks aiming at generating semantically similar inputs that have very different similarity digest values. In this paper, we show that TLSH, a widely used similarity digest function, is not sufficiently robust against such attacks. More specifically, we propose an automated method for modifying executable files (binaries), such that the modified binary has the exact same functionality as the original one, it also remains syntactically similar to the original one, yet, the TLSH difference score between the original and the modified binaries be- comes high. We evaluate our method on a large data set containing malware binaries, and we also show that it can be used effectively to generate adversarial samples that evade detection by SIMBIoTA, a recently proposed similarity-based malware detection approach.

Anomaly detection in CAN with TCN

B. Koltai and A. Gazdag

Hungarian Machine Learning Workshop, 2023.

Bibtex | PDF

@conference {
   author = {Beatrix Koltai and András Gazdag},
   title = {Anomaly detection in CAN with TCN},
   publisher = {Hungarian Machine Learning Workshop},
   year = {2023}
}

Abstract

CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks

A. Gazdag and R. Ferenc and L. Buttyán

Nature: Scientific Data, 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {András Gazdag and Rudolf Ferenc and Levente Buttyán},
   title = {CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks},
   journal = {Nature: Scientific Data},
   year = {2023},
   howpublished = "\url{https://www.nature.com/articles/s41597-023-02716-9}"
}

Abstract

Despite their known security shortcomings, Controller Area Networks are widely used in modern vehicles. Research in the field has already proposed several solutions to increase the security of CAN networks, such as using anomaly detection methods to identify attacks. Modern anomaly detection procedures typically use machine learning solutions that require a large amount of data to be trained. This paper presents a novel CAN dataset specifically collected and generated to support the development of machine learning based anomaly detection systems. Our dataset contains 26 recordings of benign network traffic, amounting to more than 2.5 hours of traffic. We performed two types of attack on the benign data to create an attacked dataset representing most of the attacks previously proposed in the academic literature. As a novelty, we performed all attacks in two versions, modifying either one or two signals simultaneously. Along with the raw data, we also publish the source code used to generate the attacks to allow easy customization and extension of the dataset.

Holistic attack methods against power systems using the IEC 60870-5-104 protocol

J. Csatár and P. György and T. Holczer

Infocommunications Journal, Vol. XV, No. 3., 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {János Csatár and Péter György and Tamas Holczer},
   title = {Holistic attack methods against power systems using the IEC 60870-5-104 protocol},
   journal = {Infocommunications Journal, Vol. XV, No. 3.},
   year = {2023},
   howpublished = "\url{https://www.infocommunications.hu/documents/169298/4893630/InfocomJournal_2023_3_5.pdf}"
}

Keywords

IEC 60870-5-104, Attack, Security, Power system

Abstract

IEC 60870-5-104 is a widely used protocol for telecontrol in European power systems. However, security was not a design goal when it was originally published: This protocol lacks built-in security features such as encryption, integrity protection, or authentication. In this paper, we describe novel types of attacks against the protocol in a holistic way. Therefore, we also enumerate the possible entry points of the threat actors and demonstrate a new technique, where the malicious actor can precisely target the attack. These methods are demonstrated both on simulated environment and actual devices and compared with already published methods.

Improving CAN anomaly detection with correlation-based signal clustering

B. Koltai and A. Gazdag and G. Ács

Infocommunications Journal, Vol. XV, No. 4., 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {Beatrix Koltai and András Gazdag and Gergely Ács},
   title = {Improving CAN anomaly detection with correlation-based signal clustering},
   journal = {Infocommunications Journal, Vol. XV, No. 4.},
   year = {2023},
   howpublished = "\url{https://www.infocommunications.hu/2023_4_3}"
}

Keywords

CAN, Anomaly Detection, TCN, Correlation

Abstract

Communication on the Controller Area Network (CAN) in vehicles is notably lacking in security measures, rendering it susceptible to remote attacks. These cyberattacks can potentially compromise safety-critical vehicle subsystems, and therefore endanger passengers and others around them. Identifying these intrusions could be done by monitoring the CAN traffic and detecting abnormalities in sensor measurements. To achieve this, we propose integrating time-series forecasting and signal correlation analysis to improve the detection accuracy of an onboard intrusion detection system (IDS). We predict sets of correlated signals collectively and report anomaly if their combined prediction error surpasses a predefined threshold. We show that this integrated approach enables the identification of a broader spectrum of attacks and significantly outperforms existing state-of-the-art solutions.

Increasing the Robustness of a Machine Learning-based IoT Malware Detection Method with Adversarial Training

J. Sandor and R. Nagy and L. Buttyán

WiseML'23: Proceedings of the 2023 ACM Workshop on Wireless Security and Machine Learning, 2023.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Jozsef Sandor and Roland Nagy and Levente Buttyán},
   title = {Increasing the Robustness of a Machine Learning-based IoT Malware Detection Method with Adversarial Training},
   booktitle = {WiseML'23: Proceedings of the 2023 ACM Workshop on Wireless Security and Machine Learning},
   year = {2023},
   howpublished = "\url{https://dl.acm.org/doi/10.1145/3586209.3591401}"
}

Keywords

Internet-of-Things; malware detection; machine learning; adversarial examples; adversarial training

Abstract

We study the robustness of SIMBIoTA-ML, a recently proposed machine learning-based IoT malware detection solution against adversarial samples. First, we propose two adversarial sample creation strategies that modify existing malware binaries by appending extra bytes to them such that those extra bytes are never executed, but they make the modified samples dissimilar to the original ones. We show that SIMBIoTA-ML is robust against the first strategy, but it can be misled by the second one. To overcome this problem, we propose to use adversarial training, i.e., to extend the training set of SIMBIoTA-ML with samples that are crafted by using the adversarial evasion strategies. We measure the detection accuracy of SIMBIoTA-ML trained on such an extended training set and show that it remains high both for the original malware samples and for the adversarial samples.

Industry-Scale Orchestrated Federated Learning for Drug Discovery

M. Oldenhof and G. Ács and B. Pejo and A. Schuffenhauer and N. Holway and N. Sturm and A. Dieckmann and O. Fortmeier and E. Boniface and C. Mayer and A. Gohier and P. Schmidtke and R. Niwayama and D. Kopecky and L. Mervin and P. C. Rathi and L. Friedrich and A. Formanek and P. Antal and J. Rahaman and A. Zalewski and W. Heyndrickx and E. Oluoch and M. Stößel and M. Van?o and D. Endico and F. Gelus and T. de Boisfossé and A. Darbier and A. Nicollet and M. Blottière and M. Telenczuk and V. T. Nguyen and T. Martinez and C. Boillet and K. Moutet and A. Picosson and A. Gasser and I. Djafar and A. Simon and Ádám Arany and J. Simm and Y. Moreau and O. Engkvist and H. Ceulemans and C. Marini and M. Galtier

Proceedings of the AAAI Conference on Artificial Intelligence, 2023.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Martijn Oldenhof and Gergely Ács and Balazs Pejo and A. Schuffenhauer and N. Holway and N. Sturm and A. Dieckmann and O. Fortmeier and E. Boniface and C. Mayer and A. Gohier and P. Schmidtke and R. Niwayama and D. Kopecky and L. Mervin and P. C. Rathi and L. Friedrich and A. Formanek and P. Antal and J. Rahaman and A. Zalewski and W. Heyndrickx and E. Oluoch and M. Stößel and M. Van?o and D. Endico and F. Gelus and T. de Boisfossé and A. Darbier and A. Nicollet and M. Blottière and M. Telenczuk and V. T. Nguyen and T. Martinez and C. Boillet and K. Moutet and A. Picosson and A. Gasser and I. Djafar and A. Simon and Ádám Arany and J. Simm and Y. Moreau and O. Engkvist and H. Ceulemans and C. Marini and M. Galtier},
   title = {Industry-Scale Orchestrated Federated Learning for Drug Discovery},
   booktitle = {Proceedings of the AAAI Conference on Artificial Intelligence},
   year = {2023},
   howpublished = "\url{https://ojs.aaai.org/index.php/AAAI/article/view/26847}"
}

Keywords

Federated Learning, Drug Discovery, Privacy Preserving, Industry-scale

Abstract

To apply federated learning to drug discovery we developed a novel platform in the context of European Innovative Medicines Initiative (IMI) project MELLODDY (grant n°831472), which was comprised of 10 pharmaceutical companies, academic research labs, large industrial companies and startups. The MELLODDY platform was the first industry-scale platform to enable the creation of a global federated model for drug discovery without sharing the confidential data sets of the individual partners. The federated model was trained on the platform by aggregating the gradients of all contributing partners in a cryptographic, secure way following each training iteration. The platform was deployed on an Amazon Web Services (AWS) multi-account architecture running Kubernetes clusters in private subnets. Organisationally, the roles of the different partners were codified as different rights and permissions on the platform and administrated in a decentralized way. The MELLODDY platform generated new scientific discoveries which are described in a companion paper.

Machine Learning Based Time Series Generation for the Nuclear Industry

T. Holczer

Proceedings of the International Conference on Computer Security in the Nuclear World: Security for Safety. (2023), 2023.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer},
   title = {Machine Learning Based Time Series Generation for the Nuclear Industry},
   booktitle = {Proceedings of the International Conference on Computer Security in the Nuclear World: Security for Safety. (2023)},
   year = {2023}
}

Keywords

machine learning, time series, radiation detection system

Abstract

We need a lot of data for various purposes. We want to test new algorithms or make a cyber exercise, but sometimes we do not have enough original publicly available data. In this case we must generate synthetic data. A special case of data generation is where we need a time series. This paper discovers different methods of time series generation and test a method called TimeGAN for generating synthetic radiation detection system data. Similar approach can be used for temperature, pressure, or other synthetic time series relevant for the nuclear industry.

MELLODDY: Cross-pharma Federated Learning at Unprecedented Scale Unlocks Benefits in QSAR without Compromising Proprietary Information

W. Heyndrickx and L. Mervin and T. Morawietz and N. Sturm and L. Friedrich and A. Zalewski and A. Pentina and L. Humbeck and M. Oldenhof and R. Niwayama and P. Schmidtke and N. Fechner and J. Simm and A. Arany and N. Drizard and R. Jabal and A. Afanasyeva and R. Loeb and S. Verma and S. Harnqvist and M. Holmes and B. Pejo and M. Telenczuk and N. Holway and A. Dieckmann and N. Rieke and F. Zumsande and D.-A. Clevert and M. Krug and C. Luscombe and D. Green and P. Ertl and P. Antal and D. Marcus and N. D. Huu and H. Fuji and S. Pickett and G. Ács and E. Boniface and B. Beck and Y. Sun and A. Gohier and F. Rippmann and O. Engkvist and A. H. Göller and Y. Moreau and M. N. Galtier and A. Schuffenhauer and H. Ceulemans

Machine Learning in Bio-cheminformatics, 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {Wouter Heyndrickx and Lewis Mervin and Tobias Morawietz and Noé Sturm and Lukas Friedrich and Adam Zalewski and Anastasia Pentina and Lina Humbeck and Martijn Oldenhof and Ritsuya Niwayama and Peter Schmidtke and Nikolas Fechner and Jaak Simm and Adam Arany and Nicolas Drizard and Rama Jabal and Arina Afanasyeva and Regis Loeb and Shlok Verma and Simon Harnqvist and Matthew Holmes and Balazs Pejo and Maria Telenczuk and Nicholas Holway and Arne Dieckmann and Nicola Rieke and Friederike Zumsande and Djork-Arné Clevert and Michael Krug and Christopher Luscombe and Darren Green and Peter Ertl and Peter Antal and David Marcus and Nicolas Do Huu and Hideyoshi Fuji and Stephen Pickett and Gergely Ács and Eric Boniface and Bernd Beck and Yax Sun and Arnaud Gohier and Friedrich Rippmann and Ola Engkvist and Andreas H. Göller and Yves Moreau and Mathieu N. Galtier and Ansgar Schuffenhauer and Hugo Ceulemans},
   title = {MELLODDY: Cross-pharma Federated Learning at Unprecedented Scale Unlocks Benefits in QSAR without Compromising Proprietary Information},
   journal = {Machine Learning in Bio-cheminformatics},
   year = {2023},
   howpublished = "\url{https://pubs.acs.org/doi/10.1021/acs.jcim.3c00799}"
}

Abstract

Federated multipartner machine learning has been touted as an appealing and efficient method to increase the effective training data volume and thereby the predictivity of models, particularly when the generation of training data is resource- intensive. In the landmark MELLODDY project, indeed, each of ten pharmaceutical companies realized aggregated improvements on its own classification or regression models through federated learning. To this end, they leveraged a novel implementation extending multitask learning across partners, on a platform audited for privacy and security. The experiments involved an unprecedented cross-pharma data set of 2.6+ billion confidential experimental activity data points, documenting 21+ million physical small molecules and 40+ thousand assays in on-target and secondary pharmacodynamics and pharmacokinetics. Appropriate complementary metrics were developed to evaluate the predictive performance in the federated setting. In addition to predictive performance increases in labeled space, the results point toward an extended applicability domain in federated learning. Increases in collective training data volume, including by means of auxiliary data resulting from single concentration high-throughput and imaging assays, continued to boost predictive performance, albeit with a saturating return. Markedly higher improvements were observed for the pharmacokinetics and safety panel assay-based task subsets.

PATRIoTA: A Similarity-based IoT Malware Detection Method Robust Against Adversarial Samples

J. Sandor and R. Nagy and L. Buttyán

IEEE International Conference on Edge Computing and Communications (EDGE), 2023.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Jozsef Sandor and Roland Nagy and Levente Buttyán},
   title = {PATRIoTA: A Similarity-based IoT Malware Detection Method Robust Against Adversarial Samples},
   booktitle = {IEEE International Conference on Edge Computing and Communications (EDGE)},
   year = {2023},
   howpublished = "\url{https://ieeexplore.ieee.org/document/10234259}"
}

Keywords

Internet-of-Things; malware detection; binary similarity; locality-sensitive hashing; robustness against adver- sarial samples.

Abstract

Detecting malware targeting IoT devices has became an important challenge with the recent emergence of IoT botnets. Gateways at the edge between the Internet and IoT devices deployed in the field are particularly well-positioned for the task of malware detection, as malware typically spreads over the Internet and resource-constrained field devices may not have the means to protect themselves. Hence, we believe that, among other things, edge intelligence should also include effective and efficient IoT malware detection. A recently proposed similarity- based IoT malware detection method, called SIMBIoTA, would be suitable in this context, but its robustness against adversarial malware samples has been shown to be rather weak. In this paper, we propose PATRIoTA, a similarity-based IoT malware detection method inspired by SIMBIoTA, but being significantly more robust than SIMBIoTA is. We describe the operation of PATRIoTA, and compare its malware detection performance and robustness against adversarial samples to that of SIMBIoTA. We show that PATRIoTA outperforms SIMBIoTA with respect to both measures.

Privacy pitfalls of releasing in-vehicle network data

A. Gazdag and Sz. Lestyán and M. Remeli and G. Ács and T. Holczer and G. Biczók

Vehicular Communications, 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {András Gazdag and Szilvia Lestyan and Mina Remeli and Gergely Ács and Tamas Holczer and Gergely Biczók},
   title = {Privacy pitfalls of releasing in-vehicle network data},
   journal = {Vehicular Communications},
   year = {2023},
   howpublished = "\url{https://www.sciencedirect.com/science/article/pii/S2214209622001127?via%3Dihub}"
}

Keywords

In-vehicle network data; Privacy attacks; Driver re-identification; Trajectory reconstruction; Anonymization; Differential privacy

Abstract

The ever-increasing volume of vehicular data has enabled different service providers to access and monetize in-vehicle network data of millions of drivers. However, such data often carry personal or even potentially sensitive information, and therefore service providers either need to ask for drivers\' consent or anonymize such data in order to comply with data protection regulations. In this paper, we show that both fine-grained consent control as well as the adequate anonymization of in-network vehicular data are very challenging. First, by exploiting that in-vehicle sensor measurements are inherently interdependent, we are able to effectively i) re-identify a driver even from the raw, unprocessed CAN data with 97% accuracy, and ii) reconstruct the vehicle's complete location trajectory knowing only its speed and steering wheel position. Since such signal interdependencies are hard to identify even for data controllers, drivers' consent will arguably not be informed and hence may become invalid. Second, we show that the non-systematic application of different standard anonymization techniques (e.g., aggregation, suppression, signal distortion) often results in volatile, empirical privacy guarantees to the population as a whole but fails to provide a strong, worst-case privacy guarantee to every single individual. Therefore, we advocate the application of principled privacy models (such as Differential Privacy) to anonymize data with strong worst-case guarantee.

Privacy-Preserving Federated Singular Value Decomposition

B. Liu and B. Pejo and Q. Tang

Advanced Technologies for Data Privacy and Security, 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {Bowen Liu and Balazs Pejo and Qiang Tang},
   title = {Privacy-Preserving Federated Singular Value Decomposition},
   journal = {Advanced Technologies for Data Privacy and Security},
   year = {2023},
   howpublished = "\url{https://www.mdpi.com/2076-3417/13/13/7373}"
}

Keywords

singular value decomposition; federated learning; secure aggregation; differential privacy

Abstract

Singular value decomposition (SVD) is a fundamental technique widely used in various applications, such as recommendation systems and principal component analyses. In recent years, the need for privacy-preserving computations has been increasing constantly, which concerns SVD as well. Federated SVD has emerged as a promising approach that enables collaborative SVD computation without sharing raw data. However, existing federated approaches still need improvements regarding privacy guarantees and utility preservation. This paper moves a step further towards these directions: we propose two enhanced federated SVD schemes focusing on utility and privacy, respectively. Using a recommendation system use-case with real-world data, we demonstrate that our schemes outperform the state-of-the-art federated SVD solution. Our utility-enhanced scheme (utilizing secure aggregation) improves the final utility and the convergence speed by more than 2.5 times compared with the existing state-of-the-art approach. In contrast, our privacy-enhancing scheme (utilizing differential privacy) provides more robust privacy protection while improving the same aspect by more than 25%.

Quality Inference in Federated Learning with Secure Aggregation

B. Pejo and G. Biczók

IEEE Transactions on Big Data, 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {Balazs Pejo and Gergely Biczók},
   title = {Quality Inference in Federated Learning with Secure Aggregation},
   journal = {IEEE Transactions on Big Data},
   year = {2023},
   howpublished = "\url{https://ieeexplore.ieee.org/document/10138056}"
}

Keywords

Quality Inference , Federated Learning , Secure Aggregation , Misbehavior Detection , Contribution Score

Abstract

Federated learning algorithms are developed both for efficiency reasons and to ensure the privacy and confidentiality of personal and business data, respectively. Despite no data being shared explicitly, recent studies showed that the mechanism could still leak sensitive information. Hence, secure aggregation is utilized in many real-world scenarios to prevent attribution to specific participants. In this paper, we focus on the quality (i.e., the ratio of correct labels) of individual training datasets and show that such quality information could be inferred and attributed to specific participants even when secure aggregation is applied. Specifically, through a series of image recognition experiments, we infer the relative quality ordering of participants. Moreover, we apply the inferred quality information to stabilize training performance, measure the individual contribution of participants, and detect misbehavior.

SECREDAS: Safe and (Cyber-)Secure Cooperative and Automated Mobility

C. Ploeg and J. Sluis and S. Gerres and Sz. Novaczki and A. Wippelhauser and E. Nassor and J. Sevin and A. Gazdag and G. Biczók

Proceedings of IFAC World Congress, 2023.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Chris van der Ploeg and Jacco van de Sluis and Sebastian Gerres and Szabolcs Novaczki and András Wippelhauser and Eric Nassor and Julien Sevin and András Gazdag and Gergely Biczók},
   title = {SECREDAS: Safe and (Cyber-)Secure Cooperative and Automated Mobility},
   booktitle = {Proceedings of IFAC World Congress},
   year = {2023}
}

Abstract

Infrastructure-to-Vehicle (I2V) and Vehicle-to-Infrastructure (V2I) communication is likely to be a key-enabling technology for automated driving in the future. Using externally placed sensors, the digital infrastructure can support the vehicle in perceiving surroundings that would otherwise be difficult to perceive due to, for example, high traffic density or bad weather. Conversely, by communicating on-board vehicle measurements, the environment can more accurately be perceived in locations which are not (sufficiently) covered by digital infrastructure. The security of such communication channels is an important topic, since malicious information on these channels could potentially lead to a reduction in overall safety. Collective perception contributes to raising awareness levels and an improved traffic safety. In this work, a demonstrator is introduced, where a variety of novel techniques have been deployed to showcase an overall architecture for improving vehicle and vulnerable road user safety in a connected environment. The developed concepts have been deployed at the Automotive Campus intersection in Helmond (NL), in a field testing setting.

SQLi Detection with ML: A Data-Source Perspective

B. Pejo and N. Kapui

Proceedings of the 20th International Conference on Security and Cryptography, 2023.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Balazs Pejo and Nikolett Kapui},
   title = {SQLi Detection with ML: A Data-Source Perspective},
   booktitle = {Proceedings of the 20th International Conference on Security and Cryptography},
   year = {2023}
}

Abstract

Almost 50 years after the invention of SQL, injection attacks are still top-tier vulnerabilities of today’s ICT systems. Consequently, SQLi detection is still an active area of research, where the most recent works incorporate machine learning techniques into the proposed solutions. In this work, we highlight the shortcomings of the previous ML-based results focusing on four aspects: the evaluation methods, the optimization of the model parameters, the distribution of utilized datasets, and the feature selection. Since no single work explored all of these aspects satisfactorily, we fill this gap and provide an in-depth and comprehensive empirical analysis. Moreover, we cross-validate the trained models by using data from other distributions. This aspect of ML models (trained for SQLi detection) was never studied. Yet, the sensitivity of the model’s performance to this is crucial for any real-life deployment. Finally, we validate our findings on a real-world industrial SQLi dataset.

2022

Collaborative Drug Discovery: Inference-level Privacy Perspective

B. Pejo and M. Remeli and Á. Arany and M. Galtier and G. Ács

Transactions on Data Privacy (TDP), vol. 15, 2022.

Bibtex | Abstract | PDF | Link

@article {
   author = {Balazs Pejo and Mina Remeli and Ádám Arany and Mathieu Galtier and Gergely Ács},
   title = {Collaborative Drug Discovery: Inference-level Privacy Perspective},
   journal = {Transactions on Data Privacy (TDP)},
   volume = {15},
   year = {2022},
   howpublished = "\url{http://www.tdp.cat/issues21/abs.a449a21.php}"
}

Abstract

Pharmaceutical industry can better leverage its data assets to virtualize drug discovery through a collaborative machine learning platform. On the other hand, there are non-negligible risks stemming from the unintended leakage of participants' training data, hence, it is essential for such a platform to be secure and privacy-preserving. This paper describes a privacy risk assessment for collaborative modeling in the preclinical phase of drug discovery to accelerate the selection of promising drug candidates. After a short taxonomy of state-of-the-art inference attacks we adopt and customize several to the underlying scenario. Finally we describe and experiments with a handful of relevant privacy protection techniques to mitigate such attacks.

Games in the Time of COVID-19: Promoting Mechanism Design for Pandemic Response

B. Pejo and G. Biczók

ACM Transactions on Spatial Algorithms and Systems (TSAS), 2022.

Bibtex | Link

@article {
   author = {Balazs Pejo and Gergely Biczók},
   title = {Games in the Time of COVID-19: Promoting Mechanism Design for Pandemic Response},
   journal = {ACM Transactions on Spatial Algorithms and Systems (TSAS)},
   year = {2022},
   howpublished = "\url{https://dl.acm.org/doi/abs/10.1145/3503155}"
}

Abstract

Guide to Differential Privacy Modifications

B. Pejo and D. Desfontaines

Springer International Publishing (SpringerBriefs), 2022.

Bibtex | Link

@book {
   author = {Balazs Pejo and Damien Desfontaines},
   title = {Guide to Differential Privacy Modifications},
   publisher = {Springer International Publishing (SpringerBriefs)},
   year = {2022},
   howpublished = "\url{https://link.springer.com/book/10.1007/978-3-030-96398-9}"
}

Abstract

In search of lost utility: private location data

Sz. Lestyán and G. Ács and G. Biczók

Privacy Enhancing Technologies Symposium (PETS), 2022.

Bibtex | Abstract | PDF | Link

@conference {
   author = {Szilvia Lestyan and Gergely Ács and Gergely Biczók},
   title = {In search of lost utility: private location data},
   booktitle = {Privacy Enhancing Technologies Symposium (PETS)},
   year = {2022},
   howpublished = "\url{https://arxiv.org/pdf/2008.01665.pdf}"
}

Keywords

Location data anonymization, Differential Privacy, Generative Models

Abstract

The unavailability of training data is a permanent source of much frustration in research, especially when it is due to privacy concerns. This is particularly true for location data since previous techniques all suffer from the inherent sparseness and high dimensionality of location trajectories which render most techniques impractical, resulting in unrealistic traces and unscalable methods. Moreover, time information of location visits is usually dropped, or its resolution is drastically reduced. In this paper we present a novel technique for privately releasing a composite generative model and whole high-dimensional location datasets with detailed time information. To generate high-fidelity synthetic data, we leverage several peculiarities of vehicular mobility such as its language-like characteristics ("you should know a location by the company it keeps") or how humans plan their trips from one point to the other. We model the generator distribution of the dataset by first constructing a variational autoencoder to generate the source and destination locations, and the corresponding timing of trajectories. Next, we compute transition probabilities between locations with a feed forward network, and build a transition graph from the output of this model, which approximates the distribution of all paths between the source and destination (at a given time). Finally, a path is sampled from this distribution with a Markov Chain Monte Carlo method. The generated synthetic dataset is highly realistic, scalable, provides good utility and, nonetheless, provably private. We evaluate our model against two state-of-the-art methods and three real-life datasets demonstrating the benefits of our approach.

Incentives for Individual Compliance with Pandemic Response Measures

B. Pejo and G. Biczók

Enabling Technologies for Social Distancing: Fundamentals, concepts and solutions, (IET), 2022.

Bibtex | PDF | Link

@inproceedings {
   author = {Balazs Pejo and Gergely Biczók},
   title = {Incentives for Individual Compliance with Pandemic Response Measures},
   booktitle = {Enabling Technologies for Social Distancing: Fundamentals, concepts and solutions, (IET)},
   year = {2022},
   howpublished = "\url{https://digital-library.theiet.org/content/books/te/pbte104e}"
}

Abstract

IoT Malware Detection with Machine Learning

L. Buttyán and R. Ferenc

ERCIM News (129), Special Issue on Fighting Cybercrime, 2022.

Bibtex | Link

@article {
   author = {Levente Buttyán and Rudolf Ferenc},
   title = {IoT Malware Detection with Machine Learning},
   journal = {ERCIM News (129), Special Issue on Fighting Cybercrime},
   year = {2022},
   howpublished = "\url{https://ercim-news.ercim.eu/en129/special/iot-malware-detection-with-machine-learning}"
}

Abstract

Revenue Attribution on iOS 14 using Conversion Values in F2P Games

F. Ayala-Gómez and I. Horppu and E. Gülbenkoglu and V. Siivola and B. Pejo

AdKDD Workshop at 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (AdKDD) , 2022.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Frederick Ayala-Gómez and Ismo Horppu and Erlin Gülbenkoglu and Vesa Siivola and Balazs Pejo},
   title = {Revenue Attribution on iOS 14 using Conversion Values in F2P Games},
   booktitle = {AdKDD Workshop at 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (AdKDD) },
   year = {2022},
   howpublished = "\url{https://www.adkdd.org/Papers/Show-me-the-Money%3A-Measuring-Marketing-Performance-in-F2P-Games-using-Apple's-App-Tracking-Transparency-Framework/2022}"
}

Keywords

conversion value, revenue attribution, mobile advertising, privacy

Abstract

Mobile app developers use paid advertising campaigns to acquire new users. Based on the campaigns' performance, marketing managers decide where and how much to spend. Apple's new privacy mechanisms profoundly impact how performance marketing is measured. Starting iOS 14.5, all apps must get system permission for tracking explicitly via the new App Tracking Transparency Framework. Instead of relying on individual identifiers, Apple proposed a new performance mechanism called conversion value, an integer set by the apps for each user. The conversion value follows a set of rules and a schema that defines the integers based on the user's in-app behavior. The developers can get the number of installs per conversion value for each campaign. For conversion values to be helpful, we need a method that translates them to revenue. This paper investigates the task of attributing revenue to advertising campaigns using their reported conversion values. Our contributions are to formalize the problem, find the theoretically optimal revenue attribution function for any conversion value schema and show empirical results on past data of a free-to-play mobile game using different conversion value schemas.

SIMBIoTA++: Improved Similarity-based IoT Malware Detection

L. Buttyán and R. Nagy and D. Papp

IEEE 2nd Conference on Information Technology and Data Science (CITDS), 2022.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Levente Buttyán and Roland Nagy and Dorottya Papp},
   title = {SIMBIoTA++: Improved Similarity-based IoT Malware Detection},
   booktitle = {IEEE 2nd Conference on Information Technology and Data Science (CITDS)},
   year = {2022},
   howpublished = "\url{https://ieeexplore.ieee.org/abstract/document/9914145}"
}

Keywords

Internet of Things, malware detection, similarity hashing, graph theory, dominating set algorithm

Abstract

The Internet of Things is quickly developing and it enables exciting new applications, but at the same time, it also brings new security risks. In particular, embedded IoT devices may be subject to malware infection, undermining the trustworthiness of IoT systems. Malware detection on IoT devices is challenging due to their resource constraints, and antivirus tools developed for desktop PCs and servers are not directly applicable for them. In an earlier paper, we proposed a lightweight antivirus solution for IoT devices, called SIMBIoTA. In this paper, we propose SIMBIoTA++, an improvement on SIMBIoTA in terms of resource requirements. We also present a graph theory and measurement-based argument for selecting an appropriate similarity threshold, which is a key parameter in both SIMBIoTA and SIMBIoTA++.

SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices

D. Papp and G. Ács and R. Nagy and L. Buttyán

International Conference on Internet of Things, Big Data and Security (IoTBDS), 2022.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp and Gergely Ács and Roland Nagy and Levente Buttyán},
   title = {SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices},
   booktitle = {International Conference on Internet of Things, Big Data and Security (IoTBDS)},
   year = {2022}
}

Keywords

IoT, embedded systems, malware detection, machine learning

Abstract

Embedded devices are increasingly connected to the Internet to provide new and innovative applications in many domains. However, these devices can also contain security vulnerabilities, which allow attackers to compromise them using malware. In this paper, we present SIMBIoTA-ML, a light-weight antivirus solution that enables embedded IoT devices to take advantage of machine learning-based malware detection. We show that SIMBIoTA-ML can respect the resource constraints of embedded IoT devices, and it has a true positive malware detection rate of ca. 95%, while having a low false positive detection rate at the same time. In addition, the detection process of SIMBIoTA-ML has a near-constant running time, which allows IoT developers to better estimate the delay introduced by scanning a file for malware, a property that is advantageous in real-time applications, notably in the domain of cyber-physical systems.

Why Fuzzy Message Detection Leads to Fuzzy Privacy Guarantees

I. Seres and B. Pejo and P. Burcsi

22nd Financial Cryptography and Data Security Conference (FC), 2022.

Bibtex | Abstract | Link

@conference {
   author = {Andras Instvan Seres and Balazs Pejo and Peter Burcsi},
   title = {Why Fuzzy Message Detection Leads to Fuzzy Privacy Guarantees},
   booktitle = {22nd Financial Cryptography and Data Security Conference (FC)},
   year = {2022},
   howpublished = "\url{https://fc22.ifca.ai/preproceedings/9.pdf}"
}

Keywords

Fuzzy Message Detection, unlinkability, anonymity, differential privacy, game theory

Abstract

Fuzzy Message Detection (FMD) is a recent cryptographic primitive invented by Beck et al. (CCS’21) where an untrusted server performs coarse message filtering for its clients in a recipient-anonymous way. In FMD — besides the true positive messages — the clients download from the server their cover messages determined by their false- positive detection rates. What is more, within FMD, the server cannot distinguish between genuine and cover traffic. In this paper, we formally analyze the privacy guarantees of FMD from three different angles. First, we analyze three privacy provisions offered by FMD: recipient unlinkability, relationship anonymity, and temporal detection ambiguity. Second, we perform a differential privacy analysis and coin a relaxed definition to capture the privacy guarantees FMD yields. Finally, we simulate FMD on real-world communication data. Our theoretical and empirical results assist FMD users in adequately selecting their false-positive detection rates for various applications with given privacy requirements.

2021

Attacking IEC 60870-5-104 Protocol

P. György and T. Holczer

CEUR Workshop Proceedings, 2874 pp. 140-150. Paper: 13 , 11 p., 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Péter György and Tamas Holczer},
   title = {Attacking IEC 60870-5-104 Protocol},
   booktitle = {CEUR Workshop Proceedings, 2874 pp. 140-150. Paper: 13 , 11 p.},
   year = {2021}
}

Keywords

IEC-104, attack, security, power grid

Abstract

IEC 60870-5-104 is a widely used protocol for telecontrol in European power systems. Despite its wide usage, security was not a priority when the protocol was created. The IEC-104 protocol lacks important security features such as encryption, integrity protection, or authentication. In this paper, our goal is to show the risks of using this insecure protocol. To demonstrate it, we designed and implemented a wide range of different attacks. We also rated the stealthiness of these attacks in order to show that detection of an intruder is not always obvious. Our stealthy and successful attacks were carried out in a test environment with several virtual machines running an open-source implementation of the protocol.

Compression Boosts Differentially Private Federated Learning

R. Kerkouche and G. Ács and C. Castelluccia and P. Geneves

IEEE European Symposium on Security and Privacy (Euro S&P), 2021, IEEE, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Raouf Kerkouche and Gergely Ács and Claude Castelluccia and Pierre Geneves},
   title = {Compression Boosts Differentially Private Federated Learning},
   booktitle = {IEEE European Symposium on Security and Privacy (Euro S&P), 2021},
   publisher = {IEEE},
   year = {2021}
}

Abstract

Federated Learning allows distributed entities to train a common model collaboratively without sharing their own data. Although it prevents data collection and aggre- gation by exchanging only parameter updates, it remains vulnerable to various inference and reconstruction attacks where a malicious entity can learn private information about the participants’ training data from the captured gradients. Differential Privacy is used to obtain theoretically sound privacy guarantees against such inference attacks by noising the exchanged update vectors. However, the added noise is proportional to the model size which can be very large with modern neural networks. This can result in poor model quality. In this paper, compressive sensing is used to reduce the model size and hence increase model quality without sacrificing privacy. We show experimentally, using 2 datasets, that our privacy-preserving proposal can reduce the communication costs by up to 95% with only a negligible performance penalty compared to traditional non-private federated learning schemes.

Constrained Differentially Private Federated Learning for Low-bandwidth Devices

R. Kerkouche and G. Ács and C. Castelluccia and P. Geneves

Conference on Uncertainty in Artificial Intellgience (UAI), 2021, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Raouf Kerkouche and Gergely Ács and Claude Castelluccia and Pierre Geneves},
   title = {Constrained Differentially Private Federated Learning for Low-bandwidth Devices},
   booktitle = {Conference on Uncertainty in Artificial Intellgience (UAI), 2021},
   year = {2021}
}

Abstract

Federated learning becomes a prominent approach when different entities want to learn collaboratively a common model without sharing their training data. However, Federated learning has two main drawbacks. First, it is quite bandwidth inefficient as it involves a lot of message exchanges between the aggregating server and the participating enti- ties. This bandwidth and corresponding processing costs could be prohibitive if the participating enti- ties are, for example, mobile devices. Furthermore, although federated learning improves privacy by not sharing data, recent attacks have shown that it still leaks information about the training data. This paper presents a novel privacy-preserving fed- erated learning scheme. The proposed scheme pro- vides theoretical privacy guarantees, as it is based on Differential Privacy. Furthermore, it optimizes the model accuracy by constraining the model learning phase on few selected weights. Finally, as shown experimentally, it reduces the upstream and downstream bandwidth by up to 99.9% compared to standard federated learning, making it practical for mobile systems.

Correlation-based Anomaly Detection for the CAN Bus

A. Gazdag and Gy. Lupták and L. Buttyán

Euro-CYBERSEC, Nice, France, 2021.

Bibtex | Abstract | PDF

@conference {
   author = {András Gazdag and György Lupták and Levente Buttyán},
   title = {Correlation-based Anomaly Detection for the CAN Bus},
   booktitle = {Euro-CYBERSEC, Nice, France},
   year = {2021}
}

Keywords

Controller Area Network, Anomaly Detection, Correlation

Abstract

Previous attacks have shown that in-vehicle networks have vulnerabilities and a successful attack could lead to significant financial loss and danger to life. In this paper, we propose a Pearson correlation based anomaly detection algorithm to detect CAN message modification attacks. The algorithm does not need a priori information about the com- munication: it identifies signals based on statistical properties, finds the important correlation coefficients for the correlating signals, and detects attacks as deviations from a previously learned normal state.

Detecting Message Modification Attacks on the CAN Bus with Temporal Convolutional Networks

I. Chiscop and A. Gazdag and J. Bosman and G. Biczók

Proceedings of the 7th International Conference on Vehicle Technology and Intelligent Transport Systems, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Irina Chiscop and András Gazdag and Joost Bosman and Gergely Biczók},
   title = {Detecting Message Modification Attacks on the CAN Bus with Temporal Convolutional Networks},
   booktitle = {Proceedings of the 7th International Conference on Vehicle Technology and Intelligent Transport Systems},
   year = {2021}
}

Keywords

Vehicle Security, Intrusion Detection, Controller Area Network, Machine Learning, Temporal Convolutional Networks.

Abstract

Multiple attacks have shown that in-vehicle networks have vulnerabilities which can be exploited. Securing the Controller Area Network (CAN) for modern vehicles has become a necessary task for car manufacturers. Some attacks inject potentially large amount of fake messages into the CAN network; however, such attacks are relatively easy to detect. In more sophisticated attacks, the original messages are modified, making the de- tection a more complex problem. In this paper, we present a novel machine learning based intrusion detection method for CAN networks. We focus on detecting message modification attacks, which do not change the timing patterns of communications. Our proposed temporal convolutional network-based solution can learn the normal behavior of CAN signals and differentiate them from malicious ones. The method is evaluated on multiple CAN-bus message IDs from two public datasets including different types of attacks. Performance results show that our lightweight approach compares favorably to the state-of-the-art unsupervised learning approach, achieving similar or better accuracy for a wide range of scenarios with a significantly lower false positive rate.

Enhancing Safety and Security of Digital Instrumentation and Control System by Event Aggregation

R. Altschaffel and F. Zhang and J. Li and J. Hielscher and T. Holczer and W. Si and K. Lamshöft

12th Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Robert Altschaffel and Fan Zhang and Jianghai Li and Jonas Hielscher and Tamas Holczer and Wen Si and Kevin Lamshöft},
   title = {Enhancing Safety and Security of Digital Instrumentation and Control System by Event Aggregation},
   booktitle = {12th Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies},
   year = {2021}
}

Keywords

NPP Cybersecurity, I&C Security, SIEM, IDS, Anomaly Detection

Abstract

Nuclear power plants (NPPs) are implementing or transitioning to digital instrumentation and control (I&C) systems to control underlying physical processes. Such systems present an attack surface of obvious interest to various subsets of potential attackers and hence lead to a relevance of cybersecurity in a nuclear context. This prompts the need for measures aimed at detecting anomalous behavior or unwanted events in the I&C systems. This paper performs a survey on existing approaches to detect such behavior. This survey covers different perspectives and a broad range of different anomalous or unwanted behavior in the physical process and all aspects of the digital I&C systems. The perspective benefits from the inclusion of experts from the field of NPP cybersecurity, automation engineering and IT security. This interdisciplinary perspective allows for the identification of different sets of relevant data and events which might contribute to the understanding of an abnormal or unwanted situation (malfunction or a cyber-attack). This paper discusses how this data should be collected, how it can be aggregated and in which way it can enhance the safety and security of digital I&C systems.

Impact Assessment of IT Security Breaches in Cyber-Physical Systems

A. Földvári and G. Biczók and I. Kocsis and L. Gönczy and A. Pataricza

2nd Workshop on vAlidation and verification in FuturE cybeR-physical Systems (WAFERS, co-located with LADC 2021), 2021.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {A. Földvári and Gergely Biczók and I. Kocsis and László Gönczy and András Pataricza},
   title = {Impact Assessment of IT Security Breaches in Cyber-Physical Systems},
   booktitle = {2nd Workshop on vAlidation and verification in FuturE cybeR-physical Systems (WAFERS, co-located with LADC 2021)},
   year = {2021},
   howpublished = "\url{https://ieeexplore.ieee.org/document/9672582}"
}

Keywords

cyber-physical systems, impact analysis, error propagation analysis

Abstract

The increased cyber-attack surface in cyber-physical systems, the close coupling to vulnerable physical processes, and the potential for human casualties necessitate a careful extension of traditional safety methodologies, e.g., error propagation analysis (EPA), with cybersecurity capabilities. We propose a model-driven Information Technology/Operational Technology impact analysis method that supports identifying vulnerabilities, most critical attack strategies, and most dangerous threat actors by analyzing attack scenarios on an abstract functional model of the system. Our solution extends EPA, initially developed for dependability and safety analysis, with cybersecurity aspects to explore the safety impact of a cyber attack on a cyber-physical system. The paper presents the impact analysis workflow, the threat model, the pilot analysis tool, and a case study.

Interdependent privacy issues are pervasive among third-party applications

S. Liu and B. Herendi and G. Biczók

16th International Workshop on Data Privacy Management (DPM, co-located with ESORICS 2021), 2021.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Shuaishuai Liu and B. Herendi and Gergely Biczók},
   title = {Interdependent privacy issues are pervasive among third-party applications},
   booktitle = {16th International Workshop on Data Privacy Management (DPM, co-located with ESORICS 2021)},
   year = {2021},
   howpublished = "\url{https://link.springer.com/chapter/10.1007/978-3-030-93944-1_5}"
}

Keywords

interdependent privacy, third-party apps, permissions, Android, browser extensions, Google Workspace, risk signal

Abstract

Third-party applications are popular: they improve and ex- tend the features offered by their respective platforms, whether being mobile OS, browsers or cloud-based tools. Although some privacy con- cerns regarding these apps have been studied in detail, the phenomenon of interdependent privacy, when a user shares others’ data with an app without their knowledge and consent. Through careful analysis of per- mission models and multiple platform-specific datasets, we show that interdependent privacy risks are enabled by certain permissions in all platforms studied, and actual apps request these permissions instantiat- ing these risks. We also identify potential risk signals, and discuss solu- tions which could improve transparency and control for users, developers and platform owners.

Measuring Contributions in Privacy-Preserving Federated Learning

G. Ács and G. Biczók and B. Pejo

ERCIM NEWS, vol. 126, 2021, pp. 35-36.

Bibtex | Abstract | Link

@article {
   author = {Gergely Ács and Gergely Biczók and Balazs Pejo},
   title = {Measuring Contributions in Privacy-Preserving Federated Learning},
   journal = {ERCIM NEWS},
   volume = {126},
   year = {2021},
   pages = {35-36},
   howpublished = "\url{https://ercim-news.ercim.eu/en126/special/measuring-contributions-in-privacy-preserving-federated-learning}"
}

Abstract

How vital is each participant’s contribution to a collaboratively trained machine learning model? This is a challenging question to answer, especially if the learning is carried out in a privacy-preserving manner with the aim of concealing individual actions.

Privacy of Aggregated Mobility Data

G. Ács and Sz. Lestyán and G. Biczók

Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg., Springer, 2021.

Bibtex | PDF | Link

@inproceedings {
   author = {Gergely Ács and Szilvia Lestyan and Gergely Biczók},
   title = {Privacy of Aggregated Mobility Data},
   booktitle = {Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.},
   publisher = {Springer},
   year = {2021},
   howpublished = "\url{https://doi.org/10.1007/978-3-642-27739-9_1575-1}"
}

Abstract

Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction

R. Kerkouche and G. Ács and C. Castelluccia and P. Geneves

ACM Conference on Health, Inference, and Learning (CHIL), 2021, ACM, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Raouf Kerkouche and Gergely Ács and Claude Castelluccia and Pierre Geneves},
   title = {Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction},
   booktitle = {ACM Conference on Health, Inference, and Learning (CHIL), 2021},
   publisher = {ACM},
   year = {2021}
}

Abstract

Machine Learning, and in particular Federated Machine Learning, opens new perspectives in terms of medical research and patient care. Although Federated Machine Learning improves over central- ized Machine Learning in terms of privacy, it does not provide prov- able privacy guarantees. Furthermore, Federated Machine Learning is quite expensive in term of bandwidth consumption as it requires participant nodes to regularly exchange large updates. This pa- per proposes a bandwidth-efficient privacy-preserving Federated Learning that provides theoretical privacy guarantees based on Differential Privacy. We experimentally evaluate our proposal for in-hospital mortality prediction using a real dataset, containing Electronic Health Records of about one million patients. Our re- sults suggest that strong and provable patient-level privacy can be enforced at the expense of only a moderate loss of prediction accuracy.

Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity

M. Parisot and B. Pejo and D. Spagnuelo

18th International Conference on Security and Cryptography (SECRYPT), 2021.

Bibtex | Link

@conference {
   author = {Mathias Parisot and Balazs Pejo and Dayana Spagnuelo},
   title = {Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity},
   booktitle = {18th International Conference on Security and Cryptography (SECRYPT)},
   year = {2021},
   howpublished = "\url{https://www.scitepress.org/Link.aspx?doi=10.5220/0010555607150721}"
}

Abstract

Protocol State Machine Reverse Engineering with a Teaching-Learning Approach

G. Székely and G. Ládi and T. Holczer and L. Buttyán

Acta Cybernetica, 2021.

Bibtex | Abstract | PDF

@article {
   author = {Gábor Székely and Gergõ Ládi and Tamas Holczer and Levente Buttyán},
   title = {Protocol State Machine Reverse Engineering with a Teaching-Learning Approach},
   journal = {Acta Cybernetica},
   year = {2021}
}

Keywords

automated protocol reverse engineering, state machines, Mealy machines

Abstract

In this work, we propose a novel solution to the problem of inferring the state machine of an unknown protocol. We extend and improve prior results on inferring Mealy machines, and present a new algorithm that accesses and interacts with a networked system that runs the unknown protocol in order to infer the Mealy machine representing the protocol’s state machine. To demonstrate the viability of our approach, we provide an implementation and illustrate the operation of our algorithm on a simple example protocol, as well as on two real-world protocols, Modbus and MQTT.

Rootkit Detection on Embedded IoT Devices

R. Nagy and K. Németh and D. Papp and L. Buttyán

Acta Cybernetica, 2021.

Bibtex | Abstract | PDF

@article {
   author = {Roland Nagy and Krisztián Németh and Dorottya Papp and Levente Buttyán},
   title = {Rootkit Detection on Embedded IoT Devices},
   journal = {Acta Cybernetica},
   year = {2021}
}

Keywords

embedded systems, Internet of Things, security, malware

Abstract

IoT systems are subject to cyber attacks, including infecting embedded IoT devices with rootkits. Rootkits are malicious software that typically run with elevated privileges, which makes their detection challenging. In this paper, we address this challenge: we propose a rootkit detection approach for embedded IoT devices that takes advantage of a trusted execution environ- ment (TEE), which is often supported on popular IoT platforms, such as ARM based embedded boards. The TEE provides an isolated environment for our rootkit detection algorithms, and prevents the rootkit from interfering with their execution even if the rootkit has root privileges on the untrusted part of the IoT device. Our rootkit detection algorithms identify modifications made by the rootkit to the code of the operating system kernel, to system pro- grams, and to data influencing the control flow (e.g., hooking system calls), as well as inconsistencies created by the rootkit in certain kernel data struc- tures (e.g., those responsible to handle process related information). We also propose algorithms to detect rootkit components in the persistent storage of the device. Besides describing our approach and algorithms in details, we also report on a prototype implementation and on the evaluation of our design and implementation, which is based on testing our prototype with rootkits that we developed for this purpose.

SafeLib: a practical library for outsourcing stateful network functions securely

E. Marku and G. Biczók and C. Boyd

2021 IEEE 7th International Conference on Network Softwarization (NetSoft 2021), 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Enio Marku and Gergely Biczók and Colin Boyd},
   title = {SafeLib: a practical library for outsourcing stateful network functions securely},
   booktitle = {2021 IEEE 7th International Conference on Network Softwarization (NetSoft 2021)},
   year = {2021}
}

Keywords

virtualization; outsourcing; stateful network function; cloud; security

Abstract

A recent trend is to outsource virtual network functions (VNFs) to a third-party service provider, such as a public cloud. Since the cloud is usually not trusted, redirecting enterprise traffic to such an entity introduces security concerns. In addition to protecting enterprise traffic, it is also desirable to protect VNF code, policies and states. Existing outsourcing solutions fall short in either supporting stateful VNFs, catering for all security requirements, or providing adequate performance. In this paper we present SafeLib, a trusted hardware based outsourcing solution built on Intel SGX. SafeLib provides i) support for stateful VNFs, ii) support for illegal SGX instructions by integrating Graphene-SGX, iii) protection of both packet headers and payload for enterprise user traffic, VNF policies and VNF code, and iv) integration of libVNF for streamlined VNF development. Our performance evaluation shows that SafeLib scales properly for multiple cores, and introduces a reasonable performance overhead. We also outline plans to further improve SafeLib to satisfy even more stringent functional, security and performance requirements.

SIMBIoTA: Similarity-Based Malware Detection on IoT Devices

Cs. Tamás and D. Papp and L. Buttyán

6th International Conference on Internet of Things, Big Data and Security (IoTBDS), 23–25 April, 2021., 2021.

Bibtex | Abstract | PDF

@conference {
   author = {Csongor Tamás and Dorottya Papp and Levente Buttyán},
   title = {SIMBIoTA: Similarity-Based Malware Detection on IoT Devices},
   booktitle = {6th International Conference on Internet of Things, Big Data and Security (IoTBDS), 23–25 April, 2021.},
   year = {2021}
}

Keywords

IoT, embedded systems, malware detection, binary similarity, locality sensitive hashing

Abstract

Embedded devices connected to the Internet are threatened by malware, and currently, no antivirus product is available for them. We present SIMBIoTA, a new approach for detecting malware on such IoT devices. SIMBIoTA relies on similarity-based malware detection, and it has a number of notable advantages: moderate storage requirements on resource constrained IoT devices, a fast and lightweight malware detection process, and a surprisingly good detection performance, even for new, never-before-seen malware. These features make SIMBIoTA a viable antivirus solution for IoT devices, with competitive detection performance and limited resource requirements.

T-RAID: TEE-based Remote Attestation for IoT Devices

R. Nagy and M. Bak and D. Papp and L. Buttyán

Euro-CYBERSEC, Nice, France, 2021.

Bibtex | Abstract | PDF

@conference {
   author = {Roland Nagy and Marton Bak and Dorottya Papp and Levente Buttyán},
   title = {T-RAID: TEE-based Remote Attestation for IoT Devices},
   booktitle = {Euro-CYBERSEC, Nice, France},
   year = {2021}
}

Keywords

Internet of Things, embedded systems, malware, remote attestation, Trusted Execution Environment

Abstract

The Internet of Things (IoT) consists of network-connected embedded devices that enable a multitude of new applications, but also create new risks. In particular, embedded IoT devices can be infected by malware. Operators of IoT systems not only need malware detection tools, but also scalable methods to reliably and remotely verify malware freedom of their IoT devices. In this paper, we address this problem by proposing T-RAID, a remote attestation scheme for IoT devices that takes advantage of the security guarantees provided by a Trusted Execution Environment running on each device.

TEE Based Protection of Cryptographic Keys on Embedded IoT Devices

D. Papp and M. Zombor and L. Buttyán

Annales Mathematicae et Informaticae, 2021.

Bibtex | Abstract | PDF

@article {
   author = {Dorottya Papp and Máté Zombor and Levente Buttyán},
   title = {TEE Based Protection of Cryptographic Keys on Embedded IoT Devices},
   journal = {Annales Mathematicae et Informaticae},
   year = {2021}
}

Keywords

Trusted Execution Environment, cryptographic keys, key manage- ment

Abstract

The Internet of Things (IoT) consists of billions of embedded devices connected to the Internet. Secure remote management of many of these devices requires them to store and use long-term cryptographic keys. In this work we propose to protect cryptographic keys in embedded IoT devices using a Trusted Execution Environment (TEE) which is supported on many embedded platforms. Our approach provides similar protection as secure co-processors, but does not actually require an additional secure hardware element.

2020

Clustering IoT Malware based on Binary Similarity

M. Bak and D. Papp and Cs. Tamás and L. Buttyán

IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Marton Bak and Dorottya Papp and Csongor Tamás and Levente Buttyán},
   title = {Clustering IoT Malware based on Binary Similarity},
   booktitle = {IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)},
   year = {2020}
}

Abstract

In this paper, we propose to cluster malware samples based on their TLSH similarity. We apply this approach to clustering IoT malware samples as IoT botnets built from malware infected IoT devices are becoming an important trend. We study the performance of two distance-based clustering algorithms, k-medoid and OPTICS, on a large corpus of IoT malware samples when they are used with the TLSH difference metric to measure distances between samples. Our results show that neither of the two algorithms have acceptable clustering performance. Hence, we propose a new clustering algorithm, which achieves a performance superior to both k-medoid and OPTICS.

Corona Games: Masks, Social Distancing and Mechanism Design

B. Pejo and G. Biczók

Proc. of ACM SIGSPATIAL Workshop on COVID, ACM, 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Balazs Pejo and Gergely Biczók},
   title = {Corona Games: Masks, Social Distancing and Mechanism Design},
   booktitle = {Proc. of ACM SIGSPATIAL Workshop on COVID},
   publisher = {ACM},
   year = {2020}
}

Abstract

Pandemic response is a complex affair. Most governments employ a set of quasi-standard measures to fight COVID-19 including wearing masks, social distancing, virus testing and contact tracing. We argue that some non-trivial factors behind the varying effectiveness of these measures are selfish decision-making and the differing national implementations of the response mechanism. In this paper, through simple games, we show the effect of individual incentives on the decisions made with respect to wearing masks and social distancing, and how these may result in a sub-optimal outcome. We also demonstrate the responsibility of national authorities in designing these games properly regarding the chosen policies and their influence on the preferred outcome. We promote a mechanism design approach: it is in the best interest of every government to carefully balance social good and response costs when implementing their respective pandemic response mechanism.

Cryptographic Obfusctaion - A Survey

M. Horváth and L. Buttyán

SpringerBriefs in Computer Science, 2020.

Bibtex | Link

@book {
   author = {Máté Horváth and Levente Buttyán},
   title = {Cryptographic Obfusctaion - A Survey},
   publisher = {SpringerBriefs in Computer Science},
   year = {2020},
   howpublished = "\url{https://eprint.iacr.org/2015/412}"
}

Abstract

Development of a Man-in-the-Middle Attack Device for the CAN Bus

A. Gazdag and Cs. Ferenczi and L. Buttyán

Proceedings of the 1st Conference on Information Technology and Data Science, 2020, pp. 115-130.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag and Csongor Ferenczi and Levente Buttyán},
   title = {Development of a Man-in-the-Middle Attack Device for the CAN Bus},
   booktitle = {Proceedings of the 1st Conference on Information Technology and Data Science},
   year = {2020},
   pages = {115-130}
}

Keywords

Vehicle Security, CAN, ISO 11898, Man-in-the-Middle attack

Abstract

Modern vehicles are full of embedded controllers called ECUs (Electronic Control Units). They are responsible for different functionalities involving processing information from sensors and controlling actuators. To perform their functions, ECUs also need to communicate with each other. Most ve- hicles use a Controller Area Network (CAN) for ECU communication. The original design of the CAN bus was focusing on safety and reliability prop- erties. Security was not an issue because these networks were considered to be isolated systems. These assumptions were correct for a long time, but they no longer hold. Modern vehicles have many interfaces towards the outside world, which renders the internal network accessible to an attacker. Bluetooth, Wifi, wireless Tire Pressure Monitoring System (TPMS), or the On-Board Diagnostics (OBD) port are all options for attackers to either di- rectly access the CAN network or compromise a component attached to it. It is possible to inject fake messages, or potentially, to modify messages on the CAN, and hence, forcing some ECUs to act upon these fake messages, which may influence the overall behaviour of the vehicle. Modification attacks are complex both to carry out and to detect. The main difficulty of modification attacks is that the sender checks whether the transmitted bits correctly appear on the bus or not for safety reasons. The only network level way to circumvent this protection is to physically separate the sender and the attacked ECU on the CAN bus. This can be achieved with a physical layer Man-in-the-Middle attack. We built a proof-of-concept hard- ware device capable of modifying the CAN traffic in real-time to demonstrate that this attack is possible. It has two CAN interfaces to read messages from the original CAN bus and either just forward or modify-and-forward traffic to the attacked CAN bus. We showed with measurements that we can perform a message modification attack while keeping the introduced delay within what is allowed by the CAN specification.

GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic

G. Ládi and L. Buttyán and T. Holczer

Infocommunications Journal, Vol. XII, No. 2, 2020.

Bibtex | Abstract | PDF

@article {
   author = {Gergõ Ládi and Levente Buttyán and Tamas Holczer},
   title = {GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic},
   journal = {Infocommunications Journal, Vol. XII, No. 2},
   year = {2020}
}

Keywords

protocol reverse engineering, message format, field semantics, inference, binary protocols, network traffic, graph analysis, Modbus, MQTT

Abstract

Protocol specifications describe the interaction be- tween different entities by defining message formats and message processing rules. Having access to such protocol specifications is highly desirable for many tasks, including the analysis of botnets, building honeypots, defining network intrusion detection rules, and fuzz testing protocol implementations. Unfortunately, many protocols of interest are proprietary, and their specifications are not publicly available. Protocol reverse engineering is an approach to reconstruct the specifications of such closed proto- cols. Protocol reverse engineering can be tedious work if done manually, so prior research focused on automating the reverse engineering process as much as possible. Some approaches rely on access to the protocol implementation, but in many cases, the protocol implementation itself is not available or its license does not permit its use for reverse engineering purposes. Hence, in this paper, we focus on reverse engineering protocol specifications relying solely on recorded network traffic. More specifically, we propose GrAMeFFSI, a method based on graph analysis that can infer protocol message formats as well as certain field semantics for binary protocols from network traces. We demonstrate the usability of our approach by running it on packet captures of two known protocols, Modbus and MQTT, then comparing the inferred specifications to the official specifications of these protocols.

Nuclear Power Plant in a Box

R. Altschaffel and T. Holczer and R. A. Busquim e Silva and J. Li and P. György and M. Hildebrandt and M. Hewes

International Conference on Nuclear Security: Sustaining and Strengthening Efforts, International Atomic Energy Agency (IAEA), 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Robert Altschaffel and Tamas Holczer and R. A. Busquim e Silva and Jianghai Li and Péter György and M. Hildebrandt and M. Hewes},
   title = {Nuclear Power Plant in a Box},
   booktitle = {International Conference on Nuclear Security: Sustaining and Strengthening Efforts},
   publisher = {International Atomic Energy Agency (IAEA)},
   year = {2020}
}

Abstract

The paper presents the development of an architecture to deploy a simulated nuclear power plant in order to support training and research. In contrast to other simulators, which focus on the underlying physical processes, this approach also covers the industrial control systems (ICS) supervising and controlling these processes. Additionally, the IT components required for the associated business processes are also included, allowing for training with regard to threats to these IT components, including cyber-attack scenarios.

Rootkit Detection on Embedded IoT Devices

R. Nagy and L. Buttyán

Conference of PhD Students in Computer Science (CSCS), 2020.

Bibtex | Abstract | PDF

@conference {
   author = {Roland Nagy and Levente Buttyán},
   title = {Rootkit Detection on Embedded IoT Devices},
   booktitle = {Conference of PhD Students in Computer Science (CSCS)},
   year = {2020}
}

Abstract

Rootkits are malicious programs that try to maintain their presence on infected computers while remaining invisible. They have been used to attack traditional computers (PCs and servers), but they may also target embedded IoT devices. In this work, we propose a rootkit detection approach for such embedded IoT devices, where the detection mechanism is executed in an isolated execution environment that protects it from manipulation by the rootkit. Our rootkit detection approach is focused on detecting Direct Kernel Object Manipu- lation (DKOM) and it is based on detecting inconsistencies caused by the presence of a rootkit in various Linux kernel data structures such as the process list, the process tree, and different scheduling queues. We also report on the current status of our implementation using OP-TEE, an open source Trusted Execution Environment.

Securing Outsourced VNFs: Challenges, State of the Art, and Future Directions

E. Marku and G. Biczók and C. Boyd

IEEE Communications Magazine, vol. 58, no. 7, vol. 58, 2020, pp. 1-8.

Bibtex | Abstract | PDF

@article {
   author = {Enio Marku and Gergely Biczók and Colin Boyd},
   title = {Securing Outsourced VNFs: Challenges, State of the Art, and Future Directions},
   journal = {IEEE Communications Magazine, vol. 58, no. 7},
   volume = {58},
   year = {2020},
   pages = {1-8}
}

Keywords

virtualization, security, confidentiality, middlebox, cloud, outsourcing, VNF, SGX, 5G, RAP, LAP

Abstract

It is becoming increasingly common for en- terprises to outsource network functions to a third party provider such as a public cloud. Besides its well- documented benefits in cost and flexibility, outsourcing also introduces security issues. Peeking into or modifying traffic destined to the cloud are not the only threats we have to deal with; it can also be desirable to protect VNF code, input policies and states from a malicious cloud provider. In recent years several solutions have been proposed towards mitigating the threats of outsourcing VNFs, using either cryptographic or trusted hardware- based mechanisms (the latter typically applying SGX). In this paper, we provide an overview of methods for protecting the security of outsourced network functions. We introduce the challenges and emerging requirements, analyze the state-of-the-art, and identify the gaps between the requirements and existing solutions. Furthermore, we outline a potential way to fill these gaps in order to devise a more complete solution.

Sok: differential privacies

D. Desfontaines and B. Pejo

Proceedings on privacy enhancing technologies, 2020, pp. 288-313.

Bibtex | Abstract | Link

@inproceedings {
   author = {Damien Desfontaines and Balazs Pejo},
   title = {Sok: differential privacies},
   booktitle = {Proceedings on privacy enhancing technologies},
   year = {2020},
   pages = {288-313},
   howpublished = "\url{https://arxiv.org/abs/1906.01337}"
}

Abstract

Shortly after it was first introduced in 2006, differential privacy became the flagship data privacy definition. Since then, numerous variants and extensions were proposed to adapt it to different scenarios and attacker models. In this work, we propose a systematic taxonomy of these variants and extensions. We list all data privacy definitions based on differential privacy, and partition them into seven categories, depending on which aspect of the original definition is modified. These categories act like dimensions: variants from the same category cannot be combined, but variants from different categories can be combined to form new definitions. We also establish a partial ordering of relative strength between these notions by summarizing existing results. Furthermore, we list which of these definitions satisfy some desirable properties, like compo- sition, post-processing, and convexity by either providing a novel proof or collecting existing ones.

The cost of having been pwned: a security service provider's perspective

G. Biczók and M. Horváth and Sz. Szebeni and I. Lam and L. Buttyán

3rd International Workshop on Emerging Technologies for Authorization and Authentication (Co-Located with ESORICS 2020) - ETAA 2020, 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Biczók and Máté Horváth and Szilveszter Szebeni and Istvan Lam and Levente Buttyán},
   title = {The cost of having been pwned: a security service provider's perspective},
   booktitle = {3rd International Workshop on Emerging Technologies for Authorization and Authentication (Co-Located with ESORICS 2020) - ETAA 2020},
   year = {2020}
}

Abstract

Account information from major online providers are getting exposed regularly; this gives rise to PWND services, providing a smart means to check whether a password or username/password tuple has already been leaked, rendering them ``pwned'' and therefore risky to use. However, state-of-the-art PWND mechanisms leak some information themselves. In this paper, we investigate how this minimal leaked information can speed up password cracking attacks of a powerful adversary, when the PWND mechanism is implemented on-premise by a service provider as an additional security measure during registration or password change. We analyze the costs and practicality of these attacks, and investigate simple mitigation techniques. We show that implementing a PWND mechanism can be beneficial, especially for security-focused service providers, but proper care needs to be taken. We also discuss behavioral factors to consider when deploying PWND services.

There Is Always an Exception: Controlling Partial Information Leakage in Secure Computation

M. Horváth and L. Buttyán and G. Székely and D. Neubrandt

Information Security and Cryptology – ICISC 2019 : Revised selected papers, Springer, 2020, pp. 1-17.

Bibtex | Abstract | Link

@inproceedings {
   author = {Máté Horváth and Levente Buttyán and Gábor Székely and Dóra Neubrandt},
   title = {There Is Always an Exception: Controlling Partial Information Leakage in Secure Computation},
   booktitle = {Information Security and Cryptology – ICISC 2019 : Revised selected papers},
   publisher = {Springer},
   year = {2020},
   pages = {1-17},
   howpublished = "\url{https://eprint.iacr.org/2019/1302}"
}

Abstract

Private Function Evaluation (PFE) enables two parties to jointly execute a computation such that one of them provides the input while the other chooses the function to compute. According to the traditional security requirements, a PFE protocol should leak no more information, neither about the function nor the input, than what is revealed by the output of the computation. Existing PFE protocols inherently restrict the scope of computable functions to a certain function class with given output size, thus ruling out the direct evaluation of such problematic functions as the identity map, which would entirely undermine the input privacy requirement. We observe that when not only the input x is confidential but certain partial information g(x) of it as well, standard PFE fails to provide meaningful input privacy if g and the function f to be computed fall into the same function class. Our work investigates the question whether it is possible to achieve a reasonable level of input and function privacy simultaneously even in the above cases. We propose the notion of Controlled PFE (CPFE) with different flavours of security and answer the question affirmatively by showing simple, generic realizations of the new notions. Our main construction, based on functional encryption (FE), also enjoys strong reusability properties enabling, e.g. fast computation of the same function on different inputs. To demonstrate the applicability of our approach, we show a concrete instantiation of the FE-based protocol for inner product computation that enables secure statistical analysis (and more) under the standard Decisional Diffie--Hellman assumption.

Towards Reverse Engineering Protocol State Machines

G. Székely and G. Ládi and T. Holczer and L. Buttyán

The 12th Conference of PhD Students in Computer Science - Volume of short papers, 2020, pp. 70-73.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gábor Székely and Gergõ Ládi and Tamas Holczer and Levente Buttyán},
   title = {Towards Reverse Engineering Protocol State Machines},
   booktitle = {The 12th Conference of PhD Students in Computer Science - Volume of short papers},
   year = {2020},
   pages = {70-73}
}

Abstract

In this work, we are addressing the problem of inferring the state machine of an unknown protocol. Our method is based on prior work on inferring Mealy machines. We require access to and interaction with a system that runs the unknown protocol, and we serve a state-of-the-art Mealy machine inference algorithm with appropriate input obtained from the system at hand. We implemented our method and illustrate its operation on a simple example protocol.

Towards Secure Remote Firmware Update on Embedded IoT Devices

M. Juhász and D. Papp and L. Buttyán

Conference of PhD Students in Computer Science (CSCS), 2020.

Bibtex | Abstract | PDF

@conference {
   author = {Márton Juhász and Dorottya Papp and Levente Buttyán},
   title = {Towards Secure Remote Firmware Update on Embedded IoT Devices},
   booktitle = {Conference of PhD Students in Computer Science (CSCS)},
   year = {2020}
}

Abstract

An important security problem in IoT systems is the integrity protection of software, including the firmware and the operating system, running on embedded IoT devices. Digitally signed code and verified boot only partially solve this problem, because those mechanisms do not address the issue of run-time attacks that exploit software vulnerabilities. For this issue, the only known solution today is to fix the discovered vulnerabilities and update embedded devices with the fixed software. Such an update should be performed remotely in a secure and reliable way, as otherwise the update mechanism itself can be exploited to install compromised software on devices at large scale. In this work, we propose a system and related procedures for remotely updating the firmware and the operating system of embedded IoT devices securely and reliably.

Virtualization-assisted Testing of Network Security Systems for NPPs

T. Holczer and G. Berman and S. M. Darricades and P. György and G. Ládi

International Conference on Nuclear Security: Sustaining and Strengthening Efforts, International Atomic Energy Agency (IAEA), 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and G. Berman and S. M. Darricades and Péter György and Gergõ Ládi},
   title = {Virtualization-assisted Testing of Network Security Systems for NPPs},
   booktitle = {International Conference on Nuclear Security: Sustaining and Strengthening Efforts},
   publisher = {International Atomic Energy Agency (IAEA)},
   year = {2020}
}

Abstract

Nuclear power plants use different digital assets to control the processes. These assets are normally connected by computer networks, and are targets of potential cyber-attacks. To avoid or mitigate the effect of such an attack, different security controls are used in accordance with the guidelines. Before deploying a new cyber security control, it must be tested thoroughly. The paper proposes virtual testbeds made of virtual computers and networks for these tests and shows how three widely used open source firewalls perform in such a test.

2019

Automatic Driver Identification from In-Vehicle Network Logs

M. Remeli and Sz. Lestyán and G. Ács and G. Biczók

22th IEEE Intelligent Transportation Systems Conference (ITSC), IEEE, 2019.

Bibtex | Link

@inproceedings {
   author = {Mina Remeli and Szilvia Lestyan and Gergely Ács and Gergely Biczók},
   title = {Automatic Driver Identification from In-Vehicle Network Logs},
   booktitle = {22th IEEE Intelligent Transportation Systems Conference (ITSC)},
   publisher = {IEEE},
   year = {2019},
   howpublished = "\url{https://arxiv.org/pdf/1911.09508.pdf}"
}

Abstract

Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets

C. Palamidessi and C. Castelluccia and G. Ács and A. Kassem

International Workshop on Privacy Engineering (IWPE), IEEE, 2019.

Bibtex | Abstract

@inproceedings {
   author = {Catuscia Palamidessi and Claude Castelluccia and Gergely Ács and Ali Kassem},
   title = {Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets},
   booktitle = {International Workshop on Privacy Engineering (IWPE)},
   publisher = {IEEE},
   year = {2019}
}

Abstract

In order to protect individuals privacy, data have to be well-sanitized before sharing them, i.e. one has to remove any personal information before data sharing. However, it is not always clear when data shall be deemed well-sanitized. In this paper, we argue that the evaluation of sanitized data should be based on whether the data allows the inference of sensitive information that is specific to an individual in the dataset, instead of being centered around the concept of re-identification as regulations usually suggest. Our intent is not to accurately predict any sensitive attribute but rather to measure the impact of a single record on the inference of sensitive information. We demonstrate our approach by sanitizing two real datasets in different privacy models and evaluate/compare each sanitized dataset in our framework.

Extracting vehicle sensor signals from CAN logs for driver re-identification

Sz. Lestyán and G. Ács and G. Biczók and Zs. Szalay

5th International Conference on Information Security and Privacy (ICISSP 2019), SCITEPRESS, 2019, shortlisted for Best Student Paper Award.

Bibtex | Abstract

@inproceedings {
   author = {Szilvia Lestyan and Gergely Ács and Gergely Biczók and Zsolt Szalay},
   title = {Extracting vehicle sensor signals from CAN logs for driver re-identification},
   booktitle = {5th International Conference on Information Security and Privacy (ICISSP 2019)},
   publisher = {SCITEPRESS},
   year = {2019},
   note = {shortlisted for Best Student Paper Award}
}

Abstract

Data is the new oil for the car industry. Cars generate data about how they are used and who’s behind the wheel which gives rise to a novel way of profiling individuals. Several prior works have successfully demonstrated the feasibility of driver re-identification using the in-vehicle network data captured on the vehicle’s CAN bus. However, all of them used signals (e.g., velocity, brake pedal or accelerator position) that have already been extracted from the CAN log which is itself not a straightforward process. Indeed, car manufacturers intentionally do not reveal the exact signal location within CAN logs. Nevertheless, we show that signals can be efficiently extracted from CAN logs using machine learning techniques. We exploit that signals have several distinguishing statistical features which can be learnt and effectively used to identify them across different vehicles, that is, to quasi ”reverse-engineer” the CAN protocol. We also demonstrate that the extracted signals can be successfully used to re-identify individuals in a dataset of 33 drivers. Therefore, hiding signal locations in CAN logs per se does not prevent them to be regarded as personal data of drivers.

IoT Hacking - A Primer

D. Papp and K. Tamás and L. Buttyán

Infocommunications Journal, 2nd Issue, 2019.

Bibtex | Abstract | PDF

@article {
   author = {Dorottya Papp and Kristóf Tamás and Levente Buttyán},
   title = {IoT Hacking - A Primer},
   journal = {Infocommunications Journal, 2nd Issue},
   year = {2019}
}

Abstract

The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

Together or Alone: The Price of Privacy in Collaborative Learning

B. Pejo and Q. Tang and G. Biczók

Proceedings on Privacy Enhancing Technologies (PETS 2019), De Gruyter, 2019.

Bibtex | Abstract

@inproceedings {
   author = {Balazs Pejo and Q. Tang and Gergely Biczók},
   title = {Together or Alone: The Price of Privacy in Collaborative Learning},
   booktitle = {Proceedings on Privacy Enhancing Technologies (PETS 2019)},
   publisher = {De Gruyter},
   year = {2019}
}

Abstract

Machine learning algorithms have reached mainstream status and are widely deployed in many applications. The accuracy of such algorithms depends significantly on the size of the underlying training dataset; in reality a small or medium sized organization often does not have the necessary data to train a reasonably accurate model. For such organizations, a realistic solution is to train their machine learning models based on their joint dataset (which is a union of the individual ones). Unfortunately, privacy concerns prevent them from straightforwardly doing so. While a number of privacy-preserving solutions exist for collaborating organizations to securely aggregate the parameters in the process of training the models, we are not aware of any work that provides a rational framework for the participants to precisely balance the privacy loss and accuracy gain in their collaboration. In this paper, by focusing on a two-player setting, we model the collaborative training process as a two-player game where each player aims to achieve higher accuracy while preserving the privacy of its own dataset. We introduce the notion of Price of Privacy, a novel approach for measuring the impact of privacy protection on the accuracy in the proposed framework. Furthermore, we develop a game-theoretical model for different player types, and then either find or prove the existence of a Nash Equilibrium with regard to the strength of privacy protection for each player. Using recommendation systems as our main use case, we demonstrate how two players can make practical use of the proposed theoretical framework, including setting up the parameters and approximating the non-trivial Nash Equilibrium.

Towards Detecting Trigger-based Behavior In Binaries: Uncovering the Correct Environment

D. Papp and T. Tarrach and L. Buttyán

International Conference on Software Engineering and Formal Methods (SEFM), 2019.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Dorottya Papp and Thorsten Tarrach and Levente Buttyán},
   title = {Towards Detecting Trigger-based Behavior In Binaries: Uncovering the Correct Environment},
   booktitle = {International Conference on Software Engineering and Formal Methods (SEFM)},
   year = {2019}
}

Keywords

Directed symbolic execution, Trigger-based behavior, Software verification

Abstract

In this paper, we present our first results towards detecting trigger-based behavior in binary programs. A program exhibits trigger-based behavior if it contains undocumented, often malicious functionality that is executed only under specific circumstances. In order to determine the inputs and environment required to trigger such behavior, we use directed symbolic execution and present techniques to overcome some of its practical limitations. Specifically, we propose techniques to overcome the environment problem and the path selection problem. We implemented our techniques and evaluated their performance on a real malware sample that launches denial-of-service attacks upon receiving specific remote commands. Thanks to our techniques, our implementation was able to determine those specific commands and all other requirements needed to trigger the malicious behavior in reasonable time.

Towards protected VNFs for multi-operator service delivery

E. Marku and G. Biczók and C. Boyd

1st International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft), IEEE, 2019, co-located with IEEE NetSoft 2019.

Bibtex

@inproceedings {
   author = {Enio Marku and Gergely Biczók and Colin Boyd},
   title = {Towards protected VNFs for multi-operator service delivery},
   booktitle = {1st International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft)},
   publisher = {IEEE},
   year = {2019},
   note = {co-located with IEEE NetSoft 2019}
}

Abstract

Towards Systematic Specification of Non-Functional Requirements for Sharing Economy Services

I. Symeonidis and J. Schroers and M. A. Mustafa and G. Biczók

1st International Workshop on Smart Circular Economy (co-located with IEEE DCOSS), IEEE, 2019.

Bibtex

@inproceedings {
   author = {Iraklis Symeonidis and J. Schroers and M. A. Mustafa and Gergely Biczók},
   title = {Towards Systematic Specification of Non-Functional Requirements for Sharing Economy Services},
   booktitle = {1st International Workshop on Smart Circular Economy (co-located with IEEE DCOSS)},
   publisher = {IEEE},
   year = {2019}
}

Abstract

2018

Collateral damage of Facebook third-party applications: a comprehensive study

I. Symeonidis and G. Biczók and F. Shirazi and C. Perez-Sola and J. Schroers and B. Preneel

Computers & Security, vol. 77, 2018, pp. 179-208.

Bibtex | Abstract

@article {
   author = {Iraklis Symeonidis and Gergely Biczók and Fatemeh Shirazi and Cristina Perez-Sola and J. Schroers and Bart Preneel},
   title = {Collateral damage of Facebook third-party applications: a comprehensive study},
   journal = {Computers & Security},
   volume = {77},
   year = {2018},
   pages = {179-208}
}

Abstract

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers.

Detection of Injection Attacks in Compressed CAN Traffic Logs

A. Gazdag and D. Neubrandt and L. Buttyán and Zs. Szalay

International Workshop on Cyber Security for Intelligent Transportation Systems, Held in Conjunction with ESORICS 2018, Springer, 2018.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag and Dóra Neubrandt and Levente Buttyán and Zsolt Szalay},
   title = {Detection of Injection Attacks in Compressed CAN Traffic Logs},
   booktitle = {International Workshop on Cyber Security for Intelligent Transportation Systems, Held in Conjunction with ESORICS 2018},
   publisher = {Springer},
   year = {2018}
}

Keywords

Intrusion Detection, CAN Networks

Abstract

Prior research has demonstrated that modern cars are vulnerable to cyber attacks. As such attacks may cause physical accidents, forensic investigations must be extended into the cyber domain. In order to support this, CAN traffic in vehicles must be logged continuously, stored efficiently, and analyzed later to detect signs of cyber attacks. Efficient storage of CAN logs requires compressing them. Usually, this compressed logs must be decompressed for analysis purposes, leading to waste of time due to the decompression operation itself and most importantly due to the fact that the analysis must be carried out on a much larger amount of decompressed data. In this paper, we propose an anomaly detection method that works on the compressed CAN log itself. For compression, we use a lossless semantic compression algorithm that we proposed earlier. This compression algorithm achieves a higher compression ratio than traditional syntactic compression methods do such as gzip. Besides this advantage, in this paper, we show that it also supports the detection of injection attacks without decompression. Moreover, with this approach we can detect attacks with low injection frequency that were not detected reliably in previous works.

Differentially Private Mixture of Generative Neural Networks

G. Ács and L. Melis and C. Castelluccia and E. De Cristofaro

IEEE Transactions on Knowledge and Data Engineering, 2018.

Bibtex | Abstract | Link

@article {
   author = {Gergely Ács and Luca Melis and Claude Castelluccia and Emiliano De Cristofaro},
   title = {Differentially Private Mixture of Generative Neural Networks},
   journal = {IEEE Transactions on Knowledge and Data Engineering},
   year = {2018},
   howpublished = "\url{https://arxiv.org/pdf/1709.04514.pdf}"
}

Abstract

Generative models are used in a wide range of applications building on large amounts of contextually rich information. Due to possible privacy violations of the individuals whose data is used to train these models, however, publishing or sharing generative models is not always viable. In this paper, we present a novel technique for privately releasing generative models and entire high-dimensional datasets produced by these models. We model the generator distribution of the training data with a mixture of k generative neural networks. These are trained together and collectively learn the generator distribution of a dataset. Data is divided into k clusters, using a novel differentially private kernel k-means, then each cluster is given to separate generative neural networks, such as Restricted Boltzmann Machines or Variational Autoencoders, which are trained only on their own cluster using differentially private gradient descent. We evaluate our approach using the MNIST dataset, as well as call detail records and transit datasets, showing that it produces realistic synthetic samples, which can also be used to accurately compute arbitrary number of counting queries.

Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic

G. Ládi and L. Buttyán and T. Holczer

26th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2018, pp. 1-6, ISBN 978-9-5329-0087-3.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi and Levente Buttyán and Tamas Holczer},
   title = {Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic},
   booktitle = {26th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
   publisher = {FESB, University of Split},
   year = {2018},
   pages = {1-6},
   note = {ISBN 978-9-5329-0087-3}
}

Keywords

protocol reverse engineering; message format; field semantics; inference; binary protocols; network traffic; Modbus; MQTT

Abstract

Protocol specifications describe the interaction between different entities by defining message formats and message processing rules. Having access to such protocol specifications is highly desirable for many tasks, including the analysis of botnets, building honeypots, defining network intrusion detection rules, and fuzz testing protocol implementations. Unfortunately, many protocols of interest are proprietary, and their specifications are not publicly available. Protocol reverse engineering is an approach to reconstruct the specifications of such closed protocols. Protocol reverse engineering can be tedious work if done manually, so prior research focused on automating the reverse engineering process as much as possible. Some approaches rely on access to the protocol implementation, but in many cases, the protocol implementation itself is not available or its license does not permit its use for reverse engineering purposes. Hence, in this paper, we focus on reverse engineering protocol specifications based solely on recorded network traffic. More specifically, we propose a method that can infer protocol message formats as well as certain field semantics for binary protocols from network traces. We demonstrate the usability of our approach by running it on packet captures of two known protocols, Modbus and MQTT, then comparing the inferred specifications to the known specifications of these protocols.

POSTER: The Price of Privacy in Collaborative Learning

B. Pejo and Q. Tang and G. Biczók

CCS 2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2018.

Bibtex | Abstract

@inproceedings {
   author = {Balazs Pejo and Q. Tang and Gergely Biczók},
   title = {POSTER: The Price of Privacy in Collaborative Learning},
   booktitle = {CCS 2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
   publisher = {ACM},
   year = {2018}
}

Abstract

Machine learning algorithms have reached mainstream status and are widely deployed in many applications. The accuracy of such algorithms depends significantly on the size of the underlying training dataset; in reality a small or medium sized organization often does not have enough data to train a reasonably accurate model. For such organizations, a realistic solution is to train machine learning models based on a joint dataset (which is a union of the individual ones). Unfortunately, privacy concerns prevent them from straightforwardly doing so. While a number of privacy-preserving solutions exist for collaborating organizations to securely aggregate the parameters in the process of training the models, we are not aware of any work that provides a rational framework for the participants to precisely balance the privacy loss and accuracy gain in their collaboration. In this paper, we model the collaborative training process as a two-player game where each player aims to achieve higher accuracy while preserving the privacy of its own dataset. We introduce the notion of Price of Privacy, a novel approach for measuring the impact of privacy protection on the accuracy in the proposed framework. Furthermore, we develop a game-theoretical model for different player types, and then either find or prove the existence of a Nash Equilibrium with regard to the strength of privacy protection for each player.

Privacy-Preserving Release of Spatio-Temporal Density

G. Ács and G. Biczók and C. Castelluccia

A. Gkoulalas-Divanis and Claudio Bettini (Eds.), Handbook of Mobile Data Privacy, pp. 307-335, Springer, 2018.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács and Gergely Biczók and Claude Castelluccia},
   editor = {A. Gkoulalas-Divanis and Claudio Bettini (Eds.)},
   title = {Privacy-Preserving Release of Spatio-Temporal Density},
   chapter = {Handbook of Mobile Data Privacy},
   pages = {307-335},
   publisher = {Springer},
   year = {2018}
}

Abstract

In today’s digital society, increasing amounts of contextually rich spatio-temporal information are collected and used, e.g., for knowledge-based decision making, research purposes, optimizing operational phases of city management, planning infrastructure networks, or developing timetables for public transportation with an increasingly autonomous vehicle fleet. At the same time, however, publishing or sharing spatio-temporal data, even in aggregated form, is not always viable owing to the danger of violating individuals’ privacy, along with the related legal and ethical repercussions. In this chapter, we review some fundamental approaches for anonymizing and releasing spatio-temporal density, i.e., the number of individuals visiting a given set of locations as a function of time. These approaches follow different privacy models providing different privacy guarantees as well as accuracy of the released anonymized data. We demonstrate some sanitization (anonymization) techniques with provable privacy guarantees by releasing the spatio-temporal density of Paris, in France. We conclude that, in order to achieve meaningful accuracy, the sanitization process has to be carefully customized to the application and public characteristics of the spatio-temporal data.

Problem Domain Analysis of IoT-Driven Secure Data Markets

L. Buttyán and M. Horváth

Euro-CYBERSEC 2018. Communications in Computer and Information Science, Springer, 2018, Gelenbe E. et al. (eds.), pp. 57-67, vol. 821.

Bibtex | Abstract | PDF

@incollection {
   author = {Levente Buttyán and Máté Horváth},
   title = {Problem Domain Analysis of IoT-Driven Secure Data Markets},
   booktitle = {Euro-CYBERSEC 2018. Communications in Computer and Information Science},
   publisher = {Springer},
   year = {2018},
   editor = {Gelenbe E. et al. (eds.)},
   pages = {57-67},
   note = {vol. 821}
}

Abstract

The Internet of Things (IoT) provides us with a vast amount of new data day by day, however, currently, most of these are only stored without utilizing their full potential. The attractive concept of data markets can change this situation in the near future and thus we initiate the study of security aspects of such systems. In this work, as a first step, we analyse the data markets based on the possible security requirements of the different participants. We identify more than 30 possible scenarios and connect these to the relevant areas of cryptography. Our analysis also highlights several open problems motivating further research on certain cryptographic primitives.

Searchable Symmetric Encryption for Restricted Search

I. Vajda and M. Horváth

Journal of Communications Software and Systems (JCOMSS), vol. 14, no. 1, 2018.

Bibtex | Abstract | PDF

@article {
   author = {István VAJDA and Máté Horváth},
   title = {Searchable Symmetric Encryption for Restricted Search},
   journal = {Journal of Communications Software and Systems (JCOMSS)},
   volume = {14},
   number = {1},
   year = {2018}
}

Keywords

Searchable Symmetric Encryption; Forward Index; Type-3 Pairings; MAC

Abstract

The proliferation of cloud computing highlights the importance of techniques that permit both secure storage of sensitive data and flexible data management at the same time. One line of research with this double motivation is the study of Searchable Symmetric Encryption (SSE) that has provided several outstanding results in the recent years. These solutions achieve sublinear keyword search in huge databases by using various data structures to store keywords and document identifiers. In this work, we focus on certain scenarios in which search over the whole database is not necessary and show that the otherwise inefficient sequential scan (in linear time) can be very practical. This is due to the fact that adding new entries to the database comes for free in this case while updating a complex data structure without information leakage is rather complicated. To demonstrate the practicality of our approach we build a simple SSE scheme based on bilinear pairings and prove its security against adaptive chosen-keyword attacks in the standard model under the widely used Symmetric eXternal Diffie-Hellman (SXDH) assumption.

Vehicular Can Traffic Based Microtracking for Accident Reconstruction

A. Gazdag and T. Holczer and L. Buttyán and Zs. Szalay

Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering, University of Miskolc, Miskolc, Hungary, 2018.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag and Tamas Holczer and Levente Buttyán and Zsolt Szalay},
   title = {Vehicular Can Traffic Based Microtracking for Accident Reconstruction},
   booktitle = {Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering},
   publisher = {University of Miskolc, Miskolc, Hungary},
   year = {2018}
}

Keywords

Digital forensics, CAN network

Abstract

Accident reconstruction is the process of reliably discovering what has happened before a serious event. We show how the most widely used intra vehicular network (namely the Controller Area Network, CAN) can be used in this process. We show how the actual velocity and steering wheel position transmitted on the CAN network can be used to reconstruct the trajectory of a vehicle. This trajectory is an essential input in the reconstruction process. In this paper, we show how the CAN traffic of an actual vehicle can be used to recon- struct the trajectory of the vehicle, and we evaluate our approach in several real life experiments including normal and pre-accident situations.

2017

CAN compression based IDS

A. Gazdag

IT-SECX 2017, FH St. Pölten, 2017.

Bibtex | Abstract

@conference {
   author = {András Gazdag},
   title = {CAN compression based IDS},
   booktitle = {IT-SECX 2017},
   publisher = {FH St. Pölten},
   year = {2017}
}

Abstract

Modern vehicles are mainly controlled by ECUs (Electric Control Units). They are small programmable computers responsible for single tasks. New smart features of vehicles showed demand for Internet connectivity rendering these previously isolated computer networks reachable for malicious attacks. Detecting cyber-attacks requires a continuous network traffic logging for online and offline analysis. This generates a huge amount of data which is a challenge to store and to analyze, as well. In this presentation, we show a proposed semantic compression mechanism that is capable of representing the original data in a lossless form while using a fraction of the space. The introduced algorithm understands properties of the CAN traffic log. This is a powerful foundation for compression and for intrusion detection. The compressed traffic log can be directly used as an input for a machine learning based IDS, which is then capable to effectively recognize malicious attack patterns.

Differentially Private Mixture of Generative Neural Networks

E. De Cristofaro and C. Castelluccia and L. Melis and G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2017.

Bibtex

@inproceedings {
   author = {Emiliano De Cristofaro and Claude Castelluccia and Luca Melis and Gergely Ács},
   title = {Differentially Private Mixture of Generative Neural Networks},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

Efficient Lossless Compression of CAN Traffic Logs

A. Gazdag and L. Buttyán and Zs. Szalay

IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom), IEEE, 2017.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag and Levente Buttyán and Zsolt Szalay},
   title = {Efficient Lossless Compression of CAN Traffic Logs},
   booktitle = {IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by cyber attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data, therefore, it contributes to reduced analysis time and effort. We achieve this by performing semantic compression on the CAN traffic logs, rather than simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of state-of-the-art syntactic compression methods, such as gzip.

Forensics aware lossless compression of CAN traffic logs

A. Gazdag and L. Buttyán and Zs. Szalay

Scientific Letters of the University of Zilina, 2017.

Bibtex | Abstract | PDF

@article {
   author = {András Gazdag and Levente Buttyán and Zsolt Szalay},
   title = {Forensics aware lossless compression of CAN traffic logs},
   journal = {Scientific Letters of the University of Zilina},
   year = {2017}
}

Keywords

CAN, network traffic capture, semantic compression, forensic analysis

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.

Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange

H Lønsethagen and P Heegaard and L. Toka and M Dramitinos and G. Biczók

IEEE Communications Magazine, vol. 55, no. 4, 2017.

Bibtex | Abstract

@article {
   author = {Håkon Lønsethagen and Poul E. Heegaard and Laszlo Toka and Manos Dramitinos and Gergely Biczók},
   title = {Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange},
   journal = {IEEE Communications Magazine},
   volume = {55},
   number = {4},
   year = {2017}
}

Abstract

Bla

Privacy-Aware Caching in Information-Centric Networking

C. Wood and G. Tsudik and C. Ghali and P. Gasti and M. Conti and G. Ács

IEEE Transactions on Dependable Computing (TDSC), 2017.

Bibtex

@article {
   author = {Christopher Wood and Gene Tsudik and Cesar Ghali and Paulo Gasti and Mauro Conti and Gergely Ács},
   title = {Privacy-Aware Caching in Information-Centric Networking},
   journal = {IEEE Transactions on Dependable Computing (TDSC)},
   year = {2017}
}

Abstract

Searchable Symmetric Encryption: Sequential Scan Can Be Practical

M. Horváth and I. Vajda

The 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2017), IEEE, 2017.

Bibtex | Abstract

@inproceedings {
   author = {Máté Horváth and István VAJDA},
   title = {Searchable Symmetric Encryption: Sequential Scan Can Be Practical},
   booktitle = {The 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2017)},
   publisher = {IEEE},
   year = {2017}
}

Keywords

Searchable Symmetric Encryption; Forward Index; Type-3 Pairings; MAC

Abstract

The proliferation of cloud computing highlights the importance of techniques that allow both securing sensitive data and flexible data management at the same time. One line of research with this double motivation is the study of Searchable Symmetric Encryption (SSE) that has provided several outstanding results in the recent years. These solutions allow sublinear keyword search in huge databases by using various data structures to store keywords and document identifiers. In this work, we focus on certain scenarios in which search over the whole database is not necessary and show that the otherwise inefficient sequential scan (in linear time) can be very practical. This is due to the fact that adding new entries to the database comes for free in this case while updating a complex data structure without information leakage is rather complicated. To demonstrate the practicality of our approach we build a simple SSE scheme based on bilinear pairings and prove its security against adaptive chosen-keyword attacks in the standard model under the widely used SXDH assumption.

Semantics-Preserving Encryption for Computer Networking Related Data Types

G. Ládi

12th International Symposium on Applied Informatics and Related Areas, Proceedings, Óbuda University, 2017, pp. 176-181, ISBN 978-963-449-032-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Semantics-Preserving Encryption for Computer Networking Related Data Types},
   booktitle = {12th International Symposium on Applied Informatics and Related Areas, Proceedings},
   publisher = {Óbuda University},
   year = {2017},
   pages = {176-181},
   note = {ISBN 978-963-449-032-6}
}

Keywords

semantics-preserving encryption; format-preserving encryption; networking; data type; MAC address; IPv4 address; IPv6 address; TCP port; UDP port; privacy; log anonymization;

Abstract

Semantics-preserving encryption methods are encryption methods that not only preserve the format (data structure) of the input, but also a set of additional properties that are desired to be preserved (for example, transforming an IP address into another from the same subnet). Such methods may be used to anonymize logs or otherwise hide potentially sensitive information from third parties, while preserving characteristics that are essential for a given purpose. This paper presents tuneable semantics-preserving encryption methods that may be applied to common computer networking related data types such as IPv4, IPv6, and MAC addresses.

Towards Efficient Compression of CAN Traffic Logs

A. Gazdag and L. Buttyán and Zs. Szalay

34th International Colloquium on Advanced Manufacturing and Repairing Technologies in Vehicle Industry, 2017.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag and Levente Buttyán and Zsolt Szalay},
   title = {Towards Efficient Compression of CAN Traffic Logs},
   booktitle = {34th International Colloquium on Advanced Manufacturing and Repairing Technologies in Vehicle Industry},
   year = {2017}
}

Keywords

CAN, network traffic capture, semantic compression, forensic analysis

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by cyber attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data, therefore, it contributes to reduced analysis time and effort. We achieve this by performing semantic compression on the CAN traffic logs, rather than simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of state-of-the-art syntactic compression methods, such as zip.

Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance

D. Papp and L. Buttyán and Z. Ma

Workshop on Software Assurance at ARES 2017, 2017.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp and Levente Buttyán and Zhendong Ma},
   title = {Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance},
   booktitle = {Workshop on Software Assurance at ARES 2017},
   year = {2017}
}

Abstract

A program exhibits trigger-based behavior if it performs undocumented, often malicious, functions when the environmental conditions and/or specific input values match some pre-specified criteria. Checking whether such hidden functions exist in the program is important for increasing trustworthiness of software. In this paper, we propose a framework to effectively detect trigger-based behavior at the source code level. Our approach is semi-automated: We use automated source code instrumentation and mixed concrete and symbolic execution to generate potentially suspicious test cases that may trigger hidden, potentially malicious functions. The test cases must be investigated by a human analyst manually to decide which of them are real triggers. While our approach is not fully automated, it greatly reduces manual work by allowing analysts to focus on a few test cases found by our automated tools.

Transparent Encryption for Cloud-based Services

G. Ládi

Mesterpróba 2017, Conference Proceedings, Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics, 2017, pp. 5-8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {Mesterpróba 2017, Conference Proceedings},
   publisher = {Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics},
   year = {2017},
   pages = {5-8}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that even if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services.

Transparent Encryption for Cloud-based Services

G. Ládi

25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2017, pp. 64-68, ISSN 1847-3598.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
   publisher = {FESB, University of Split},
   year = {2017},
   pages = {64-68},
   note = {ISSN 1847-3598}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; TLS inspection; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services, even if the connection between the client and the provider is secured by Transport Layer Security.

2016

Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence

B. Preneel and C. Perez-Sola and G. Biczók and F. Shirazi and I. Symeonidis

IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC), Springer, 2016.

Bibtex | Abstract

@inproceedings {
   author = {Bart Preneel and Cristina Perez-Sola and Gergely Biczók and Fatemeh Shirazi and Iraklis Symeonidis},
   title = {Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence},
   booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC)},
   publisher = {Springer},
   year = {2016}
}

Abstract

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage.

Intrusion detection in Cyber Physical Systems Based on Process Modelling

A. Gazdag and T. Holczer and Gy. Miru

Proceedings of 16th European Conference on Cyber Warfare & Security, Academic conferences, 2016.

Bibtex | Abstract

@inproceedings {
   author = {András Gazdag and Tamas Holczer and Gyorgy Miru},
   title = {Intrusion detection in Cyber Physical Systems Based on Process Modelling},
   booktitle = {Proceedings of 16th European Conference on Cyber Warfare & Security},
   publisher = {Academic conferences},
   year = {2016}
}

Abstract

Cyber physical systems (CPS) are used to control chemical processes, and can be found in manufacturing, civil infrastructure, energy industry, transportation and in many more places. There is one common characteristic in these areas, their operation is critical as a malfunction can potential be life-threatening. In the past, an attack against the cyber part of the systems can lead to physical consequences. The first well known attack against a CPS was Stuxnet in 2010. It is challenging to develop countermeasures in this field without endangering the normal operation of the underlying system. In our research, our goal was to detect attacks without interfering with the cyber physical systems in any way. This can be realized by an anomaly detection system using passive network monitoring. Our approach is based on analysing the state of the physical process by interpreting the communication between the control system and the supervisory system. This state can be compared to a model based prediction of the system, which can serve as a solid base for intrusion detection. In order to realize our intrusion detection system, a testbed was built based on widely used Siemens PLCs. Our implementation consists of three main parts. The first task is to understand the network communication in order to gain information about the controlled process. This was realized by analysing and deeply understanding the publicly undocumented Siemens management protocol. The resulting protocol parser was integrated into the widely-used Bro network security monitoring framework. Gathering information about the process state for a prolonged time creates time series. With these time series, as the second step, statistical models of the physical process can be built to predict future states. As the final step, the new states of the physical process can be compared with the predicted states. Significant differences can be considered as an indicator of compromise.

Near-Optimal Fingerprinting with Constraints

C. Castelluccia and G. Ács and G. Gy. Gulyás

PET Symposium, ACM, 2016.

Bibtex

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács and Gábor György Gulyás},
   title = {Near-Optimal Fingerprinting with Constraints},
   booktitle = {PET Symposium},
   publisher = {ACM},
   year = {2016}
}

Abstract

Privacy Preserving Data Aggregation over Multi-hop Networks

Sz. Lestyán

Infocommunications Journal, pp. 7-15, December 2016, Volume VIII, Number 4, ISSN 2061-2079, 2016.

Bibtex

@article {
   author = {Szilvia Lestyan},
   title = {Privacy Preserving Data Aggregation over Multi-hop Networks},
   journal = {Infocommunications Journal, pp. 7-15, December 2016, Volume VIII, Number 4, ISSN 2061-2079},
   year = {2016}
}

Abstract

Private VNFs for collaborative multi-operator service delivery: An architectural case

C. Boyd and N. Bereczky and B. Sonkoly and G. Biczók

IEEE/IFIP Network Operations and Management Symposium (NOMS), IEEE, 2016.

Bibtex | Abstract

@inproceedings {
   author = {Colin Boyd and Nikolett Bereczky and Balázs Sonkoly and Gergely Biczók},
   title = {Private VNFs for collaborative multi-operator service delivery: An architectural case},
   booktitle = {IEEE/IFIP Network Operations and Management Symposium (NOMS)},
   publisher = {IEEE},
   year = {2016}
}

Abstract

Flexible service delivery is a key requirement for 5G network architectures. This includes the support for collaborative service delivery by multiple operators, when an individual operator lacks the geographical footprint or the available network, compute or storage resources to provide the requested service to its customer. Network Function Virtualisation is a key enabler of such service delivery, as network functions (VNFs) can be outsourced to other operators. Owing to the (partial lack of) contractual relationships and co-opetition in the ecosystem, the privacy of user data, operator policy and even VNF code could be compromised. In this paper, we present a case for privacy in a VNF-enabled collaborative service delivery architecture. Specifically, we show the promise of homomorphic encryption (HE) in this context and its performance limitations through a proof of concept implementation of an image transcoder network function. Furthermore, inspired by application-specific encryption techniques, we propose a way forward for private, payload-intensive VNFs.

RoViM: Rotating Virtual Machines for Security and Fault-Tolerance

D. Papp and Z. Ma and L. Buttyán

EMC2 Summit at CPS Week 2016, 2016.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp and Zhendong Ma and Levente Buttyán},
   title = {RoViM: Rotating Virtual Machines for Security and Fault-Tolerance},
   booktitle = {EMC2 Summit at CPS Week 2016},
   year = {2016}
}

Abstract

Nowadays, the field of embedded system experiences a number of changes. On one hand, recent cyber attacks against safety-critical systems demonstrate that malware can force safety-critical systems to endanger human lives and harm the environment. Therefore, a new requirement of security have arisen for safety-critical and embedded systems. However, security should be designed hand in hand with safety to resolve conflicts between the two fields. On the other hand, the emerging trend of virtualization has significant impact on the embedded market. The isolation and protection mechanisms of virtualization contributes to both safety and security via redundancy and the prevention of one virtual machine affecting another. In this paper we present RoViM, a system of rotating virtual machines providing proactive security for embedded devices. RoViM uses multiple virtual machines in the system which increases redundancy as a safety measure. Our design satisfies reachability, liveness and safety requirements and we present a proof-of-concept implementation with use case of an Internet Protocol Security (IPsec) gateway. We evaluate our design with formal verification and show that rotating virtual machines cause no significant change in the performance of the IPsec gateway.

Sharing is Power: Incentives for Information Exchange in Multi-Operator Service Delivery

L. Toka and G. Biczók and P Heegaard

IEEE Global Communications Conference (GLOBECOM), IEEE, 2016.

Bibtex

@inproceedings {
   author = {Laszlo Toka and Gergely Biczók and Poul E. Heegaard},
   title = {Sharing is Power: Incentives for Information Exchange in Multi-Operator Service Delivery},
   booktitle = {IEEE Global Communications Conference (GLOBECOM)},
   publisher = {IEEE},
   year = {2016}
}

Abstract

2015

Attribute-Based Encryption Optimized for Cloud Computing

M. Horváth

SOFSEM 2015: Theory and Practice of Computer Science, Springer Berlin Heidelberg, 2015, Italiano, GiuseppeF. and Margaria-Steffen, Tiziana and Pokorny, Jaroslav and Quisquater, Jean-Jacques and Wattenhofer, Roger, pp. 566-577, http://dx.doi.org/10.1007/978-3-662-46078-8_47.

Bibtex | Abstract

@incollection {
   author = {Máté Horváth},
   title = {Attribute-Based Encryption Optimized for Cloud Computing},
   booktitle = {SOFSEM 2015: Theory and Practice of Computer Science},
   publisher = {Springer Berlin Heidelberg},
   year = {2015},
   editor = {Italiano, GiuseppeF. and Margaria-Steffen, Tiziana and Pokorny, Jaroslav and Quisquater, Jean-Jacques and Wattenhofer, Roger},
   pages = {566-577},
   note = {http://dx.doi.org/10.1007/978-3-662-46078-8_47}
}

Keywords

storage in clouds; access control; attribute-based encryption; multi-authority; user revocation

Abstract

In this work, we aim to make attribute-based encryption (ABE) more suitable for access control to data stored in the cloud. For this purpose, we concentrate on giving to the encryptor full control over the access rights, providing feasible key management even in case of multiple independent authorities, and enabling viable user revocation, which is essential in practice. Our main result is an extension of the decentralized CP-ABE scheme of Lewko and Waters [6] with identity-based user revocation. Our revocation system is made feasible by removing the computational burden of a revocation event from the cloud service provider, at the expense of some permanent, yet acceptable overhead of the encryption and decryption algorithms run by the users. Thus, the computation overhead is distributed over a potentially large number of users, instead of putting it on a single party (e.g., a proxy server), which would easily lead to a performance bottleneck. The formal security proof of our scheme is given in the generic bilinear group and random oracle models.

Attribute-Based Encryption Optimized for Cloud Computing

M. Horváth

Infocommunications Journal, vol. 7, no. 2, 2015, pp. 1-9.

Bibtex

@article {
   author = {Máté Horváth},
   title = {Attribute-Based Encryption Optimized for Cloud Computing},
   journal = {Infocommunications Journal},
   volume = {7},
   number = {2},
   year = {2015},
   pages = {1-9}
}

Keywords

storage in clouds; access control; attribute-based encryption; multi-authority; user revocation

Abstract

Duqu 2.0:A comparison to Duqu

B. Bencsáth and L. Buttyán and R. Kamarás and G. Vaspöri and G. Molnár and G. Ács-Kurucz

BME CrySyS Lab, 2015.

Bibtex | PDF

@techreport {
   author = {Boldizsár Bencsáth and Levente Buttyán and Roland Kamarás and Gábor Vaspöri and Gábor Molnár and Gábor Ács-Kurucz},
   title = {Duqu 2.0:A comparison to Duqu},
   institution = {BME CrySyS Lab},
   year = {2015}
}

Abstract

Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy

D. Papp and Z. Ma and L. Buttyán

IEEE International Confenrence on Privacy, Security, and Trust, 2015.

Bibtex | Abstract

@conference {
   author = {Dorottya Papp and Zhendong Ma and Levente Buttyán},
   title = {Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy},
   booktitle = {IEEE International Confenrence on Privacy, Security, and Trust},
   year = {2015}
}

Abstract

Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and ``invisible' way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. In this paper, we conduct a systematic review of the existing threats and vulnerabilities in embedded systems based on public available data. Moreover, based on the information, we derive an attack taxonomy for embedded systems. We envision that the findings in this paper provide a valuable insight of the threat landscape facing embedded systems. The knowledge can be used for a better understanding and the identification of security risks in system analysis and design.

On pricing online data backup

G. Biczók and L. Toka

IEEE INFOCOM Smart Data Pricing WS, IEEE, 2015.

Bibtex

@inproceedings {
   author = {Gergely Biczók and Laszlo Toka},
   title = {On pricing online data backup},
   booktitle = {IEEE INFOCOM Smart Data Pricing WS},
   publisher = {IEEE},
   year = {2015}
}

Abstract

On the Unicity of Smartphone Applications

C. Castelluccia and G. Ács and J. P. Achara

ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.

Bibtex

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács and Jagdish Prasad Achara},
   title = {On the Unicity of Smartphone Applications},
   booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2015}
}

Abstract

Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)

C. Castelluccia and J. P. Achara and G. Ács

IEEE International Conference on Big Data (Big Data), IEEE, 2015.

Bibtex

@inproceedings {
   author = {Claude Castelluccia and Jagdish Prasad Achara and Gergely Ács},
   title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
   booktitle = {IEEE International Conference on Big Data (Big Data)},
   publisher = {IEEE},
   year = {2015}
}

Abstract

ROSCO: Repository of signed code

B. Bencsáth and L. Buttyán and T. Holczer and B. Kócsó and D. Papp

Virus Bulletin, 2015.

Bibtex | PDF

@conference {
   author = {Boldizsár Bencsáth and Levente Buttyán and Tamas Holczer and Balázs Kócsó and Dorottya Papp},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract

The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems

L. Buttyán and M. Felegyhazi and T. Holczer

Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, IAEA, 2015.

Bibtex

@inproceedings {
   author = {Levente Buttyán and Mark Felegyhazi and Tamas Holczer},
   title = {The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems},
   booktitle = {Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange},
   publisher = {IAEA},
   year = {2015}
}

Abstract

2014

A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris

C. Castelluccia and G. Ács

The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), ACM, 2014.

Bibtex

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács},
   title = {A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris},
   booktitle = {The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)},
   publisher = {ACM},
   year = {2014}
}

Abstract

Adatbányászat az informatikai biztonságban

A. Kiss and T. Holczer and K Szücs

INFODIDACT konferencia, Webdidaktika Alapítvány, 2014, ISBN: 9789631206272.

Bibtex

@conference {
   author = {Attila Kiss and Tamas Holczer and Szücs Katalin},
   title = {Adatbányászat az informatikai biztonságban},
   booktitle = { INFODIDACT konferencia},
   publisher = {Webdidaktika Alapítvány},
   year = {2014},
   note = {ISBN: 9789631206272}
}

Abstract

An independent test of APT attack detection appliances

R. Kamarás and G. Vaspöri and G. Molnár and G. Ács-Kurucz and Z. Balázs and L. Buttyán and B. Bencsáth

MRG Effitas and BME CrySyS Lab, 2014.

Bibtex

@techreport {
   author = {Roland Kamarás and Gábor Vaspöri and Gábor Molnár and Gábor Ács-Kurucz and Zoltán Balázs and Levente Buttyán and Boldizsár Bencsáth},
   title = {An independent test of APT attack detection appliances},
   institution = {MRG Effitas and BME CrySyS Lab},
   year = {2014}
}

Abstract

Android Malware Analysis Based On Memory Forensics

A. Gazdag and L. Buttyán

Annual Scientific Conference of the Hungarian National Coordinating Center for Infocommunications (NIKK), Springer, 2014.

Bibtex

@inproceedings {
   author = {András Gazdag and Levente Buttyán},
   title = {Android Malware Analysis Based On Memory Forensics},
   booktitle = {Annual Scientific Conference of the Hungarian National Coordinating Center for Infocommunications (NIKK)},
   publisher = {Springer},
   year = {2014}
}

Abstract

Android Memory Forensics Hello Workshop

A. Gazdag

Hacktivity 2014., 2014.

Bibtex | Abstract

@conference {
   author = {András Gazdag},
   title = {Android Memory Forensics Hello Workshop},
   booktitle = {Hacktivity 2014.},
   year = {2014}
}

Abstract

Szakértõk kezében a sérülékeny memóriatartalmak vizsgálata már jó ideje hatékony fegyvernek bizonyult. Az új technológiák robbanásszerû elterjedése szükségessé teszi a megbízható technológiák átalakítását, hogy azok az új kihívásoknak is eleget tudjanak ezáltal tenni. Erre az egyik legkézenfekvõbb példa az Android platform. Az utóbbi években látható jelentõs térhódítása ennek a platformnak elkerülhetetlenné tette – többek között – a memória vizsgálati módszerek kifejlesztését is. A workshop célja a résztvevõk megismertetése a jelenleg elérhetõ technológiákkal, gyakorlati példákon keresztül. A lehetséges megközelítések rövid összefoglalása után a résztvevõk megtanulhatják, hogy hogyan lehetséges memória tartalmat rögzíteni Android-ot futtató eszközökrõl, ezután pedig a minták elemzésére kerül sor a széles körben elterjedt Volatility framework segítségével.

CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp

T. Holczer and M. Felegyhazi and Gy. Miru and F. Juhasz and D. Buza

Kiss Natália Nagy Bálint Németh István Péter (Eds), Tudományos terek, pp. 9-20, DUF Press, 2014, ISBN: 9789632870755.

Bibtex

@inbook {
   author = {Tamas Holczer and Mark Felegyhazi and Gyorgy Miru and Ferenc Juhasz and Daniel Buza},
   editor = {Kiss Natália Nagy Bálint Németh István Péter (Eds)},
   title = {CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp},
   chapter = {Tudományos terek},
   pages = {9-20},
   publisher = {DUF Press},
   year = {2014},
   note = {ISBN: 9789632870755}
}

Abstract

CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot

D. Buza and F. Juhasz and Gy. Miru and M. Felegyhazi and T. Holczer

in Proceedings of SmartGridSec 2014, February 26, 2014.

Bibtex | Abstract | PDF

@article {
   author = {Daniel Buza and Ferenc Juhasz and Gyorgy Miru and Mark Felegyhazi and Tamas Holczer},
   title = {CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot},
   journal = {in Proceedings of SmartGridSec 2014},
   month = {February 26},
   year = {2014}
}

Keywords

PLC honeypot, critical infrastructures, advanced threat monitoring, industrial control systems security

Abstract

Smart grids consist of suppliers, consumers, and other parts. The main suppliers are normally supervised by industrial control sys- tems. These systems rely on programmable logic controllers (PLCs) to control industrial processes and communicate with the supervisory sys- tem. Until recently, industrial operators relied on the assumption that these PLCs are isolated from the online world and hence cannot be the target of attacks. Recent events, such as the infamous Stuxnet attack [15] directed the attention of the security and control system community to the vulnerabilities of control system elements, such as PLCs. In this paper, we design and implement the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems. This PLC honeypot can be implemented as part of a larger security monitoring system. Our honeypot implementation improves upon existing solutions in several aspects: most importantly in level of interaction and ease of configuration. Results of an evaluation show that our honeypot is largely indistinguishable from a real device from the attacker’s perspective. As a collateral of our analysis, we were able to identify some security issues in the real PLC device we tested and implemented specific firewall rules to protect the device from targeted attacks.

Efficient Apriori Based Algorithms for Privacy Preserving Frequent Itemset Mining

Sz. Lestyán and A. Csiszárik and A. Lukács

Cognitive Infocommunications (CogInfoCom), 2014 5th IEEE Conference on Cognitive Infocommunications, 2014.

Bibtex | Abstract

@article {
   author = {Szilvia Lestyan and Adrián Csiszárik and András Lukács},
   title = {Efficient Apriori Based Algorithms for Privacy Preserving Frequent Itemset Mining},
   journal = {Cognitive Infocommunications (CogInfoCom), 2014 5th IEEE Conference on Cognitive Infocommunications},
   year = {2014}
}

Abstract

Frequent Itemset Mining as one of the principal routine of data analysis and a basic tool of large scale information aggregation also bears a serous interest in Privacy Preserving Data Mining. In this paper Apriori based distributed, privacy preserving Frequent Itemset Mining algorithms are considered. Our secure algorithms are designed to fit in the Secure Multiparty Computation model of privacy preserving computation.

Retargeting Without Tracking

C. Castelluccia and G. Ács and M.-D. Tran

INRIA, 2014.

Bibtex

@techreport {
   author = {Claude Castelluccia and Gergely Ács and Minh-Dung Tran},
   title = {Retargeting Without Tracking},
   institution = {INRIA},
   year = {2014}
}

Abstract

2013

A Game-Theoretic Analysis of Content-Adaptive Steganography with Independent Embedding

R. Böhme and J. Grossklags and B. Johnson and A. Laszka and P. Schöttle

21st European Signal Processing Conference (EUSIPCO 2013), September, 2013.

Bibtex | Abstract

@conference {
   author = { and Jens Grossklags and Benjamin Johnson and Aron Laszka and Pascal Schöttle},
   title = {A Game-Theoretic Analysis of Content-Adaptive Steganography with Independent Embedding},
   booktitle = {21st European Signal Processing Conference (EUSIPCO 2013)},
   month = {September},
   year = {2013}
}

Abstract

We provide a game-theoretic analysis of a scenario from the field of content-adaptive steganography. Alice, a steganographer, wants to embed a secret message into a ran- dom binary sequence with a known distribution in which the value of each position is independently but non-identically distributed. Eve, a steganalyst, observes the sequence and wants to determine whether it contains a hidden message. Al- ice is allowed to flip binary values independently at random, with the constraint that the expected number of changes is a fixed constant. Eve may choose to classify each sequence as either unmodified (cover) or modified (stego). The payoff for Eve in the game is the probability that her classification is correct; and the payoff for Alice is the probability that Eve’s classification is incorrect, so that the game is constant-sum. We show that Eve’s best response strategy in this game can be expressed as a linear aggregation threshold formula similar to those used in practical steganalysis. We give a gen- eral formula for Alice’s best response strategy; and we com- pute explicit pure strategy equilibria for the special case of changing one bit in a length-two sequence.

A Game-Theoretic Approach to Risk Mitigation Against Targeted and Non-Targeted Covert Attacks

J. Grossklags and B. Johnson and A. Laszka

4th Conference on Decision and Game Theory for Security (GameSec 2013), November, 2013, (accepted).

Bibtex

@conference {
   author = {Jens Grossklags and Benjamin Johnson and Aron Laszka},
   title = {A Game-Theoretic Approach to Risk Mitigation Against Targeted and Non-Targeted Covert Attacks},
   booktitle = {4th Conference on Decision and Game Theory for Security (GameSec 2013)},
   month = {November},
   year = {2013},
   note = {(accepted)}
}

Abstract

A Survey of Security Issues in Hardware Virtualization

B. Bencsáth and L. Buttyán and G. Pék

ACM Computing Surveys (CSUR), vol. 45 , no. 3, June , 2013, doi:10.1145/2480741.2480757.

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK},
   title = {A Survey of Security Issues in Hardware Virtualization},
   journal = { ACM Computing Surveys (CSUR)},
   volume = {45 },
   number = {3},
   month = {June },
   year = {2013},
   note = {doi:10.1145/2480741.2480757}
}

Abstract

Virtualization is a powerful technology to increase the efficiency of computing services; however, besides its advantages, it also raises a number of security issues. In this paper, we provide a thorough survey of those security issues in hardware virtualization. We focus on potential vulnerabilities and existing attacks on various virtualization platforms, but we also briefly sketch some possible countermeasures. To the best of our knowledge, this is the first survey of security issues in hardware virtualization with this level of details. Moreover, the adversary model and the structuring of the attack vectors are original contributions, never published before.

Bitspotting: Detecting Optimal Adaptive Steganography

R. Böhme and J. Grossklags and A. Laszka and P. Schöttle and B. Johnson

12th International Workshop on Digital-Forensics and Watermarking (IWDW), October, 2013.

Bibtex

@conference {
   author = { and Jens Grossklags and Aron Laszka and Pascal Schöttle and Benjamin Johnson},
   title = {Bitspotting: Detecting Optimal Adaptive Steganography},
   booktitle = {12th International Workshop on Digital-Forensics and Watermarking (IWDW)},
   month = {October},
   year = {2013}
}

Abstract

Cache Privacy in Named-Data Networking

G. Tsudik and C. Ghali and P. Gasti and M. Conti and G. Ács

The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.

Bibtex

@inproceedings {
   author = {Gene Tsudik and Cesar Ghali and Paulo Gasti and Mauro Conti and Gergely Ács},
   title = {Cache Privacy in Named-Data Networking},
   booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
   publisher = {IEEE},
   year = {2013}
}

Abstract

Designing Robust Network Topologies for Wireless Sensor Networks in Adversarial Environments

D. Szeszlér and L. Buttyán and A. Laszka

Pervasive and Mobile Computing, Elsevier, vol. 9, no. 4, August, 2013, pp. 546 - 563, (http://dx.doi.org/10.1016/j.pmcj.2012.05.001).

Bibtex | Abstract

@article {
   author = {Dávid Szeszlér and Levente Buttyán and Aron Laszka},
   title = {Designing Robust Network Topologies for Wireless Sensor Networks in Adversarial Environments},
   journal = {Pervasive and Mobile Computing, Elsevier},
   volume = { 9},
   number = {4},
   month = {August},
   year = {2013},
   pages = {546 - 563},
   note = {(http://dx.doi.org/10.1016/j.pmcj.2012.05.001)}
}

Abstract

In this paper, we address the problem of deploying sink nodes in a wireless sensor network such that the resulting network topology be robust. In order to measure network robustness, we propose a new metric, called persistence, which better captures the notion of robustness than the widely known connectivity based metrics. We study two variants of the sink deployment problem: sink selection and sink placement. We prove that both problems are NP-hard, and show how the problem of sink placement can be traced back to the problem of sink selection using an optimal search space reduction te chnique, which may be of independent interest. To solve the problem of sink selection, we propose efficient heuristic algorithms. Finally, we provide experim ental results on the performance of our proposed algorithms.

eNeMI: Evading the state-of-the-art hardware protection of I/O virtualization

G. Pék

Presentation at Hactivity Conference, October, 2013.

Bibtex | Abstract

@misc {
   author = {Gábor PÉK},
   title = {eNeMI: Evading the state-of-the-art hardware protection of I/O virtualization},
   howpublished = {Presentation at Hactivity Conference},
   month = {October},
   year = {2013}
}

Keywords

hardware virtualization

Abstract

Direct-device assignment is one of the most controversial issues in hardware virtualization, as it allows for using devices almost at native speed, however, raises many security problems. As most of these issues can be evaded by properly configured system software and hardware, the security issues of that area seemed to be solved. At the same time, virtual instances with direct-device assignment are publicly available via various cloud providers, so the security issues have to be examined in more details. In my presentation, an interesting vulnerability is going to be detailed which is not a simple software bug, but an example for an issue on how to handle improperly a hardware-level mechanism: the interrupt generation.

Hiding Information in Social Networks from De-anonymization Attacks by Using Identity Separation

S. Imre and G. Gy. Gulyás

In: Proc. of the 14th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2013), Springer, September, 2013.

Bibtex | Abstract

@conference {
   author = {Sándor Imre and Gábor György Gulyás},
   title = {Hiding Information in Social Networks from De-anonymization Attacks by Using Identity Separation},
   booktitle = { In: Proc. of the 14th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2013)},
   publisher = {Springer},
   month = {September},
   year = {2013}
}

Abstract

Social networks allow their users to mark their pro le attributes, relationships as private in order to guarantee privacy, although private information get occasionally published within sanitized datasets o ered to third parties, such as business partners. Today, powerful de-anonymization attacks exist that enable the nding of corresponding nodes within these datasets and public network data (e.g., crawls of other networks) solely by considering structural information. In this paper, we propose an identity management technique, namely identity separation, as a tool for hiding information from attacks aiming to achieve large-scale re-identi cation. By simulation experiments we compare the protective strength of identity management to the state-of-the-art attack. We show that while a large fraction of participating users are required to repel the attack, with the proper settings it is possible to e ectively hide information, even for a handful of users. In addition, we propose a user-controllable method based on decoy nodes, which turn out to be successful for information hiding as at most 3.33% of hidden nodes are revealed in our experiments.

Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts

G. Pék

Xen Security Advisory CVE-2013-3495 / XSA-59, 2013.

Bibtex | Abstract

@misc {
   author = {Gábor PÉK},
   title = {Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts},
   howpublished = {Xen Security Advisory CVE-2013-3495 / XSA-59},
   year = {2013}
}

Abstract

Message Signaled Interrupts (MSI) interrupts on Intel platforms are defined as DWORD writes to a special address location (0xFEE?????). MSIs on Intel Platforms supporting VT-d have two defined formats - Remappable format interrupts, and Compatibility (not remappable) format interrupts, based on the format of their data payload. Remappable interrupts are subject to interrupt-remapping protection checks, while compatibility format interrupts are not. For protection reasons, host software disables compatibility format interrupts (causing them to be blocked by interrupt translation hardware) and manages the remappable interrupts through programming of interrupt-remapping table entries. Malformed MSIs are transactions to the special (0xFEE?????) address range that do not have proper attributes of MSI requests (e.g., size of request is invalid). Such malformed transactions are detected and aborted by the platform, before they are subject to further interrupt remapping/processing. For RAS purposes, some platforms may be configured to support System Error Reporting (SERR) capability. These platforms raise a PCI system error (SERR#) due to Unsupported Request, which are typically delivered as Non-Maskable Interrupts (NMI), to report such errors to software. Depending on hypervisor and Dom0 kernel configuration, such an NMI may be handled by the hypervisor/Dom0 or can result in a host software halt ("panic"). On platforms with SERR enabled, such malformed MSI requests can be generated by guest OS with an assigned device, causing hypervisor/Dom0 receive NMI despite using VT-d and interrupt remapping for device assignment.

Interdependent Privacy: Let Me Share Your Data

P. Chia and G. Biczók

Financial Cryptography & Data Security, Springer, 2013.

Bibtex | Abstract

@inproceedings {
   author = {Pern Hui Chia and Gergely Biczók},
   title = {Interdependent Privacy: Let Me Share Your Data},
   booktitle = {Financial Cryptography & Data Security},
   publisher = {Springer},
   year = {2013}
}

Abstract

Users share massive amounts of personal information and opinion with each other and different service providers every day. In such an interconnected setting, the privacy of individual users is bound to be affected by the decisions of others, giving rise to the phenomenon which we term as interdependent privacy. In this paper we define online privacy interdependence, show its existence through a study of Facebook application permissions, and model its impact through an Interdependent Privacy Game (IPG). We show that the arising negative externalities can steer the system into equilibria which are inefficient for both users and platform vendor. We also discuss how the underlying incentive misalignment, the absence of risk signals and low user awareness contribute to unfavorable outcomes.

Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats

R. Böhme and J. Grossklags and P. Schöttle and B. Johnson and A. Laszka

The 18th European Symposium on Research in Computer Security (ESORICS 2013) , September, 2013.

Bibtex | Abstract

@conference {
   author = { and Jens Grossklags and Pascal Schöttle and Benjamin Johnson and Aron Laszka},
   title = {Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats},
   booktitle = {The 18th European Symposium on Research in Computer Security (ESORICS 2013) },
   month = {September},
   year = {2013}
}

Abstract

We introduce a two-player stochastic game for modeling secure team selection to add resilience against insider threats. A project manager, Alice, has a secret she wants to protect but must share with a team of individuals selected from within her organization; while an adversary, Eve, wants to learn this secret by bribing one potential team member. Eve does not know which individuals will be chosen by Alice, but both players have information about the bribeability of each potential team member. Speci cally, the amount required to successfully bribe each such individual is given by a random variable with a known distribution but an unknown realization. We characterize best-response strategies for both players, and give nec- essary conditions for determining the game's equilibria. We nd that Alice's best strategy involves minimizing the information available to Eve about the team composition. In particular, she should select each potential team member with a non-zero probability, unless she has a per- fectly secure strategy. In the special case where the bribeability of each employee is given by a uniformly-distributed random variable, the equilibria can be divided into two outcomes {either Alice is perfectly secure, or her protection is based only on the randomness of her selection.

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

J. Grossklags and B. Johnson and A. Laszka

9th Conference on Web and Internet Economics (WINE), December, 2013.

Bibtex

@conference {
   author = {Jens Grossklags and Benjamin Johnson and Aron Laszka},
   title = {Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks},
   booktitle = {9th Conference on Web and Internet Economics (WINE)},
   month = {December},
   year = {2013}
}

Abstract

On formal and automatic security verification of WSN transport protocols

A. Dvir and L. Buttyán and T. V. Thong

ISRN Sensor Networks Journal, Hindawi, December, 2013, In Press.

Bibtex

@article {
   author = {Amit Dvir and Levente Buttyán and Ta Vinh Thong},
   title = {On formal and automatic security verification of WSN transport protocols },
   journal = {ISRN Sensor Networks Journal, Hindawi},
   month = {December},
   year = {2013},
   note = {In Press}
}

Abstract

Quantifying All-to-One Network Topology Robustness Under Budget Constraints

A. Gueye and A. Laszka

The joint Workshop on Pricing and Incentives in Networks and Systems, June, 2013.

Bibtex | Abstract

@conference {
   author = {Assane Gueye and Aron Laszka},
   title = {Quantifying All-to-One Network Topology Robustness Under Budget Constraints},
   booktitle = {The joint Workshop on Pricing and Incentives in Networks and Systems},
   month = {June},
   year = {2013}
}

Abstract

To design robust network topologies that resist strategic at- tacks, one must rst be able to quantify robustness. In a recent line of research, the theory of network blocking games has been used to derive robustness metrics for topologies. However, these previous works did not consider the bud- get constraints of the network operator. In this paper, we introduce a budget limit on the operator and study two bud- get constraint formulations: the maximum and the expected cost constraints. For practical applications, the greatest challenge posed by blocking games is their computational complexity. Therefore, we show that the expected cost con- straint formulation leads to games that can be solved e- ciently, while the maximum cost constraint leads to NP-hard problems. As an illustrative example, this paper discusses the particular case of All-to-One (e.g., sensor or access) net- works

Quantifying Network Topology Robustness Under Budget Constraints: General Model and Computational Complexity

A. Gueye and A. Laszka

4th Conference on Decision and Game Theory for Security (GameSec 2013), November, 2013, (accepted).

Bibtex

@conference {
   author = {Assane Gueye and Aron Laszka},
   title = {Quantifying Network Topology Robustness Under Budget Constraints: General Model and Computational Complexity},
   booktitle = {4th Conference on Decision and Game Theory for Security (GameSec 2013)},
   month = {November},
   year = {2013},
   note = {(accepted)}
}

Abstract

Research and Development in E-Business through Service-Oriented Solutions

B. Károly and Á. M. Földes and G. Gy. Gulyás and S. Imre

Katalin Tarnay, Lai Xu, Sandor Imre, Tracking and Fingerprinting in E-Business: New Storageless Technologies and Coun, pp. 134-166, IGI Global, 2013.

Bibtex | Abstract

@inbook {
   author = {Károly Boda and Ádám Máté Földes and Gábor György Gulyás and Sándor Imre},
   editor = {Katalin Tarnay, Lai Xu, Sandor Imre},
   title = {Research and Development in E-Business through Service-Oriented Solutions},
   chapter = {Tracking and Fingerprinting in E-Business: New Storageless Technologies and Coun},
   pages = {134-166},
   publisher = {IGI Global},
   year = {2013}
}

Abstract

Online user tracking is a widely used marketing tool in e-business, even though it is often neglected in the related literature. In this chapter, the authors provide an exhaustive survey of tracking-related identification techniques, which are often applied against the will and preferences of the users of the Web, and therefore violate their privacy one way or another. After discussing the motivations behind the information-collecting activities targeting Web users (i.e., profiling), and the nature of the information that can be collected by various means, the authors enumerate the most important techniques of the three main groups of tracking, namely storage-based tracking, history stealing, and fingerprinting. The focus of the chapter is on the last, as this is the field where both the techniques intended to protect users and the current legislation are lagging behind the state-of-the-art technology; nevertheless, the authors also discuss conceivable defenses, and provide a taxonomy of tracking techniques, which, to the authors’ knowledge, is the first of its kind in the literature. At the end of the chapter, the authors attempt to draw the attention of the research community of this field to new tracking methods.

SDTP+: Securing a Distributed Transport Protocol for WSNs using Merkle Trees and Hash Chains

T. V. Thong and L. Buttyán and A. Dvir

IEEE International Confenrence on Communications (ICC), pp. 1-6, Budapest, Hungary, June, 2013.

Bibtex | Abstract

@conference {
   author = {Ta Vinh Thong and Levente Buttyán and Amit Dvir},
   title = {SDTP+: Securing a Distributed Transport Protocol for WSNs using Merkle Trees and Hash Chains},
   booktitle = {IEEE International Confenrence on Communications (ICC)},
   pages = {1-6},
   address = {Budapest, Hungary},
   month = {June},
   year = {2013}
}

Abstract

Transport protocols for Wireless Sensor Networks (WSNs) are designed to fulfill both reliability and energy effi- ciency requirements. Distributed Transport for Sensor Networks (DTSN)is one of the most promising transport protocols designed for WSNs because of its effectiveness; however, it does not address any security issues, hence it is vulnerable to many attacks. The first secure transport protocol for WSN was the secure distributed transport protocol (SDTP) [2], which is a security extension of DTSN. Unfortunately, it turns out that the security methods provided by SDTP are not sufficient; some tricky attacks get around the protection mechanism. In this paper, we describe the security gaps in the SDTP protocol, and we introduce SDTP+ for patching the weaknesses. We show that SDTP+ resists attacks on reliability and energy efficiency of the protocol, and also present an overhead analysis for showing its effectiveness.

Technical Trends in Recent Targeted Attacks

M. Felegyhazi and L. Buttyán and B. Bencsáth and G. Pék

Presentation at Power of Community (POC 2013, Seoul, South Korea), November, 2013.

Bibtex

@misc {
   author = {Mark Felegyhazi and Levente Buttyán and Boldizsár Bencsáth and Gábor PÉK},
   title = {Technical Trends in Recent Targeted Attacks },
   howpublished = {Presentation at Power of Community (POC 2013, Seoul, South Korea)},
   month = {November},
   year = {2013}
}

Abstract

2012

A Machine Learning Based Approach for Predicting Undisclosed Attributes in Social Networks

G. Kótyuk and L. Buttyán

Proceedings of the IEEE Workshop on SEcurity and SOCial Networking (SESOC), IEEE, IEEE, Lugano, Switzerland, March, 2012, pp. 1-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Kótyuk and Levente Buttyán},
   title = {A Machine Learning Based Approach for Predicting Undisclosed Attributes in Social Networks},
   booktitle = {Proceedings of the IEEE Workshop on SEcurity and SOCial Networking (SESOC)},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Lugano, Switzerland},
   month = {March},
   year = {2012},
   pages = {1-6}
}

Keywords

social networks, privacy, machine learning

Abstract

Online Social Networks have gained increased popularity in recent years. However, besides their many advanteges, they also represent privacy risks for the users. In order to control access to their private information, users of OSNs are typically allowed to set the visibility of their profile attributes, but this may not be sufficient, beacuse visible attributes, friendship relationships, and group memberships can be used to infer private information. In this paper, we propose a fully automated approach based on machine learning for inferring undisclosed attributes of OSN users. Our method can be used for both classification and regression tasks, and it makes large scale privacy attacks feasible. We also provide experimental results showing that our method achieves good performance in practice.

A Survey of Interdependent Security Games

L. Buttyán and M. Felegyhazi and A. Laszka

no. CRYSYS-TR-2012-11-15, CrySyS Lab, BME, Nov, 2012.

Bibtex | Abstract | PDF

@techreport {
   author = {Levente Buttyán and Mark Felegyhazi and Aron Laszka},
   title = {A Survey of Interdependent Security Games},
   number = {CRYSYS-TR-2012-11-15},
   institution = {CrySyS Lab, BME},
   month = {Nov},
   year = {2012}
}

Keywords

interdependent security, security economics, security games

Abstract

Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the security-related decisions of other connected systems. Therefore, defending networked systems relies on the correlated action of the system operators or users. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies and present solution methods. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community.

A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability

A. Grilo and A. Casaca and P. Pereira and L. Buttyán and J. Goncalves and C. Fortunato

Euro-NF Conference on Next Generation Internet (NGI), IEEE, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Antonio M. Grilo and Augusto Casaca and Paulo Pereira and Levente Buttyán and José Goncalves and Carlos Fortunato},
   title = {A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability},
   booktitle = {Euro-NF Conference on Next Generation Internet (NGI)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

This paper presents an overview of a Wireless Sensor and Actuator Network (WSAN) used to monitor an electrical power grid distribution infrastructure. The WSAN employs appropriate sensors to monitor key grid components, integrating both safety and security services, which improve the grid distribution dependability. The supported applications include, among others, video surveillance of remote secondary substations, which imposes special requirements from the point of view of quality of service and reliability. The paper presents the hardware and software architecture of the system together with performance results.

Célzott informatikai támadások napjainkban

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

Budapest New Tech Meetup, Budapest, Hungary., December, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {Célzott informatikai támadások napjainkban},
   howpublished = {Budapest New Tech Meetup, Budapest, Hungary.},
   month = {December},
   year = {2012}
}

Abstract

Critical Infrastructure Security: Assessment, Prevention, Detection, Response

P. Langendoerfer and L. Buttyán and A. Casaca and E. Osipov and A. Hessler and C. Castelluccia and A. Alkassar

F. Flammini (ed), Wireless Sensor Networks for Critical Infrastructure Protection, pp. 155-167, WIT Press, 2012.

Bibtex

@inbook {
   author = {Peter Langendoerfer and Levente Buttyán and Augusto Casaca and Evgeny Osipov and Alban Hessler and Claude Castelluccia and Ammar Alkassar},
   editor = {F. Flammini (ed)},
   title = {Critical Infrastructure Security: Assessment, Prevention, Detection, Response},
   chapter = {Wireless Sensor Networks for Critical Infrastructure Protection},
   pages = {155-167},
   publisher = {WIT Press},
   year = {2012}
}

Abstract

Cryptography: The strongest link in the chain

L. Buttyán and B. Bencsáth

Hackin9 Extra, vol. 8, no. 1, January, 2012, pp. 8-11.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and Boldizsár Bencsáth},
   title = {Cryptography: The strongest link in the chain},
   journal = {Hackin9 Extra},
   volume = {8},
   number = {1},
   month = {January},
   year = {2012},
   pages = {8-11}
}

Abstract

IT security architectures that use cryptographic elements sometimes fail, but it is rarely cryptography to blame. The reason is more often the use of cryptography in an inappropriate way, or the use of algorithms that do not really qualify as cryptographic. High quality cryptography is in fact the strongest link in the chain, and there are good reasons for that.

Differentially Private Histogram Publishing through Lossy Compression

C. Castelluccia and R. Chen and G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2012.

Bibtex

@inproceedings {
   author = {Claude Castelluccia and Rui Chen and Gergely Ács},
   title = {Differentially Private Histogram Publishing through Lossy Compression},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

Differentially Private Sequential Data Publication via Variable-Length N-Grams

C. Castelluccia and G. Ács and R. Chen

In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács and Rui Chen},
   title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
   booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

Digital Identity and Access Management: Technologies and Frameworks

G. Gy. Gulyás and R. Schulcz and S. Imre

Dr Raj Sharman, Dr. Sanjukta Das Smith, Manish Gupta, Separating Private and Business Identities, pp. 114-132, IGI Global, 2012.

Bibtex | Abstract

@inbook {
   author = {Gábor György Gulyás and Róbert Schulcz and Sándor Imre},
   editor = {Dr Raj Sharman, Dr. Sanjukta Das Smith, Manish Gupta},
   title = {Digital Identity and Access Management: Technologies and Frameworks},
   chapter = {Separating Private and Business Identities},
   pages = {114-132},
   publisher = {IGI Global},
   year = {2012}
}

Abstract

As various information technologies are penetrating everyday life, private and business matters inevitably mingle. Separating private and business past records, public information, actions or identities may, however, be crucial for an employee in certain situations. In this chapter we review the interrelated areas of employee privacy, and analyze in detail two areas of special importance from the viewpoint of the separation: web and social network privacy. In relation to these areas we discuss threats and solutions in parallel, and besides surveying the relevant literature, we also present current Privacy Enhancing Technologies applicable in each area. Additionally, we briefly review other means of workplace surveillance, providing some insight into the world of smartphones, where we expect the rise of new privacy-protecting technologies as these devices are getting capable of taking over the functions of personal computers.

Duqu, Flame, Gauss - new challenges for a new era

B. Bencsáth and L. Buttyán and M. Felegyhazi and G. Pék

EuroNOG 2012 conference, Budapest, 10-11 Sept 2012, September, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Mark Felegyhazi and Gábor PÉK},
   title = {Duqu, Flame, Gauss - new challenges for a new era },
   howpublished = {EuroNOG 2012 conference, Budapest, 10-11 Sept 2012},
   month = {September},
   year = {2012}
}

Abstract

Duqu: Analysis, Detection, and Lessons Learned

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

ACM European Workshop on System Security (EuroSec), ACM, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {Duqu: Analysis, Detection, and Lessons Learned},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   year = {2012}
}

Abstract

In September 2011, a European company sought our help to investigate a security incident that happened in their IT system. During the investigation, we discovered a new malware that was unknown to all mainstream anti-virus products, however, it showed striking similarities to the infamous Stuxnet worm. We named the new malware Duqu, and we carried out its rst analysis. Our ndings led to the hypothesis that Duqu was probably created by the same people who developed Stuxnet, but with a di erent purpose: unlike Stuxnet whose mission was to attack industrial equipment, Duqu is an information stealer rootkit. Nevertheless, both pieces of malware have a modular structure, and they can be re-con gured remotely from a Command and Control server to include virtually any kind of functionality. In this paper, we present an abridged version of our initial Duqu analysis, which is available in a longer format as a technical report. We also describe the Duqu detector toolkit, a set of heuristic tools that we developed to detect Duqu and its variants. Finally, we discuss a number of issues that we learned, observed, or identi ed during our Duqu analysis project concerning the problems of preventing, detecting, and handling targeted malware attacks; we believe that solving these issues represents a great challenge to the system security community.

Game-theoretic Robustness of Many-to-one Networks

L. Buttyán and D. Szeszlér and A. Laszka

3rd International Conference on Game Theory for Networks (GameNets), May, 2012.

Bibtex | Abstract

@conference {
   author = {Levente Buttyán and Dávid Szeszlér and Aron Laszka},
   title = {Game-theoretic Robustness of Many-to-one Networks},
   booktitle = {3rd International Conference on Game Theory for Networks (GameNets)},
   month = {May},
   year = {2012}
}

Abstract

In this paper, we study the robustness of networks that are characterized by many-to-one communications (e.g., access networks and sensor networks) in a game-theoretic model. More speci cally, we model the interactions between a network operator and an adversary as a two player zero-sum game, where the network operator chooses a spanning tree in the network, the adversary chooses an edge to be removed from the network, and the adversary's payo is proportional to the number of nodes that can no longer reach a designated node through the spanning tree. We show that the payo in every Nash equilibrium of the game is equal to the reciprocal of the persistence of the network. We describe optimal adversarial and operator strategies and give efficient, polynomial time algorithms to compute optimal strategies. We also generalize our game model to include varying node weights, as well as attacks against nodes.

Linear Loss Function for the Network Blocking Game: An Efficient Model for Measuring Network Robustness and Link Criticality

L. Buttyán and D. Szeszlér and A. Laszka

3rd Conference on Decision and Game Theory for Security (GameSec 2012), LNCS , November, 2012, pp. 152-170, Volume 7638.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and Dávid Szeszlér and Aron Laszka},
   title = {Linear Loss Function for the Network Blocking Game: An Efficient Model for Measuring Network Robustness and Link Criticality},
   booktitle = {3rd Conference on Decision and Game Theory for Security (GameSec 2012)},
   publisher = {LNCS },
   month = {November},
   year = {2012},
   pages = {152-170},
   note = {Volume 7638}
}

Abstract

In order to design robust networks, first, one has to be able to measure robustness of network topologies. In [1], a game-theoretic model, the network blocking game, was proposed for this purpose, where a network operator and an attacker interact in a zero-sum game played on a network topology, and the value of the equilibrium payoff in this game is interpreted as a measure of robustness of that topology. The payoff for a given pair of pure strategies is based on a loss-in-value function. Besides measuring the robustness of network topologies, the model can be also used to identify critical edges that are likely to be attacked. Unfortunately, previously proposed loss-in-value functions are either too simplistic or lead to a game whose equilibrium is not known to be computable in polynomial time. In this paper, we propose a new, linear loss-in-value function, which is meaningful and leads to a game whose equilibrium is efficiently computable. Furthermore, we show that the resulting game-theoretic robustness metric is related to the Cheeger constant of the topology graph, which is a well-known metric in graph theory.

Measuring Local Topological Anonymity in Social Networks

G. Gy. Gulyás and S. Imre

In: Privacy in Social Data Workshop in conjunction with the 11th IEEE International Conference on Data Mining, IEEE, Brussels, Belgium, December, 2012, pp. 563-570.

Bibtex | Abstract

@inproceedings {
   author = {Gábor György Gulyás and Sándor Imre},
   title = {Measuring Local Topological Anonymity in Social Networks},
   booktitle = {In: Privacy in Social Data Workshop in conjunction with the 11th IEEE International Conference on Data Mining},
   publisher = {IEEE},
   address = {Brussels, Belgium},
   month = {December},
   year = {2012},
   pages = {563-570}
}

Abstract

Service providers of social network based services release their sanitized graph structure for third parties (e.g., business partners) from time to time. However, as these releases contain valuable information additionally to what is publicly available in the network, these may be targeted by reidentification attacks, i.e., where an attacker tries to recover the identities of the nodes that were removed during the sanitization process. One powerful type of these, called structural re-identification attacks consider only structural properties, and work according to a specific strategy: first they re-identify some nodes by their globally unique properties, and then in an optional second phase, nodes related to these are reidentified by their locally unique properties. Global reidentifiability or global node anonymity is a well studied concept, however, node anonymity for local re-identification has not yet been analyzed. Therefore in this paper, after discussing the related literature on anonymity and re-identification, we introduce the novel term of Local Topological Anonymity (LTA), which describes the resistant power of a node against local re-identification attacks, or, in other words, indicates how well the node is structurally hidden in her neighborhood. Regarding these attacks in the literature, we propose three measure variants of LTA based on structural similarity measures, and evaluate them by visual inspection and simulation in multiple networks. We show that one of the proposed measures provides good prediction on local node re-identifiability as there is correlation between the LTA values and the re-identification statistics provided by the state-of-the-art algorithm.

Query Auditing for Protecting Max/Min Values of Sensitive Attributes in Statistical Databases

T. V. Thong and L. Buttyán

9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus), Springer LNCS, July, 2012, pp. 1-15.

Bibtex | Abstract

@inproceedings {
   author = {Ta Vinh Thong and Levente Buttyán},
   title = {Query Auditing for Protecting Max/Min Values of Sensitive Attributes in Statistical Databases},
   booktitle = {9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus)},
   publisher = {Springer LNCS},
   month = {July},
   year = {2012},
   pages = {1-15}
}

Keywords

Query Auditing, Statistical databases, Full disclosure, Partial disclosure, MIN, MAX aggregation queries

Abstract

In this paper, we de ne a novel setting for query auditing, where instead of detecting or preventing the disclosure of individual sensitive values, we want to detect or prevent the disclosure of aggregate values in the database. More speci cally, we study the problem of detecting or preventing the disclosure of the maximum (minimum) value in the database, when the querier is allowed to issue average queries to the database. We propose efficient o ffline and online query auditors for this problem in the full disclosure model, and an ecient simulatable online query auditor in the partial disclosure model.

Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey

P. Schaffer and K. Farkas and Á. Horváth and T. Holczer and L. Buttyán

accepted for publication in Elsevier Computer Networks, 2012.

Bibtex | Abstract

@article {
   author = {Peter Schaffer and Károly Farkas and Ádám Horváth and Tamas Holczer and Levente Buttyán},
   title = {Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey},
   journal = {accepted for publication in Elsevier Computer Networks},
   year = {2012}
}

Abstract

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols inWSNs with special emphasis on security and reliability issues. First, we define the taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols.

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

In collaboration with the sKyWIper Analysis Team , 2012.

Bibtex | PDF

@techreport {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks},
   institution = {In collaboration with the sKyWIper Analysis Team },
   year = {2012}
}

Abstract

Targeted attacks against Critical infrastructure: Stuxnet and beyond

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012, April, 2012, London.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {Targeted attacks against Critical infrastructure: Stuxnet and beyond},
   howpublished = {SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012},
   month = {April},
   year = {2012},
   note = {London}
}

Abstract

Targeted Attacks of Recent Times

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico, February, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Targeted Attacks of Recent Times },
   howpublished = {Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico},
   month = {February},
   year = {2012}
}

Abstract

Technical analysis and information sharing in the handling of high-profile targeted attacks

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012, June, 2012, Barcelona, Spain.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Technical analysis and information sharing in the handling of high-profile targeted attacks },
   howpublished = {2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012},
   month = {June},
   year = {2012},
   note = {Barcelona, Spain}
}

Abstract

The BIZ Top-Level Domain: Ten Years Later

T. Halvorson and J. Szurdi and G. Maier and M. Felegyhazi and C. Kreibich and N. Weaver and K. Levchenko and V. Paxson

in Proceedings of Passive Active Measurements (PAM 2012), PAM 2012, Vienna, Austria, March 12-14, 2012.

Bibtex | Abstract

@inproceedings {
   author = { and János Szurdi and Gregor Maier and Mark Felegyhazi and and and and },
   title = {The BIZ Top-Level Domain: Ten Years Later},
   booktitle = {in Proceedings of Passive Active Measurements (PAM 2012)},
   publisher = {PAM 2012},
   address = {Vienna, Austria},
   month = {March 12-14},
   year = {2012}
}

Abstract

On May 15, 2001 ICANN announced the introduction of the biz and info generic top-level domains (gTLDs)—the first new gTLDs since the inception of the Domain Name System—aiming to “increase consumer choice and create opportunities for entities that have been shut out under the current name structure.” The biz gTLD, in particular, was to become an alternative to the popular com top-level domain. In this paper we examine the current usage of the biz gTLD in order to determine whether it has evolved into the role intended by ICANN, and whether concerns expressed in the early discussions of this expansion have been justified. In particular, using DNS zone files, DNS probing, and Web crawler data, we attempt to answer the question of whether biz has become a viable alternative to com, giving trademark holders who find themselves unable to register a com name an attractive alternative; or whether it has merely induced defensive registrations by existing trademark holders who already had equivalent com domains

The cousins of Stuxnet: Duqu, Flame, Gauss, …

L. Buttyán and B. Bencsáth and G. Pék and M. Felegyhazi

ISCD 2012, Balatonöszöd, 3-4 Sep., September, 2012.

Bibtex

@misc {
   author = {Levente Buttyán and Boldizsár Bencsáth and Gábor PÉK and Mark Felegyhazi},
   title = {The cousins of Stuxnet: Duqu, Flame, Gauss, …},
   howpublished = {ISCD 2012, Balatonöszöd, 3-4 Sep.},
   month = {September},
   year = {2012}
}

Abstract

The Cousins of Stuxnet: Duqu, Flame, and Gauss

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

Future Internet 2012, 4(4), doi:10.3390/fi4040971, 2012, pp. 971-1003, doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet.

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {The Cousins of Stuxnet: Duqu, Flame, and Gauss},
   journal = {Future Internet 2012, 4(4), doi:10.3390/fi4040971},
   year = {2012},
   pages = {971-1003},
   note = {doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet}
}

Abstract

Stuxnet was the first targeted malware that received worldwide attention forcausing physical damage in an industrial infrastructure seemingly isolated from the onlineworld. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. Wedescribe our contributions in the investigation ranging from the original detection of Duquvia finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in thesense that it used advanced cryptographic techniques to masquerade as a legitimate proxyfor the Windows Update service. We also present the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can onlybe decrypted on its target system; hence, the research community has not yet been able to analyze this module. For this particular malware, we designed a Gauss detector serviceand we are currently collecting intelligence information to be able to break its very specialencryption mechanism. Besides explaining the operation of these pieces of malware, wealso examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available tools. Finally, we discuss lessonsthat the community can learn from these incidents. We focus on technical issues, and avoidspeculations on the origin of these threats and other geopolitical questions.

Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks

L. Buttyán and T. Holczer

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), IEEE, June, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and Tamas Holczer},
   title = {Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks},
   booktitle = {IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN)},
   publisher = {IEEE},
   month = {June},
   year = {2012}
}

Abstract

In this paper, we study the problem of traffic analysis attacks in wireless body area sensor networks. When these networks are used in health-care for remote patient monitoring, traffic analysis can reveal the type of medical sensors mounted on the patient, and this information may be used to infer the patient’s health problems. We show that simple signal processing methods can be used effectively for performing traffic analysis attacks and identifying the sensor types in a rather weak adversary model. We then investigate possible traffic obfuscation mechanisms aiming at hiding the regular patterns in the observable wireless traffic. Among the investigated countermeasures, traffic shaping, a mechanism that introduces carefully chosen delays for message transmissions, appears to be the best choice, as it achieves close to optimal protection and incurs no overhead.

You Are What You Like! Information Leakage Through Users Interests

M. Ali Kaafar and G. Ács and A. Chaabane

In 19th Annual Network & Distributed System Security Symposium (NDSS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Mohamed Ali Kaafar and Gergely Ács and Abdelberi Chaabane},
   title = {You Are What You Like! Information Leakage Through Users Interests},
   booktitle = {In 19th Annual Network & Distributed System Security Symposium (NDSS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

2011

Duqu: A Stuxnet-like malware found in the wild

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

BME CrySyS Lab., October, 2011., First published in cut-down form as appendix to the Duqu report of Symantec.

Bibtex

@techreport {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {Duqu: A Stuxnet-like malware found in the wild},
   institution = {BME CrySyS Lab.},
   month = {October},
   year = {2011.},
   note = {First published in cut-down form as appendix to the Duqu report of Symantec}
}

Abstract

Targeted attacks of recent days

B. Bencsáth and L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011..

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán},
   title = {Targeted attacks of recent days},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011.}
}

Abstract

A Secure Distributed Transport Protocol for Wireless Sensor Networks

L. Buttyán and A. Grilo

Proceedings of the IEEE International Confenrence on Communications (ICC), IEEE, Kyoto, Japan, June 5-9, 2011, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and Antonio M. Grilo},
   title = {A Secure Distributed Transport Protocol for Wireless Sensor Networks},
   booktitle = {Proceedings of the IEEE International Confenrence on Communications (ICC)},
   publisher = {IEEE},
   address = {Kyoto, Japan},
   month = {June 5-9},
   year = {2011},
   pages = {1-6}
}

Abstract

We propose a secure distributed transport protocol for wireless sensor networks that resists against attacks on the reliability service provided by the protocol, as well as against energy depleting attacks. Our protocol is based on the Distributed Transport for Sensor Networks (DTSN) protocol, to which we add a security extension that consists in an efficient, symmetric key based authentication scheme for control packets. Besides describing the operation of our protocol, we also provide its analysis in terms of security and overhead.

Analysis of Identity Separation Against a Passive Clique-Based De-anonymization Attack

G. Gy. Gulyás and S. Imre

Infocommunications journal, vol. 4, no. 3, December, 2011, pp. 11-20.

Bibtex | Abstract

@article {
   author = {Gábor György Gulyás and Sándor Imre},
   title = {Analysis of Identity Separation Against a Passive Clique-Based De-anonymization Attack},
   journal = {Infocommunications journal},
   volume = {4},
   number = {3},
   month = {December},
   year = {2011},
   pages = {11-20}
}

Abstract

Most of today’s online social networking services have a flat structure, i.e., these services only allow a single choice of connection type (usually called “friends”) for their users, and lack the functionality of identity separation. However, identity partitioning allows users to group their contacts, to share different or even diverse information, and therefore offer privacy protection against third parties looking to re-identify users in sanitized social graph data. In this paper, we analyze the protective strength of identity separation against these types of structural de-anonymization attacks by introducing a statistical user behavior model and defining attack failure probability formally. It turns out from simulations and the parameter analysis of the model that in case of even a relatively small number of users applying identity separation, an attacker is likely to fail.

Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks

T. Holczer and L. Buttyán

International Journal of Distributed Sensor Networks, 2011, pp. 1-18, Article ID 828414.

Bibtex | Abstract | PDF

@article {
   author = {Tamas Holczer and Levente Buttyán},
   title = {Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   year = {2011},
   pages = {1-18},
   note = {Article ID 828414}
}

Abstract

In mission critical cyber-physical systems, dependability is an important requirement at all layers of the system architecture. In this paper, we propose protocols that increase the dependability of wireless sensor networks, which are potentially useful building blocks in cyber physical systems. More specifically, we propose two private aggregator node election protocols, a private data aggregation protocol, and a corresponding private query protocol for sensor networks that allow for secure in-network data aggregation by making it difficult for an adversary to identify and then physically disable the designated aggregator nodes. Our advanced protocols resist strong adversaries that can physically compromise some nodes.

Backpressure Approach for Bypassing Jamming Attacks in Wireless Sensor Networks

L. Buttyán and A. Dvir

IEEE INFOCOM, Demo/Posters, Shanghai, China, April 11-15, 2011, pp. 1.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and Amit Dvir},
   title = {Backpressure Approach for Bypassing Jamming Attacks in Wireless Sensor Networks},
   publisher = {IEEE INFOCOM, Demo/Posters},
   address = {Shanghai, China},
   month = {April 11-15},
   year = {2011},
   pages = {1}
}

Abstract

The wireless medium used by sensor networks makes it easy for adversaries to launch jamming attacks that can block communication. In order to bypass the jamming area, tree-based routing protocols need to reconstruct the tree, a path or choosing new parent which is time consuming. In addition, bypassing congests the nodes at the border of the jamming area. In this paper, we present and implement a recovery algorithm based on a weighted backpressure function that bypasses the jamming area by spreading the congestion over a large subset of the sensor nodes, while no tree reconstruction and mapping of the jamming area are needed. As future work, we will implement and simulate our recovery algorithm using the IPv6 Routing Protocol for Low-power and Lossy Networks (RPL).

CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap

L. Buttyán and M. Felegyhazi and B. Bencsáth

Proceedings of the First SysSec Workshop SysSec 2011, SysSec, Amsterdam, The Netherlands, July 6, 2011, pp. 73-76.

Bibtex | PDF

@inproceedings {
   author = {Levente Buttyán and Mark Felegyhazi and Boldizsár Bencsáth},
   title = {CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap},
   booktitle = {Proceedings of the First SysSec Workshop SysSec 2011},
   publisher = {SysSec},
   address = { Amsterdam, The Netherlands},
   month = {July 6},
   year = {2011},
   pages = {73-76}
}

Abstract

Cryptography - the strongest chain element in the practice of cyber security

B. Bencsáth and L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán},
   title = {Cryptography - the strongest chain element in the practice of cyber security},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011}
}

Abstract

Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes

L. Czap and L. Buttyán and I. Vajda

IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, November/December, 2011.

Bibtex | Abstract | PDF

@article {
   author = {László CZAP and Levente Buttyán and István VAJDA},
   title = {Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes},
   journal = {IEEE Transactions on Dependable and Secure Computing},
   volume = {8},
   number = {6},
   month = {November/December},
   year = {2011}
}

Abstract

We address the problem of pollution attacks in coding based distributed storage systems. In a pollution attack, the adversary maliciously alters some of the stored encoded packets, which results in the incorrect decoding of a large part of the original data upon retrieval. We propose algorithms to detect and recover from such attacks. In contrast to existing approaches to solve this problem, our approach is not based on adding cryptographic checksums or signatures to the encoded packets, and it does not introduce any additional redundancy to the system. The results of our analysis show that our proposed algorithms are suitable for practical systems, especially in wireless sensor networks.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

T. V. Thong and L. Buttyán

Periodica Polytechnica Journal, accepted for publication, 2011.

Bibtex | Abstract

@article {
   author = {Ta Vinh Thong and Levente Buttyán},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   journal = {Periodica Polytechnica Journal},
   month = {accepted for publication},
   year = {2011}
}

Keywords

Automated verification, secure routing protocols, model-cheking, process calculus

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for adhoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated.

I have a DREAM! (DiffeRentially privatE smArt Metering)

C. Castelluccia and G. Ács

The 13th Information Hiding Conference (IH), Springer, 2011.

Bibtex

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács},
   title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
   booktitle = {The 13th Information Hiding Conference (IH)},
   publisher = {Springer},
   year = {2011}
}

Abstract

nEther: In-guest Detection of Out-of-the-guest Malware Analyzers

G. Pék and B. Bencsáth and L. Buttyán

ACM European Workshop on System Security (EuroSec), ACM, Salzburg, Austria, April 10, 2011, pp. 1-6.

Bibtex | PDF

@inproceedings {
   author = {Gábor PÉK and Boldizsár Bencsáth and Levente Buttyán},
   title = {nEther: In-guest Detection of Out-of-the-guest Malware Analyzers},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   address = {Salzburg, Austria},
   month = {April 10},
   year = {2011},
   pages = {1-6}
}

Abstract

Network Regulation and Market Entry

G. Schwartz and J. Musacchio and M. Felegyhazi and J. Walrand

GameNets 2011, , Shanghai, China, April 16-18, 2011.

Bibtex | Abstract

@conference {
   author = { and and Mark Felegyhazi and },
   title = {Network Regulation and Market Entry},
   booktitle = {GameNets 2011},
   address = {, Shanghai, China},
   month = { April 16-18},
   year = {2011}
}

Abstract

This paper uses a two-sided market model to study if lastmile access providers (ISPs), should charge content providers (CPs), who derive revenue from advertisers, for the right to access ISP’s end-users. We compare two-sided pricing (ISPs could charge CPs for content delivery) with one-sided pricing (neutrality regulations prohibit such charges). Our analysis indicates that number of CPs is lower, and the number of ISPs often higher, with two- rather than one-sided pricing. From our results the superiority of one regime over the other depends on parameters of advertising rates, end-user demand, CPs’ and ISPs’ costs, and relative importance of their investments. Thus, caution should be taken in designing neutrality regulations

On automating the verification of secure ad-hoc network routing protocols

T. V. Thong and L. Buttyán

Springer Telecommunication Systems, accepted for publication, 2011, pp. 1-30, Article ID: 10.1007/s11235-011-9592-3.

Bibtex | Abstract

@article {
   author = {Ta Vinh Thong and Levente Buttyán},
   title = {On automating the verification of secure ad-hoc network routing protocols},
   journal = {Springer Telecommunication Systems},
   month = {accepted for publication},
   year = {2011},
   pages = {1-30},
   note = {Article ID: 10.1007/s11235-011-9592-3}
}

Keywords

Secure routing protocols, Automated security verification, Security, Cryptography, Mobile ad-hoc networks, Wireless communication, Formal analysis, Process calculus

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for ad-hoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a fully automatic verification method for secure adhoc network routing protocols that helps increasing the con- fidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our method is based on a deductive proof technique and a backward reachability approach. The main novelty of this approach compared to the prior works is that beside providing expressive semantics and syntax for modelling and specifying secure routing protocols, it assumes an arbitrary topology, and a strong attacker model.

On the Effects of Registrar-level Intervention

H. Liu and K. Levchenko and M. Felegyhazi and C. Kreibich and G. Maier and G. M. Voelker and S. Savage

In Proceedings of LEET 2011, LEET 2011 (USENIX), Boston, MA, USA, March 29, 2011 .

Bibtex | Abstract

@inproceedings {
   author = { and and Mark Felegyhazi and and Gregor Maier and and },
   title = {On the Effects of Registrar-level Intervention},
   booktitle = {In Proceedings of LEET 2011},
   publisher = {LEET 2011 (USENIX)},
   address = {Boston, MA, USA},
   month = {March 29},
   year = {2011 }
}

Abstract

Virtually all Internet scams make use of domain name resolution as a critical part of their execution (e.g., resolving a spam-advertised URL to its Web site). Consequently, defenders have initiated a range of efforts to intervene within the DNS ecosystem to block such activity (e.g., by blacklisting “known bad” domain names at the client). Recently, there has been a push for domain registrars to take a more active role in this conflict, and it is this class of intervention that is the focus of our work. In particular, this paper characterizes the impact of two recent efforts to counter scammers’ use of domain registration: CNNIC’s blanket policy changes for the .cn ccTLD made in late 2009 and the late 2010 agreement between eNom and LegitScript to reactively take down “rogue” Internet pharmacy domains. Using a combination of historic WHOIS data and co-temporal spam feeds, we measure the impact of these interventions on both the registration and use of spam-advertised domains. We use these examples to illustrate the key challenges in making registrar-level intervention an effective tool.

Optimal Selection of Sink Nodes in Wireless Sensor Networks in Adversarial Environments

A. Laszka and L. Buttyán and D. Szeszlér

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), pp. 1-6, Lucca, Italy, June 20, 2011.

Bibtex | Abstract | PDF

@conference {
   author = {Aron Laszka and Levente Buttyán and Dávid Szeszlér},
   title = {Optimal Selection of Sink Nodes in Wireless Sensor Networks in Adversarial Environments},
   booktitle = {IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN)},
   pages = {1-6},
   address = {Lucca, Italy},
   month = {June 20},
   year = {2011}
}

Abstract

In this paper, we address the problem of assigning the sink role to a subset of nodes in a wireless sensor network with a given topology such that the resulting network configuration is robust against denial-of-service type attacks such as node destruction, battery exhaustion and jamming. In order to measure robustness, we introduce new metrics based on a notion defined in [1]. We argue that our metrics are more appropriate to measure the robustness of network configurations than the widely known connectivity based metrics. We formalize the problem of selecting the sink nodes as an optimization problem aiming at minimizing the deployment budget while achieving a certain level of robustness. We propose an efficient greedy heuristic algorithm that approximates the optimal solution reasonably well. [1] W. H. Cunningham, “Optimal attack and reinforcement of a network,” J. ACM, vol. 32, no. 3, pp. 549–561, 1985.

Protecting against Physical Resource Monitoring

W. Lecat and C. Castelluccia and G. Ács

The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.

Bibtex

@inproceedings {
   author = {William Lecat and Claude Castelluccia and Gergely Ács},
   title = {Protecting against Physical Resource Monitoring},
   booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

Schönherz - Simonyi Szakkollégium ., December 13, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Schönherz - Simonyi Szakkollégium .},
   month = {December 13},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

Fókuszban a CrySyS Lab. , December 14, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Fókuszban a CrySyS Lab. },
   month = {December 14},
   year = {2011}
}

Abstract

StegoWeb: Towards the Ideal Private Web Content Publishing Tool

T. Besenyei and Á. M. Földes and G. Gy. Gulyás and S. Imre

In: Proceedings of The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011), ThinkMind, Nice, France, August, 2011, pp. 109-114.

Bibtex | Abstract

@inproceedings {
   author = {Tamás Besenyei and Ádám Máté Földes and Gábor György Gulyás and Sándor Imre},
   title = {StegoWeb: Towards the Ideal Private Web Content Publishing Tool},
   booktitle = {In: Proceedings of The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011)},
   publisher = {ThinkMind},
   address = {Nice, France},
   month = {August},
   year = {2011},
   pages = {109-114}
}

Abstract

Privacy breaches through profiling constitute a considerable threat to users of Web 2.0 services. While many concepts have been proposed to address this issue by allowing users to encrypt, obfuscate, or otherwise conceal information of their choice, all have certain limitations. In this paper, we survey the available solutions, and propose a taxonomy for classifying them based on a revised evaluation scheme that builds upon our previous work. Our main contribution is a model that harnesses steganographic techniques in order to hide sensitive data, and the description of a proof-of-concept implementation thereof that allows a user to hide profile data on a website without installing any sort of software aside from a conventional web browser.

User Tracking on the Web via Cross-Browser Fingerprinting

B. Károly and Á. M. Földes and G. Gy. Gulyás and S. Imre

Information Security Technology for Applications, 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers, Springer, Talinn, Estonia, 2011.

Bibtex | Abstract

@inproceedings {
   author = {Károly Boda and Ádám Máté Földes and Gábor György Gulyás and Sándor Imre},
   title = {User Tracking on the Web via Cross-Browser Fingerprinting},
   booktitle = {Information Security Technology for Applications, 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers},
   publisher = {Springer},
   address = {Talinn, Estonia},
   year = {2011}
}

Abstract

The techniques of tracking users through their web browsers have greatly evolved since the birth of the World Wide Web, posing an increasingly significant privacy risk. An important branch of these methods, called fingerprinting, is getting more and more attention, because it does not rely on client-side information storage, in contrast to cookie-like techniques. In this paper, we propose a new, browser-independent fingerprinting method. We have tested it on a data set of almost a thousand records, collected through a publicly accessible test website. We have shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.

VeRA - Version Number and Rank Authentication in RPL

L. Buttyán and T. Holczer and A. Dvir

7th IEEE International Workshop on Wireless and Sensor Networks Security, IEEE, Valencia, Spain, October 17-22, 2011, pp. 709 - 714.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and Tamas Holczer and Amit Dvir},
   title = {VeRA - Version Number and Rank Authentication in RPL},
   booktitle = {7th IEEE International Workshop on Wireless and Sensor Networks Security},
   publisher = {IEEE},
   address = {Valencia, Spain},
   month = {October 17-22},
   year = {2011},
   pages = {709 - 714}
}

Abstract

Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of con-strained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes’ batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.

XCS based hidden firmware modification on embedded devices

B. Bencsáth and L. Buttyán and T. Paulik

Proceedings of the IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom), IEEE, Split-Hvar-Dubrovnik, September 15-17, 2011, pp. 1-6.

Bibtex

@inproceedings {
   author = {Boldizsár Bencsáth and Levente Buttyán and Tamás Paulik},
   title = {XCS based hidden firmware modification on embedded devices},
   booktitle = {Proceedings of the IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom)},
   publisher = {IEEE},
   address = {Split-Hvar-Dubrovnik},
   month = {September 15-17},
   year = {2011},
   pages = {1-6}
}

Abstract

Click Trajectories: End-to-End Analysis of the Spam Value Chain

S. Savage and G. M. Voelker and V. Paxson and N. Weaver and A. Pitsillidis and D. McCoy and H. Liu and C. Kreibich and C. Kanich and T. Halvorson and C. Grier and M. Felegyhazi and B. Enright and N. Chachra and K. Levchenko

in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011), IEEE, Oakland, CA, USA, May 22-25, 2011 , pp. 1-16.

Bibtex | Abstract

@inproceedings {
   author = { and and and and and and and and and and and Mark Felegyhazi and and and },
   title = {Click Trajectories: End-to-End Analysis of the Spam Value Chain},
   booktitle = {in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011)},
   publisher = {IEEE},
   address = {Oakland, CA, USA},
   month = {May 22-25},
   year = { 2011 },
   pages = {1-16}
}

Abstract

Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email— including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

2010

Competitive Cyber-Insurance and Internet Security

N. Shetty and G. Schwartz and M. Felegyhazi and J. Walrand

T. Moore, D. Pym, and C. Ioannidis, editors, Economics of Information Security and Privacy, Springer-Verlag, pages 229-247,, 2010. .

Bibtex | Abstract

@article {
   author = { and and Mark Felegyhazi and },
   title = {Competitive Cyber-Insurance and Internet Security},
   journal = {T. Moore, D. Pym, and C. Ioannidis, editors, Economics of Information Security and Privacy, Springer-Verlag},
   month = {pages 229-247,},
   year = {2010. }
}

Abstract

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

On the Potential of Proactive Domain Blacklisting,

M. Felegyhazi and C. Kreibich and V. Paxson

at LEET 2010, San Jose, USA , April 27, 2010..

Bibtex | Abstract

@conference {
   author = {Mark Felegyhazi and and },
   title = {On the Potential of Proactive Domain Blacklisting, },
   booktitle = {at LEET 2010},
   address = {San Jose, USA },
   month = {April 27},
   year = {2010.}
}

Abstract

In this paper we explore the potential of leveraging properties inherent to domain registrations and their appearance in DNS zone files to predict the malicious use of domains proactively, using only minimal observation of known-bad domains to drive our inference. Our analysis demonstrates that our inference procedure derives on average 3.5 to 15 new domains from a given known-bad domain. 93% of these inferred domains subsequently appear suspect (based on third-party assessments), and nearly 73% eventually appear on blacklists themselves. For these latter, proactively blocking based on our predictions provides a median headstart of about 2 days versus using a reactive blacklist, though this gain varies widely for different domains.

Application of Wireless Sensor Networks in Critical Infrastructure Protection -- Challenges and Design Options

L. Buttyán and D. Gessner and A. Hessler and P. Langendoerfer

IEEE Wireless Communications Magazine, vol. 17, no. 5, October, 2010, pp. 44 - 49.

Bibtex | Abstract

@article {
   author = {Levente Buttyán and Dennis Gessner and Alban Hessler and Peter Langendoerfer},
   title = {Application of Wireless Sensor Networks in Critical Infrastructure Protection -- Challenges and Design Options},
   journal = {IEEE Wireless Communications Magazine},
   volume = {17},
   number = {5},
   month = {October},
   year = {2010},
   pages = {44 - 49}
}

Abstract

The protection of critical infrastructures provides an interesting application area for wireless sensor networks. Threats such as natural catastrophes, criminal or terrorist attacks against CIs are increasingly reported. The large-scale nature of CIs requires a scalable and low-cost technology for improving CI monitoring and surveillance. WSNs are a promising candidate to fulfill these requirements, but if the WSN becomes part of the CI in order to improve its reliability, then the dependability of the WSN itself needs to be significantly improved first. In this article we discuss the challenges and potential solutions to achieve dependability of WSNs taking into account accidental failures as well as intentional attacks. We inspect the whole system starting from individual sensor nodes via the protocol stack to the middleware layer above.

Barter Trade Improves Message Delivery in Opportunistic Networks

I. Vajda and M. Felegyhazi and L. Dóra and L. Buttyán

Elsevier Ad Hoc Networks, vol. 8, no. 1, January 10, 2010, pp. 1-14.

Bibtex | Abstract | PDF

@article {
   author = {István VAJDA and Mark Felegyhazi and László DÓRA and Levente Buttyán},
   title = {Barter Trade Improves Message Delivery in Opportunistic Networks},
   journal = {Elsevier Ad Hoc Networks},
   volume = {8},
   number = {1},
   month = {January 10},
   year = {2010},
   pages = {1-14}
}

Abstract

In opportunistic networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. The results show that, in practical scenarios, the message delivery rate considerably increases, if the mobile nodes follow the Nash Equilibrium strategy in the proposed mechanism compared to the data dissemination protocol when no encouraging mechanism is present.

BlogCrypt: Private Content Publishing on the web

T. Paulik and Á. M. Földes and G. Gy. Gulyás

In: Proceedings of The Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010), IEEE, Venice, Italy, July, 2010.

Bibtex | Abstract

@inproceedings {
   author = {Tamás Paulik and Ádám Máté Földes and Gábor György Gulyás},
   title = {BlogCrypt: Private Content Publishing on the web},
   booktitle = {In: Proceedings of The Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010)},
   publisher = {IEEE},
   address = {Venice, Italy},
   month = {July},
   year = {2010}
}

Abstract

Voluntary disclosure of personal information is becoming more and more widespread with the advent of Web 2.0 services. Publishing such information constitutes new kinds of threats, such as further reinforcing already existing profiling techniques through correlation of perceived user activities to those publicly disclosed, but the most obvious of all is the intrinsic threat that malicious third parties collect and combine information we publish about ourselves. In this paper, we evaluate currently existing solutions that are destined for addressing this issue, then propose a model of our own for providing access control for a user over information she published and analyse our implementation thereof.

Cross-layer security and resilience in wireless mesh networks

A. Traganitis and V. Siris and L. Dóra and L. Buttyán and B. Bencsáth and I. Askoxylakis

N. Zorba, C. Skianis, and C. Verikoukis (eds), Cross Layer Designs in WLAN Systems, Troubador Publishing Ltd, Emerging Communication and Service Technologies Series, 2010.

Bibtex

@inbook {
   author = {A. Traganitis and Vasilios SIRIS and László DÓRA and Levente Buttyán and Boldizsár Bencsáth and Ioannis ASKOXYLAKIS},
   editor = {N. Zorba, C. Skianis, and C. Verikoukis (eds)},
   title = {Cross-layer security and resilience in wireless mesh networks},
   publisher = {Cross Layer Designs in WLAN Systems, Troubador Publishing Ltd, Emerging Communication and Service Technologies Series},
   year = {2010}
}

Abstract

Decision and Game Theory for Security

T. Alpcan and L. Buttyán and J. Baras

vol. LNCS 6442, Springer, 2010.

Bibtex

@book {
   author = {Tansu Alpcan and Levente Buttyán and John Baras},
   title = {Decision and Game Theory for Security},
   volume = {LNCS 6442},
   publisher = {Springer},
   year = {2010}
}

Abstract

Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks

M. Petrocchi and F. Martinelli and L. Dóra and L. Buttyán

Elsevier Computer Communications, vol. 33, April, 2010, pp. 907-922.

Bibtex | Abstract | PDF

@article {
   author = {Marinella PETROCCHI and Fabio MARTINELLI and László DÓRA and Levente Buttyán},
   title = {Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks},
   journal = {Elsevier Computer Communications},
   volume = {33},
   month = {April},
   year = {2010},
   pages = {907-922}
}

Abstract

In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in a multi-operator environment. In this paper, we propose two certificate-based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We assume that the access point is always a constrained device, and we propose different mechanisms for mesh clients with different computational performance. For constrained devices, we propose a mechanism where weak keys are used for digital signatures to decrease the latency of the authentication. The authenticity of the weak keys are provided by short-term certificates issued by the owner of the key. The short-term certificate has the digital signature generated by the owner's long-term key. We prove formally that the use of our weak key mechanism on the mesh client side is as secure as the use of some stronger keys. We perform a detailed performance evaluation on our proof-of-concept implementation, and we also compare our solution to the current standard methods.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

L. Buttyán and T. V. Thong

Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC), IFIP, Budapest, Hungary, October 18-20, 2010, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and Ta Vinh Thong},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   booktitle = {Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC)},
   publisher = {IFIP},
   address = {Budapest, Hungary},
   month = {October 18-20},
   year = {2010},
   pages = {1-6}
}

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for adhoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated.

Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks

T. Holczer and L. Dóra

In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010, Pisa, Italy, February 22-23, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and László DÓRA},
   title = {Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks},
   booktitle = {In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010},
   address = {Pisa, Italy},
   month = {February 22-23},
   year = {2010}
}

Abstract

A delay-tolerant network is a mobile ad hoc network where the message dissemination is based on the store-carry-and-forward principle. This principle raises new aspects of the privacy problem. In particular, an attacker can build a user profile and trace the nodes based on this profile even if the message exchange protocol provides anonymity. In this paper, an attacker model is presented and some proposed attackers are implemented. We analyze the efficiency of both the attacks and the proposed defense mechanism, called Hide-and-Lie Strategy. We show that without any defense mechanism, the nodes are traceable, but with the Hide-and-Lie Strategy, the success probability of an attacker can be made equal to the success probability of the simple guessing. Furthermore, in some scenarios, the Hide-and-Lie Strategy increases the message delivery ratio. The number of downloaded messages and the maximal memory size required to apply the proposed privacy defense mechanism is also investigated.

Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks

L. Dóra and L. Buttyán and G. Ács

In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10), Montreal, Canada, June 14-17, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {László DÓRA and Levente Buttyán and Gergely Ács},
   title = {Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks},
   booktitle = {In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10)},
   address = {Montreal, Canada},
   month = {June 14-17},
   year = {2010}
}

Abstract

In this paper, we address the problem of detecting misbehaving routers in wireless mesh networks and avoiding them when selecting routes. We assume that link-state routing is used, and we essentially propose a reputation system, where trusted gateway nodes compute Node Trust Values for the routers, which are fed back into the system and used in the route selection procedure. The computation of the Node Trust Values is based on packet counters maintained in association with each route and reported to the gateways by the routers in a regular manner. The feedback mechanism is based on limited scope flooding. The received Node Trust Values concerning a given router are aggregated, and the aggregate trust value of the router determines the probability with which that router is kept in the topology graph used for route computation. Hence, less trusted routers are excluded from the topology graph with higher probability, while the route selection still runs on a weighted graph (where the weights are determined by the announced link qualities), and it does not need to be changed. We evaluated the performance of our solution by means of simulations. The results show that our proposed mechanism can detect misbehaving routers reliably, and thanks to the feedback and the exclusion of the accused nodes from the route selection, we can decrease the number of packets dropped due to router misbehavior considerably. At the same time, our mechanism only slightly increases the average route length.

PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks

L. Buttyán and P. Schaffer

International Journal of Distributed Sensor Networks, vol. 2010, no. Article ID 679205, 2010.

Bibtex | Abstract

@article {
   author = {Levente Buttyán and Peter Schaffer},
   title = {PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   volume = {2010},
   number = {Article ID 679205},
   year = {2010}
}

Abstract

We introduce PANEL a position-based aggregator node election protocol for wireless sensor networks. The novelty of PANEL with respect to other aggregator node election protocols is that it supports asynchronous sensor network applications where the sensor readings are fetched by the base stations after some delay. In particular, the motivation for the design of PANEL was to support reliable and persistent data storage applications, such as TinyPEDS; see the study by Girao et al. (2007). PANEL ensures load balancing, and it supports intra and intercluster routing allowing sensor-to-aggregator, aggregator-to-aggregator, base station-toaggregator, and aggregator to-base station communications. We also compare PANEL with HEED; see the study by Younis and Fahmy (2004) in the simulation environment provided by TOSSIM, and show that, on one hand, PANEL creates more cohesive clusters than HEED, and, on the other hand, that PANEL is more energy efficient than HEED.

Perfectly Anonymous Data Aggregation in Wireless Sensor Networks

T. Holczer and L. Buttyán

Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010), IEEE, San Francisco, November 8-12, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and Levente Buttyán},
   title = {Perfectly Anonymous Data Aggregation in Wireless Sensor Networks},
   booktitle = {Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010)},
   publisher = {IEEE},
   address = {San Francisco},
   month = {November 8-12},
   year = {2010}
}

Abstract

Clustering and data aggregation in wireless sensor networks improves scalability, and helps the efficient use of scarce resources. Yet, these mechanisms also introduce some security issues; in particular, aggregator nodes become attractive targets of physical destruction and jamming attacks. In order to mitigate this problem, we propose a new private aggregator node election protocol that hides the identity of the elected aggregator nodes both from external eavesdroppers and from compromised nodes participating in the protocol. We also propose a private data aggregation protocol and a corresponding private query protocol which allows the aggregators to collect sensor readings and respond to queries of the base station, respectively, without revealing any useful information about their identity to external eavesdroppers and to compromised nodes.

Pollution Attack Defense for Coding Based Sensor Storage

L. Buttyán and L. Czap and I. Vajda

Proceedings of the International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC), IEEE, California, USA, June 7-9, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and László CZAP and István VAJDA},
   title = {Pollution Attack Defense for Coding Based Sensor Storage},
   booktitle = {Proceedings of the International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC)},
   publisher = {IEEE},
   address = {California, USA},
   month = {June 7-9},
   year = {2010}
}

Abstract

We present a novel information theoretic approach to make network coding based storage secure against pollution attacks in sensor networks. The approach is based on a new decoding algorithm which makes it possible to find adversarial blocks using one more encoded block than strictly necessary for decoding. Our scheme fits well to the requirements of sensor networks, because it operates without adding either computational or communication overhead to source and storage nodes, only the collector node needs to perform some additional computation. Our approach does not apply cryptography, hence it works in environments where no pre-shared keys, secure channels or PKI are available, which is often the case in sensor networks.

Secure Network Coding in DTNs

I. Vajda and L. Czap

IEEE Communications Letters, 2010.

Bibtex | Abstract

@article {
   author = {István VAJDA and László CZAP},
   title = {Secure Network Coding in DTNs},
   journal = {IEEE Communications Letters},
   year = {2010}
}

Abstract

The application of network coding can significantly improve the performance of message delivery in delay tolerant networks, assuming all participants behave honestly. However, if some nodes of the network are compromised, the adversary can launch pollution attack and this way can destroy large amount of data with small effort. Current solutions against pollution attack require public key infrastructure, that is often not available in mobile ad-hoc networks. Our proposal allows packets to verify each other, hence an intermediate node can decide whether these packets can be encoded together without authenticating the source.

Security Analysis of Reliable Transport Layer Protocols for Wireless Sensor Networks

L. Buttyán and L. Csik

Proceedings fof the IEEE Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS), IEEE, Seattle, USA, March 21-25, 2010, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and László Csik},
   title = {Security Analysis of Reliable Transport Layer Protocols for Wireless Sensor Networks},
   booktitle = {Proceedings fof the IEEE Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS)},
   publisher = {IEEE},
   address = {Seattle, USA},
   month = {March 21-25},
   year = {2010},
   pages = {1-6}
}

Abstract

End-to-end reliability of communications is an important requirement in many applications of wireless sensor networks. For this reason, a number of reliable transport protocols specifically designed for wireless sensor networks have been proposed in the literature. Besides providing end-to-end reliability, some of those protocols also address the problems of fairness and congestion control, and they are all optimized for low energy consumption. However, in this paper, we show that most of those protocols completely neglect security issues. As a consequence, they ensure reliable communications and low energy consumption only in a benign environment, but they fail in a hostile environment, where an adversary can forge or replay control packets of the protocol. More specifically, our analysis shows that control packet injection and replay can cause permanent loss of data packets, and thus, such misdeeds make the hitherto reliable protocol unreliable. In addition, even if the protocol can recover from such an attack, the recovery overhead caused by forged or replayed control packets can be large, which gives an opportunity for energy depletion attacks.

Védekezés e-mail-címkinyerõ támadások ellen

B. Bencsáth and Géza Szabó and I. Vajda

Szemelvények az OTKA támogatásával készült alapkutatások újabb eredményeibõl 2, OTKA, 2010, pp. 69-71.

Bibtex

@inproceedings {
   author = {Boldizsár Bencsáth and Géza Szabó and István VAJDA},
   title = {Védekezés e-mail-címkinyerõ támadások ellen},
   booktitle = {Szemelvények az OTKA támogatásával készült alapkutatások újabb eredményeibõl 2},
   publisher = {OTKA},
   year = {2010},
   pages = {69-71}
}

Abstract

Optimal Security Investment with Penetration Testing

R. Böhme and M. Felegyhazi

GameSec 2010, Berlin, Germany, Nov 22-23, 2010. .

Bibtex | Abstract

@conference {
   author = { and Mark Felegyhazi},
   title = {Optimal Security Investment with Penetration Testing},
   booktitle = {GameSec 2010},
   address = {Berlin, Germany},
   month = {Nov 22-23},
   year = { 2010. }
}

Abstract

Penetration testing, the deliberate search for potential vulnerabilities in a system by using attack techniques, is a relevant tool of information security practitioners. This paper adds penetration testing to the realm of information security investment. Penetration testing is modeled as an information gathering option to reduce uncertainty in a discrete time, nite horizon, player-versus-nature, weakest-link security game. We prove that once started, it is optimal to continue penetration testing until a secure state is reached. Further analysis using a new metric for the return on penetration testing suggests that penetration testing almost always increases the per-dollar eciency of security investment.

2009

Competitive Cyber-Insurance and Internet Security,

N. Shetty and G. Schwartz and M. Felegyhazi and J. Walrand

in Proceedings of WEIS 2009, WEIS 2009, London, England,, June 24-25 , 2009..

Bibtex | Abstract

@inproceedings {
   author = { and and Mark Felegyhazi and },
   title = {Competitive Cyber-Insurance and Internet Security, },
   booktitle = {in Proceedings of WEIS 2009},
   publisher = {WEIS 2009},
   address = {London, England,},
   month = { June 24-25 },
   year = {2009.}
}

Abstract

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Security of Communication Networks (In Hungarian)

B. Bencsáth and L. Buttyán and I. Vajda

Híradástechnika, vol. LXIV, August, 2009..

Bibtex

@article {
   author = {Boldizsár Bencsáth and Levente Buttyán and István VAJDA},
   title = {Security of Communication Networks (In Hungarian)},
   journal = {Híradástechnika},
   volume = {LXIV},
   month = {August},
   year = {2009.}
}

Abstract

An Authentication Scheme for QoS-aware Multi-operator maintained Wireless Mesh Networks

L. Dóra and L. Buttyán

In Proceedings of the First IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'09), IEEE, Kos, Greece, June 15, 2009.

Bibtex | Abstract | PDF

@inproceedings {
   author = {László DÓRA and Levente Buttyán},
   title = {An Authentication Scheme for QoS-aware Multi-operator maintained Wireless Mesh Networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'09)},
   publisher = {IEEE},
   address = {Kos, Greece},
   month = {June 15},
   year = {2009}
}

Abstract

In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in multi-operator environment. Here, we propose two certificate based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We consider both powerful and constraint mesh clients and we propose certificate sets to decrease the authentication latency. We compare our proof-of-concept implementation to current widely used authentication methods like EAP-TLS, and we conclude that our proposed authentication scheme is considerably faster in all considered scenarios.

Consistency verification of stateful firewalls is not harder than the stateless case

L. Buttyán and G. Pék and T. V. Thong

Infocommunications Journal, vol. LXIV, no. 2009/2-3, March, 2009, pp. 1-8.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and Gábor PÉK and Ta Vinh Thong},
   title = {Consistency verification of stateful firewalls is not harder than the stateless case},
   journal = {Infocommunications Journal},
   volume = {LXIV},
   number = {2009/2-3},
   month = {March},
   year = {2009},
   pages = {1-8}
}

Keywords

Stateful firewall, FIREMAN, verification, security, inconsistency

Abstract

Firewalls play an important role in the enforcement of access control policies in contemporary networks. However, firewalls are effective only if they are configured correctly such that their access control rules are consistent and the firewall indeed implements the intended access control policy. Unfortunately, due to the potentially large number of rules and their complex relationships with each other, the task of firewall configuration is notoriously error-prone, and in practice, firewalls are often misconfigured leaving security holes in the protection system. In this paper, we address the problem of consistency verification of stateful firewalls that keep track of already existing connections. For the first sight, the consistency verification of stateful firewalls appears to be harder than that of stateless firewalls. We show that, in fact, this is not the case: consistency verification of stateful firewalls can be reduced to the stateless case, and hence, they have the same complexity. We also report on our prototype implemetation of an automated consistency verification tool that can handle stateful firewalls.

CORA: Correlation-based Resilient Aggregation in Sensor Networks

L. Buttyán and P. Schaffer and I. Vajda

Elsevier Ad Hoc Networks, vol. 7, no. 6, 2009, pp. 1035-1050.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and Peter Schaffer and István VAJDA},
   title = {CORA: Correlation-based Resilient Aggregation in Sensor Networks},
   journal = {Elsevier Ad Hoc Networks},
   volume = {7},
   number = {6},
   year = {2009},
   pages = {1035-1050}
}

Abstract

In this paper, we consider the problem of resilient data aggregation in sensor networks, namely, how to aggregate sensor readings collected by the base station when some of those sensor readings may be compromised. Note that an attacker can easily compromise the reading of a sensor by altering the environmental parameters measured by that sensor. We present a statistical framework that is designed to mitigate the effects of the attacker on the output of the aggregation function. The main novelty of our approach compared to most prior work on resilient data aggregation is that we take advantage of the naturally existing correlation between the readings produced by different sensors. In particular, we show how spatial correlation can be represented in the sensor network data model, and how it can be exploited to increase the resilience of data aggregation. The algorithms presented in this paper are flexible enough to be applied without any special assumption on the distribution of the sensor readings or on the strategy of the attacker. The effectiveness of the algorithms is evaluated analytically considering a typical attacker model with various parameters, and by means of simulation considering a sophisticated attacker.

Efficient MAC in Cognitive Radio Networks: A Game-Theoretic Approach

M. Felegyhazi and M. Cagalj and J. P. Hubaux

Transactions on Wireless Communications (TWC), , vol. 8, no. 4, April , 2009.

Bibtex | Abstract

@article {
   author = {Mark Felegyhazi and Mario Cagalj and Jean-Pierre Hubaux},
   title = {Efficient MAC in Cognitive Radio Networks: A Game-Theoretic Approach},
   journal = {Transactions on Wireless Communications (TWC), },
   volume = {8},
   number = {4},
   month = {April },
   year = {2009}
}

Abstract

In this paper, we study the problem of efficient medium access control (MAC) among cognitive radio devices that are equipped with multiple radios and thus are capable of transmitting simultaneously at different frequencies (channels). We assume that radios contend on each channel using the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol. We study two MAC problems: (i) the allocation of the available channels among radios, and (ii) the optimal usage of each allocated channel by the radios occupying it. Both problems are studied in a game-theoretic setting, where devices aim to selfishly maximize their share of the available bandwidth. As for the first problem, we show that the ”price of anarchy” is close to 1, that is, Nash equilibria imply nearly system optimal allocations of the available channels. For the second problem, we design a game such that it admits a unique Nash equilibrium that is is both fair and Pareto-optimal. Furthermore, we propose simple mechanisms that enable selfish cognitive radio devices not only to coordinate efficiently on the available channels but also to optimally use every single allocated channel.

Modeling Role-Based Privacy in Social Networking Services

G. Gy. Gulyás and R. Schulcz and S. Imre

In: Proceedings of The Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2009), IEEE, Athens, Greece, 2009, pp. 173-178.

Bibtex | Abstract

@inproceedings {
   author = {Gábor György Gulyás and Róbert Schulcz and Sándor Imre},
   title = {Modeling Role-Based Privacy in Social Networking Services},
   booktitle = {In: Proceedings of The Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2009)},
   publisher = {IEEE},
   address = {Athens, Greece},
   year = {2009},
   pages = {173-178}
}

Abstract

As social networking services are getting more and more common, the need for privacy enhancing options, sophisticated identity management and anonymity emerges. In this paper the authors propose using Role-Based Privacy as a response for these needs and introduce a novel model called Nexus-Identity Network that is capable of describing services extended with such functionality. The concerned principles of Role-Based Privacy are conferred in the paper and criteria are presented for anonymity. Conforming to the criteria the authors suggest storing the profiles of different identities in a tree hierarchy in a user-friendly manner. The analysis of anonymity shows that the network has a structure that can be easily interpreted similarly to graphs representing connections in regular social networks. The ease of profile management and network visualization are advantages of the Nexus-Identity Model which can make a social networking service privacy- and user-friendly as well.

New Approaches to Mitigate Network Denial-of-Service Problems

B. Bencsáth

BME Informatikai Tudományok doktori iskola, November, 2009.

Bibtex | PDF

@phdthesis {
   author = {Boldizsár Bencsáth},
   title = {New Approaches to Mitigate Network Denial-of-Service Problems},
   school = {BME Informatikai Tudományok doktori iskola},
   month = {November},
   year = {2009}
}

Abstract

On the security of communication network: now and tomorrow

B. Bencsáth and L. Buttyán and I. Vajda

Infocommunications Journal, vol. LXIV., no. no. 4., 2009, pp. pp. 3-7..

Bibtex

@article {
   author = {Boldizsár Bencsáth and Levente Buttyán and István VAJDA},
   title = {On the security of communication network: now and tomorrow},
   journal = {Infocommunications Journal},
   volume = {LXIV.},
   number = {no. 4.},
   year = {2009},
   pages = {pp. 3-7.}
}

Abstract

Private Cluster Head Election in Wireless Sensor Networks

T. Holczer and L. Buttyán

Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09), IEEE, IEEE, Macau SAR, PRC, October 12 , 2009, pp. 1048-1053.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and Levente Buttyán},
   title = {Private Cluster Head Election in Wireless Sensor Networks},
   booktitle = {Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09)},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Macau SAR, PRC},
   month = {October 12 },
   year = {2009},
   pages = {1048-1053}
}

Abstract

Clustering is a useful mechanism in wireless sensor networks that helps to cope with scalability problems and, if combined with in-network data aggregation, may increase the energy efficiency of the network. At the same time, by assigning a special role to the cluster head nodes, clustering makes the network more vulnerable to attacks. In particular, disabling a cluster head by physical destruction or jamming may render the entire cluster inoperable temporarily until the problem is detected and a new cluster head is elected. Hence, the cluster head nodes may be attractive targets of attacks, and one would like to make it difficult for an adversary to identify them. The adversary can try to identify the cluster head nodes in various ways, including the observation of the cluster head election process itself and the analysis of the traffic patterns after the termination of the cluster head election. In this paper, we focus on the former problem, which we call the private cluster head election problem. This problem has been neglected so far, and as a consequence, existing cluster head election protocols leak too much information making the identification of the elected cluster head nodes easy even for a passive external observer. We propose the first private cluster head election protocol for wireless sensor networks that is designed to hide the identity of the elected cluster head nodes from an adversary that can observe the execution of the protocol.

Secure Vehicle Communication (SeVeCom)

D. D. Cock and P. Ardelean and N. Asaj and S. Cosenza and M. Müter and A. Held and B. Wiedersheim and P. Papadimitratos and F. Kargl and T. Holczer

Demonstration. Mobisys, June, 2009.

Bibtex | PDF

@misc {
   author = {Danny De Cock and Petra Ardelean and Naim Asaj and Stefano Cosenza and Michael Müter and Albert Held and Björn Wiedersheim and Panagiotis Papadimitratos and Frank Kargl and Tamas Holczer},
   title = {Secure Vehicle Communication (SeVeCom)},
   howpublished = {Demonstration. Mobisys},
   month = {June},
   year = {2009}
}

Keywords

vehicular ad hoc network, security, privacy

Abstract

Securing Multi-operator Based QoS-aware Mesh Networks: Requirements and Design Options

I. Vajda and D. Szili and V. Siris and L. Dóra and L. Buttyán and B. Bencsáth and I. Askoxylakis

Wireless Communications and Mobile Computing (Special Issue on QoS and Security in Wireless Networks), vol. 10, no. 5, 2009, pp. 622-646.

Bibtex | Abstract | PDF

@article {
   author = {István VAJDA and Dávid SZILI and Vasilios SIRIS and László DÓRA and Levente Buttyán and Boldizsár Bencsáth and Ioannis ASKOXYLAKIS},
   title = {Securing Multi-operator Based QoS-aware Mesh Networks: Requirements and Design Options},
   journal = {Wireless Communications and Mobile Computing (Special Issue on QoS and Security in Wireless Networks)},
   volume = {10},
   number = {5},
   year = {2009},
   pages = {622-646}
}

Abstract

Wireless mesh networking allows network operators and service providers to offer nearly ubiquitous broadband access at a low cost to customers. In this paper, we focus on QoS-aware mesh networks operated by multiple operators in a cooperative manner. In particular, we identify the general security requirements of such networks and we give an overview on the available design options for a security architecture aiming at satisfying those requirements. More specifically, we consider the problems of mesh client authentication and access control, protection of wireless communications, securing the routing, key management, and intrusion and misbehavior detection and recovery. Our aim is to structure this rich problem domain and to prepare the grounds for the design of a practically usable security architecture.

SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs

W. Whyte and A. Weimerskirch and T. Holczer and L. Buttyán

Proceedings of the IEEE Vehicular Networking Conference, IEEE, IEEE, Tokyo, Japan, October 28-29, 2009, pp. 1-8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {William Whyte and Andre Weimerskirch and Tamas Holczer and Levente Buttyán},
   title = {SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs},
   booktitle = {Proceedings of the IEEE Vehicular Networking Conference},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Tokyo, Japan},
   month = {October 28-29},
   year = {2009},
   pages = {1-8}
}

Abstract

Untraceability of vehicles is an important requirement in future vehicle communications systems. Unfortunately, heartbeat messages used by many safety applications provide a constant stream of location data, and without any protection measures, they make tracking of vehicles easy even for a passive eavesdropper. One commonly known solution is to transmit heartbeats under pseudonyms that are changed regularly in order to obfuscate the trajectory of vehicles. However, this approach is effective only if some silent period is kept during the pseudonym change and several vehicles change their pseudonyms nearly at the same time and at the same location. Unlike previous works that proposed explicit synchronization between a group of vehicles and/or required pseudonym change in a designated physical area (i.e., a static mix zone), we propose a much simpler approach that does not need any explicit cooperation between vehicles and any infrastructure support. Our basic idea is that vehicles should not transmit heartbeat messages when their speed drops below a given threshold, say 30 km/h, and they should change pseudonym during each such silent period. This ensures that vehicles stopping at traffic lights or moving slowly in a traffic jam will all refrain from transmitting heartbeats and change their pseudonyms nearly at the same time and location. Thus, our scheme ensures both silent periods and synchronized pseudonym change in time and space, but it does so in an implicit way. We also argue that the risk of a fatal accident at a slow speed is low, and therefore, our scheme does not seriously impact safety-of- life. In addition, refraining from sending heartbeat messages when moving at low speed also relieves vehicles of the burden of verifying a potentially large amount of digital signatures, and thus, makes it possible to implement vehicle communications with less expensive equipments.

Universal Autonomous Robot Navigation Using Quasi Optimal Path Generation

P. Varlaki and G. Pék and Varkonyi-Koczy, A.R. and A. Laszka

4th IEEE Int. Conf. on Autonomous Robots and Agents (ICARA' 2009), February, 2009.

Bibtex | Abstract

@conference {
   author = {Varlaki Péter and Gábor PÉK and Varkonyi-Koczy, A.R. and Aron Laszka},
   title = {Universal Autonomous Robot Navigation Using Quasi Optimal Path Generation},
   booktitle = {4th IEEE Int. Conf. on Autonomous Robots and Agents (ICARA' 2009)},
   month = {February},
   year = {2009}
}

Abstract

Autonomous robot navigation is an important research field because these robots can solve problems where the human presence is impossible, dangerous, expensive, or uncomfortable. In this paper, a new hybrid autonomous navigation method is introduced. The algorithm is composed of visibility graph based global navigation and simple potential field based local navigation parts. It applies a new automated graph generation method which may become necessary if, because of the observed new obstacles, a new path should be generated. The quasi optimal route is found by applying the well known A* algorithm on the graph. The presented technique offers a quasi optimal universal navigation technique which can successfully be used in all, known, unknown, and dynamically changing environments.

2008

Revocation Games in Ephemeral Networks

M. Raya and M. H. Manshaei and M. Felegyhazi and J. P. Hubaux

in Proceedings of ACM CCS , ACM, Alexandria, VA, USA, Oct. 27-31, 2008. .

Bibtex | Abstract

@inproceedings {
   author = {Maxim Raya and and Mark Felegyhazi and Jean-Pierre Hubaux},
   title = {Revocation Games in Ephemeral Networks},
   booktitle = {in Proceedings of ACM CCS },
   publisher = {ACM},
   address = {Alexandria, VA, USA},
   month = {Oct. 27-31},
   year = {2008. }
}

Abstract

A frequently proposed solution to node misbehavior in mo- bile ad hoc networks is to use reputation systems. But in ephemeral networks - a new breed of mobile networks where contact times between nodes are short and neighbors change frequently - reputations are hard to build. In this case, local revocation is a faster and more e±cient alterna- tive. In this paper, we de¯ne a game-theoretic model to analyze the various local revocation strategies. We establish and prove the conditions leading to subgame-perfect equilib- ria. We also derive the optimal parameters for voting-based schemes. Then we design a protocol based on our analy- sis and the practical aspects that cannot be captured in the model. With realistic simulations on ephemeral networks we compare the performance and economic costs of the diŸerent techniques.

An Improved Hybrid Navigation Method

Varkonyi-Koczy, A.R. and A. Laszka and G. Pék

7th Int. Conf. On Global Research and Education in Intelligent Systems (Inter-Akademia' 2008), September, 2008.

Bibtex | Abstract

@conference {
   author = {Varkonyi-Koczy, A.R. and Aron Laszka and Gábor PÉK},
   title = {An Improved Hybrid Navigation Method},
   booktitle = {7th Int. Conf. On Global Research and Education in Intelligent Systems (Inter-Akademia' 2008)},
   month = {September},
   year = {2008}
}

Abstract

Autonomous robot navigation is an important research field because these robots can solve problems where the human presence is impossible, dangerous, expensive, or uncomfortable. In this paper, a new hybrid autonomous navigation method is introduced. The algorithm is composed of visibility graph based global navigation and simple potential field based local navigation parts. It applies a new automated graph generation method which may become necessary if, because of the observed new obstacles, a new path should be generated. The quasi optimal route is found by applying the well known A* algorithm on the graph. The presented technique offers a quasi optimal universal navigation technique which can successfully be used in all, known, unknown, and dynamically changing environments.

Comprehensive Analysis of Web Privacy and Anonymous Web Browsers: Are Next Generation Services Based on Collaborative Filtering?

G. Gy. Gulyás and R. Schulcz and S. Imre

In: Joint SPACE and TIME Workshops, held by The Joint iTrust and PST Conferences on Privacy, Trust Management and Security, ?, Norway, Trondheim, 2008.

Bibtex | Abstract

@inproceedings {
   author = {Gábor György Gulyás and Róbert Schulcz and Sándor Imre},
   title = {Comprehensive Analysis of Web Privacy and Anonymous Web Browsers: Are Next Generation Services Based on Collaborative Filtering?},
   booktitle = {In: Joint SPACE and TIME Workshops, held by The Joint iTrust and PST Conferences on Privacy, Trust Management and Security},
   publisher = {?},
   address = {Norway, Trondheim},
   year = {2008}
}

Abstract

Abstract. In general, networking privacy enhancing technologies are better on larger user bases- such criteria that can be enhanced by combining them with community based services. In this paper we present main web privacy issues and today’s complex preventive solutions, anonymous web browsers, in several aspects including a comprehensive taxonomy as a result of our inquiry. Also, we suggest a next generation anonymous browser scheme based on collaborative filtering concerning issues on semantic web. Finally we analyze the benefits and drawbacks of such services, also examining the possible investors and raised moral considerations.

Introduction to the world of botnets (in Hungarian)

B. Bencsáth and Géza Szabó and A. Szentgyörgyi

Híradástechnika (Pollák-Virág award), vol. LXIII, no. 11, November, 2008, pp. 10-15.

Bibtex | PDF

@article {
   author = {Boldizsár Bencsáth and Géza Szabó and Attila Szentgyörgyi},
   title = {Introduction to the world of botnets (in Hungarian)},
   journal = {Híradástechnika (Pollák-Virág award)},
   volume = {LXIII},
   number = {11},
   month = {November},
   year = {2008},
   pages = {10-15}
}

Abstract

Optimal Pricing Strategy for Wireless Social Community Networks

A. Mazloumian and M. H. Manshaei and M. Felegyhazi and J. P. Hubaux

in Proceedings of the Economics of Networks, Systems, and Computation (NetEcon 2008), NetEcon, Seattle, August 22, 2008.

Bibtex | Abstract

@inproceedings {
   author = { and and Mark Felegyhazi and Jean-Pierre Hubaux},
   title = {Optimal Pricing Strategy for Wireless Social Community Networks},
   booktitle = {in Proceedings of the Economics of Networks, Systems, and Computation (NetEcon 2008)},
   publisher = {NetEcon},
   address = {Seattle},
   month = {August 22},
   year = {2008}
}

Abstract

Wireless social community operators rely on subscribers who constitute a community of users. The pricing strategy of the provided wireless access is an open problem for this new generation of wireless access providers. In this paper, using both analytical and simulation approaches, we study the problem comprised of modeling user subscription and mobility behavior and of coverage evolution with the objective of finding optimal subscription fees. We compute optimal prices with both static and semi-dynamic pricing. Coping with an incomplete knowledge about users, we calculate the best static price and prove that optimal fair pricing is the optimal semidynamic pricing. Moreover, we have developed a simulator to verify optimal prices of social community operators with complete and incomplete knowledge. Our results show that the optimal fair pricing strategy significantly improves the cumulative payoff of social community operators.

PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks

L. Buttyán and P. Schaffer

International Journal of Distributed Sensor Networks, September, 2008.

Bibtex | Abstract

@article {
   author = {Levente Buttyán and Peter Schaffer},
   title = {PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   month = {September},
   year = {2008}
}

Abstract

In this paper, we introduce PANEL, a position-based aggregator node election protocol for wireless sensor networks. The novelty of PANEL with respect to other aggregator node election protocols is that it supports asynchronous sensor network applications where the sensor readings are fetched by the base stations after some delay. In particular, the motivation for the design of PANEL was to support reliable and persistent data storage applications, such as TinyPEDS. PANEL ensures load balancing, and it supports intra- and inter-cluster routing allowing sensor to aggregator, aggregator to aggregator, base station to aggregator, and aggregator to base station communications. We also compare PANEL with HEED in the simulation environment provided by TOSSIM, and show that, on the one hand, PANEL creates more cohesive clusters than HEED, and, on the other hand, that PANEL is more energy efficient than HEED.

Secure vehicular communication systems: design and architecture

J. P. Hubaux and A. Kung and F. Kargl and Z. Ma and M. Raya and J. Freudiger and E. Schoch and T. Holczer and L. Buttyán and P. Papadimitratos

IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 100-109.

Bibtex | Abstract | PDF

@article {
   author = {Jean-Pierre Hubaux and Antonio Kung and Frank Kargl and Zhendong Ma and Maxim Raya and Julien Freudiger and Elmar Schoch and Tamas Holczer and Levente Buttyán and Panagiotis Papadimitratos},
   title = {Secure vehicular communication systems: design and architecture},
   journal = {IEEE Communications Magazine},
   volume = {46},
   number = {11},
   month = {November},
   year = {2008},
   pages = {100-109}
}

Abstract

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.

Secure vehicular communication systems: implementation, performance, and research challenges

J. P. Hubaux and A. Kung and A. Held and G. Calandriello and T. V. Thong and B. Wiedersheim and E. Schoch and M. Müter and L. Buttyán and P. Papadimitratos and F. Kargl

IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 110-118.

Bibtex | Abstract | PDF

@article {
   author = {Jean-Pierre Hubaux and Antonio Kung and Albert Held and Giorgo Calandriello and Ta Vinh Thong and Björn Wiedersheim and Elmar Schoch and Michael Müter and Levente Buttyán and Panagiotis Papadimitratos and Frank Kargl},
   title = {Secure vehicular communication systems: implementation, performance, and research challenges},
   journal = {IEEE Communications Magazine},
   volume = {46},
   number = {11},
   month = {November},
   year = {2008},
   pages = {110-118}
}

Abstract

Vehicular communication systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. we discuss the design of a VC security system that has emerged as a result of the European SeVe-Com project. In this second article we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems.

Securing Coding Based Distributed Storage in Wireless Sensor Networks

L. Buttyán and L. Czap and I. Vajda

IEEE Workshop on Wireless and Sensor Network Security (WSNS), Atlanta, Georgia, USA, September 29-October 2, 2008.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and László CZAP and István VAJDA},
   title = {Securing Coding Based Distributed Storage in Wireless Sensor Networks},
   booktitle = {IEEE Workshop on Wireless and Sensor Network Security (WSNS)},
   address = {Atlanta, Georgia, USA},
   month = {September 29-October 2},
   year = {2008}
}

Abstract

We address the problem of pollution attacks in coding based distributed storage systems proposed for wireless sensor networks. In a pollution attack, the adversary maliciously alters some of the stored encoded packets, which results in the incorrect decoding of a large part of the original data upon retrieval. We propose algorithms to detect and recover from such attacks. In contrast to existing approaches to solve this problem, our approach is not based on adding cryptographic checksums or signatures to the encoded packets. We believe that our proposed algorithms are suitable in practical systems.

Security and Cooperation in Wireless Networks

L. Buttyán and J. P. Hubaux

Cambridge University Press, 2008.

Bibtex

@book {
   author = {Levente Buttyán and Jean-Pierre Hubaux},
   title = {Security and Cooperation in Wireless Networks},
   publisher = {Cambridge University Press},
   year = {2008}
}

Abstract

Security API analysis with the spi-calculus

L. Buttyán and T. V. Thong

Hiradástechnika, vol. LXIII, January, 2008, pp. 16-21.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and Ta Vinh Thong},
   title = {Security API analysis with the spi-calculus},
   journal = {Hiradástechnika},
   volume = {LXIII},
   month = {January},
   year = {2008},
   pages = {16-21}
}

Keywords

Security API, Spi-calculus, Verification

Abstract

API level vulnerabilities of hardware security modules represent a serious threat, thus, discovering and patching security holes in APIs are important. In this paper, we argue and illustrate that the application of formal verification methods is a promising approach for API analysis. In particular, we propose an API verification method based on process algebra. The proposed method seems to be extremely wellsuited for API analysis as it allows for the straightforward modelling of the API, the precise definition of the security requirements, and the rigorous verification of the security properties offered by the API.

2007

An User Authentication Scheme for Fast Handover Between WiFi Access Points

A. Bohák and L. Buttyán and L. Dóra

In Proceedings of the Third Annual International Wireless Internet Conference, ACM, Austin, Texas, USA, October 22-23, 2007, pp. 1-6, (invited paper).

Bibtex | Abstract | PDF

@inproceedings {
   author = {András BOHÁK and Levente Buttyán and László DÓRA},
   title = {An User Authentication Scheme for Fast Handover Between WiFi Access Points},
   booktitle = {In Proceedings of the Third Annual International Wireless Internet Conference},
   publisher = {ACM},
   address = {Austin, Texas, USA},
   month = {October 22-23},
   year = {2007},
   pages = {1-6},
   note = {(invited paper)}
}

Abstract

In this paper, we propose an authentication scheme that is designed to reduce the authentication delay during a WiFi handover process. We observe that the largest part of the delay is due to the remote communications between the access point and the AAA server that authorizes the access to the network. In order to eliminate remote communications, our scheme uses pre-authorization, and it pre-distributes authentication information to the access points that are the potential targets of a future handover. This ensures that only local communications (between the mobile station and the access point) take place during the handover itself. We describe the design of our scheme, as well as report on a proof-of-concept implementation. Our validation results show that our scheme breaks the dependency of the authentication delay on the round-trip time between the access point and the AAA server. This makes our scheme applicable in real time applications such as telephony and video streaming for WiFi users.

Architecture for Secure and Private Vehicular Communications

P. Papadimitratos and L. Buttyán and J. P. Hubaux and F. Kargl and A. Kung and M. Raya

Proceedings of the International Conference on ITS Telecommunications (ITST), -, Sophia Antipolis, France, June 6-8, , 2007, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Panagiotis Papadimitratos and Levente Buttyán and Jean-Pierre Hubaux and Frank Kargl and Antonio Kung and Maxim Raya},
   title = {Architecture for Secure and Private Vehicular Communications},
   booktitle = {Proceedings of the International Conference on ITS Telecommunications (ITST)},
   publisher = {-},
   address = {Sophia Antipolis, France},
   month = {June 6-8, },
   year = {2007},
   pages = {1-6}
}

Abstract

The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities and cryptographic keys, the security of communications, and the integration of privacy enhancing technologies. Our design approach aims at a system that relies on well-understood components which can be upgraded to provide enhanced security and privacy protection in the future. This effort is undertaken by SeVeCom (http://www.sevecom.org), a transversal project providing security and privacy enhancing mechanisms compatible with the VC technologies currently under development by all EU funded projects.

Barter-based cooperation in delay-tolerant personal wireless networks

L. Buttyán and L. Dóra and M. Felegyhazi and I. Vajda

In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications, IEEE Computer Society Press, Helsinki, Finland, June 18 , 2007, pp. 1-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and László DÓRA and Mark Felegyhazi and István VAJDA},
   title = {Barter-based cooperation in delay-tolerant personal wireless networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications},
   publisher = {IEEE Computer Society Press},
   address = {Helsinki, Finland},
   month = {June 18 },
   year = {2007},
   pages = {1-6}
}

Abstract

In this paper, we consider the application of delay-tolerant networks to personal wireless communications. In these networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. In addition, the results show that the individually most beneficial behavior leads to the social optimum of the system.

Biztonsági API analízis a spi-kalkulussal

L. Buttyán and T. V. Thong

Hiradástechnika, vol. LXII/8, August, 2007, pp. 43-49.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and Ta Vinh Thong},
   title = {Biztonsági API analízis a spi-kalkulussal},
   journal = {Hiradástechnika},
   volume = {LXII/8},
   month = {August},
   year = {2007},
   pages = {43-49}
}

Keywords

Biztonsági API, Formális ellenõrzés, Spi-kalkulus

Abstract

Az API szintû támadások komoly veszélyt jelentenek a hardver biztonsági modulokra nézve, ezért fontos követelmény az API-ban rejlõ biztonsági lyukak felfedezése és foltozása. Az API analízis egyik igéretes iránya a formális verifikációs módszerek alkalmazása. Cikkünkben ezt az irányt követjük, s egy processz-algebra alapú API verifikációs módszert javaslunk, mely különösen alkalmasnak látszik a biztonsági API-k mûködésének formális leírására, a biztonsági követelmények precíz definiálására, és a megfogalmazott követelmények teljesítésének ellenõrzésére. Munkánk motiválása céljából ismertetünk nénány konkrét API szintû támadást is egy a gyakorlatban elterjedten használt hardver biztonsági modul ellen. Bevezetés

CORA: Correlation-based Resilient Aggregation in Sensor Networks

P. Schaffer and I. Vajda

In Proceedings of the 10th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), ACM Press, Chania, Crete, Greece, October 22 - 26, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Peter Schaffer and István VAJDA},
   title = {CORA: Correlation-based Resilient Aggregation in Sensor Networks},
   booktitle = {In Proceedings of the 10th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)},
   publisher = {ACM Press},
   address = {Chania, Crete, Greece},
   month = {October 22 - 26},
   year = {2007}
}

Abstract

In this paper we consider the problem of resilient data aggregation, namely, when aggregation has to be performed on a compromised sample. We present a statistical framework that is designed to mitigate the effects of an attacker who is able to alter the values of the measured parameters of the environment around some of the sensor nodes. Our proposed framework takes advantage of the naturally existing correlation between the sample elements, which is very rarely considered in other sensor network related papers. The algorithms presented are to be applied without assumption on the sensor network’s sampling distribution or on the behaviour of the attacker. The effectiveness of the algorithms is formally evaluated.

Efficient Directory Harvest Attacks and Countermeasures

B. Bencsáth and I. Vajda

International Journal of Network Security, vol. 5, no. 3, 2007, pp. 264-273.

Bibtex

@article {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Efficient Directory Harvest Attacks and Countermeasures},
   journal = {International Journal of Network Security},
   volume = {5},
   number = {3},
   year = {2007},
   pages = {264-273}
}

Abstract

Empirical Analysis of Denial of Service Attack Against SMTP Servers

B. Bencsáth and M. A. Rónai

Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems, IEEE, Orlando, Florida, USA, May 21-25 , 2007, pp. 72-79.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth and Miklós Aurél RÓNAI},
   title = {Empirical Analysis of Denial of Service Attack Against SMTP Servers},
   booktitle = {Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE},
   address = {Orlando, Florida, USA},
   month = {May 21-25 },
   year = {2007},
   pages = {72-79}
}

Abstract

Group-Based Private Authentication

G. Avoine and L. Buttyán and T. Holczer and I. Vajda

In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007), IEEE, Helsinki, Finland, Jun 18 , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gildas Avoine and Levente Buttyán and Tamas Holczer and István VAJDA},
   title = {Group-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007)},
   publisher = {IEEE},
   address = {Helsinki, Finland},
   month = {Jun 18 },
   year = {2007}
}

Abstract

We propose a novel authentication scheme that ensures privacy of the provers. Our scheme is based on symmetric-key cryptography, and therefore, it is well-suited to resource constrained applications in large scale environments. A typical example for such an application is an RFID system, where the provers are low-cost RFID tags, and the number of the tags can potentially be very large. We analyze the proposed scheme and show that it is superior to the well-known key-tree based approach for private authentication both in terms of privacy and efficiency.

On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs

I. Vajda and T. Holczer and L. Buttyán

In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer, Cambridge, UK, July 2-3, , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA and Tamas Holczer and Levente Buttyán},
   title = {On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs},
   booktitle = {In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007)},
   publisher = {Springer},
   address = {Cambridge, UK},
   month = {July 2-3, },
   year = {2007}
}

Abstract

The promise of vehicular communications is to make road traffic safer and more efficient. However, besides the expected benefits, vehicular communications also introduce some privacy risk by making it easier to track the physical location of vehicles. One approach to solve this problem is that the vehicles use pseudonyms that they change with some frequency. In this paper, we study the effectiveness of this approach.We define a model based on the concept of the mix zone, characterize the tracking strategy of the adversary in this model, and introduce a metric to quantify the level of privacy enjoyed by the vehicles. We also report on the results of an extensive simulation where we used our model to determine the level of privacy achieved in realistic scenarios. In particular, in our simulation, we used a rather complex road map, generated traffic with realistic parameters, and varied the strength of the adversary by varying the number of her monitoring points. Our simulation results provide detailed information about the relationship between the strength of the adversary and the level of privacy achieved by changing pseudonyms.

PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks

L. Buttyán and P. Schaffer

In Proceedings of the 4th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS), IEEE Press, Pisa, Italy, October 8-11, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and Peter Schaffer},
   title = {PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks},
   booktitle = {In Proceedings of the 4th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS)},
   publisher = {IEEE Press},
   address = {Pisa, Italy},
   month = {October 8-11},
   year = {2007}
}

Abstract

In this paper, we introduce PANEL, a position-based aggregator node election protocol for wireless sensor networks. The novelty of PANEL with respect to other aggregator node election protocols is that it supports asynchronous sensor network applications where the sensor readings are fetched by the base stations after some delay. In particular, the motivation for the design of PANEL was to support reliable and persistent data storage applications, such as TinyPEDS. PANEL ensures load balancing, and it supports intra- and inter-cluster routing allowing sensor to aggregator, aggregator to aggregator, base station to aggregator, and aggregator to base station communications. We also present simulation results showing that PANEL is very energy efficient.

Secure Routing in Wireless Sensor Networks

G. Ács and L. Buttyán

in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press, 2007.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács and Levente Buttyán},
   title = {Secure Routing in Wireless Sensor Networks},
   publisher = {in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press},
   year = {2007}
}

Abstract

In this chapter, we study how sensor network routing protocols can be secured. First, we describe the adversary model, the objectives of attacks against routing, as well as the different attack methods that may be used in wireless sensor networks. All these are illustrated by example attacks on well-known sensor network routing protocols. Then, we describe various countermeasures that can be used in sensor networks to secure the routing protocols. These include link layer security measures, secure neighbor discovery techniques, authenticated broadcast algorithms, and multi-path routing techniques. Finally, we illustrate the application of some of these countermeasures by presenting and explaining the operation of some secured sensor network routing protocols.

Security and Privacy in Ad Hoc and Sensor Networks

L. Buttyán and V. Gligor and D. Westhoff

vol. LNCS 4357, Springer, 2007.

Bibtex

@book {
   author = {Levente Buttyán and Virgil Gligor and Dirk Westhoff},
   title = {Security and Privacy in Ad Hoc and Sensor Networks},
   volume = {LNCS 4357},
   publisher = {Springer},
   year = {2007}
}

Abstract

The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks

I. Vajda and L. Buttyán and G. Ács

October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA and Levente Buttyán and Gergely Ács},
   title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
   editor = {October 8-11},
   booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
   organization = {IEEE Press},
   address = {Pisa, Italy},
   year = {2007}
}

Abstract

In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.

2006

A taxonomy of routing protocols for wireless sensor networks

L. Buttyán and G. Ács

Híradástechnika, December, 2006.

Bibtex | Abstract

@article {
   author = {Levente Buttyán and Gergely Ács},
   title = {A taxonomy of routing protocols for wireless sensor networks},
   journal = {Híradástechnika},
   month = {December},
   year = {2006}
}

Abstract

Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.

How to accept an electronic signature?

I. Zs. Berta

Híradástechnika, 2006, vol. LXI, 2006, in Hungarian.

Bibtex | Abstract

@article {
   author = {István Zsolt BERTA},
   title = {How to accept an electronic signature?},
   journal = {Híradástechnika, 2006, vol. LXI},
   year = {2006},
   note = {in Hungarian}
}

Abstract

The mathematical principles of electronic signatures have been known for several decades. Since then, electronic signatures have been incorporated into the Hungarian legal system: they have become legally equivalent with handwritten ones. Although we can now rely on both their mathematical and on their legal foundations, this technology has began to spread but in the last few years. The practical application of this new technology highlighted certain problems. Many of these also appear in case of handwritten signatures, but have lesser significance in that case.

Az elektronikus aláírás elméleti alapjai régóta ismertek. E matematikai, kriptográfiai szempontból bevált technológia már a hazai jogrendszerbe is beépült, és ezzel az elektronikus aláírás a kézzel írott aláírással egyenértékûvé vált. Az elektronikus aláírás használatához mind a matematikai, mind a jogi alapok rendelkezésre állnak, de e technológia mégis csak az elmúlt években kezdett elterjedni hazánkban. A gyakorlati alkalmazás során számos probléma merült fel ezen új technológiával kapcsolatban. Ezek nagy része megjelenik a kézzel írott aláírások esetében is, de e problémák ott sokkal kisebb jelentõséggel bírnak.

Internet Denial of Service attacks in game theoretical model (in hungarian)

B. Bencsáth and I. Vajda

Alkalmazott Matematikai Lapok 23, 2006, pp. 335-348..

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Internet Denial of Service attacks in game theoretical model (in hungarian)},
   journal = {Alkalmazott Matematikai Lapok 23},
   year = {2006},
   pages = {335-348.}
}

Keywords

DoS

Abstract

Cikkünk kriptográai protokollok szolgáltatás-megtagadásos (Denial of Service  DoS) támadások elleni védelmér®l szól. A DoS támadások modellezésére a folyamatot stratégiai játékként értelmezzük. Ebben a modellben a támadó maximalizálni kívánja a kiszolgáló elhasznált kapacitásait, míg a kiszolgáló minimalizálni próbálja az elpazarolt er®forrásokat, és megpróbálja továbbra is kiszolgálni a legitim klienseket. A játékelméleti szemléletmódot részleteiben mutatjuk be, és felhasználjuk azt a kliens oldali rejtvény technika (client-side puzzle) optimalizálására. A cikkben analizáljuk azt az esetet is, amikor a szerver optimális kevert stratégiát választ a védekezéshez.

Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks

G. Ács and L. Buttyán and I. Vajda

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács and Levente Buttyán and István VAJDA},
   title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
   month = {October},
   year = {2006}
}

Abstract

The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.

Optimal Key-Trees for Tree-Based Private Authentication

I. Vajda and T. Holczer and L. Buttyán

In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), June, 2006, Springer.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA and Tamas Holczer and Levente Buttyán},
   title = {Optimal Key-Trees for Tree-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET)},
   month = {June},
   year = {2006},
   note = {Springer}
}

Abstract

Key-tree based private authentication has been proposed by Molnar and Wagner as a neat way to efficiently solve the problem of privacy preserving authentication based on symmetric key cryptography. However, in the key-tree based approach, the level of privacy provided by the system to its members may decrease considerably if some members are compromised. In this paper, we analyze this problem, and show that careful design of the tree can help to minimize this loss of privacy. First, we introduce a benchmark metric for measuring the resistance of the system to a single compromised member. This metric is based on the well-known concept of anonymity sets. Then, we show how the parameters of the key-tree should be chosen in order to maximize the system's resistance to single member compromise under some constraints on the authentication delay. In the general case, when any member can be compromised, we give a lower bound on the level of privacy provided by the system. We also present some simulation results that show that this lower bound is quite sharp. The results of this paper can be directly used by system designers to construct optimal key-trees in practice; indeed, we consider this as the main contribution of our work.

Protection against DHA attack with central filtering (in hungarian)

Géza Szabó and B. Bencsáth

Híradástechnika, vol. LXI, 05, 2006, pp. pp. 2-9.

Bibtex

@article {
   author = {Géza Szabó and Boldizsár Bencsáth},
   title = {Protection against DHA attack with central filtering (in hungarian)},
   journal = {Híradástechnika},
   volume = {LXI},
   month = {05},
   year = {2006},
   pages = {pp. 2-9}
}

Abstract

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

I. Vajda and L. Buttyán and G. Ács

IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.

Bibtex | Abstract

@article {
   author = {István VAJDA and Levente Buttyán and Gergely Ács},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {5},
   number = {11},
   year = {2006}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.

Providing Location Privacy in Automated Fare Collection Systems

I. Vajda and T. Holczer and L. Buttyán

In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece, June, 2006.

Bibtex | PDF

@inproceedings {
   author = {István VAJDA and Tamas Holczer and Levente Buttyán},
   title = {Providing Location Privacy in Automated Fare Collection Systems},
   booktitle = {In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece},
   month = {June},
   year = {2006}
}

Abstract

RANBAR: RANSAC-Based Resilient Aggregation in Sensor Networks

I. Vajda and P. Schaffer and L. Buttyán

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), ACM Press, Alexandria, VA, USA, October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA and Peter Schaffer and Levente Buttyán},
   title = {RANBAR: RANSAC-Based Resilient Aggregation in Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN)},
   publisher = {ACM Press},
   address = {Alexandria, VA, USA},
   month = {October},
   year = {2006}
}

Abstract

We present a novel outlier elimination technique designed for sensor networks. This technique is called RANBAR and it is based on the RANSAC (RANdom SAmple Consensus) paradigm, which is well-known in computer vision and in automated cartography. The RANSAC paradigm gives us a hint on how to instantiate a model if there are a lot of compromised data elements. However, the paradigm does not specify an algorithm and it uses a guess for the number of compromised elements, which is not known in general in real life environments. We developed the RANBAR algo- rithm following this paradigm and we eliminated the need for the guess. Our RANBAR algorithm is therefore capable to handle a high percent of outlier measurement data by leaning on only one preassumption, namely that the sample is i.i.d. in the unattacked case. We implemented the algo- rithm in a simulation environment and we used it to filter out outlier elements from a sample before an aggregation procedure. The aggregation function that we used was the average. We show that the algorithm guarantees a small dis- tortion on the output of the aggregator even if almost half of the sample is compromised. Compared to other resilient aggregation algorithms, like the trimmed average and the median, our RANBAR algorithm results in smaller distor- tion, especially for high attack strengths.

Resilient Aggregation with Attack Detection in Sensor Networks

L. Buttyán and P. Schaffer and I. Vajda

Second IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS), IEEE Computer Society Press, Pisa, Italy, March, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and Peter Schaffer and István VAJDA},
   title = {Resilient Aggregation with Attack Detection in Sensor Networks},
   booktitle = {Second IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS)},
   publisher = {IEEE Computer Society Press},
   address = {Pisa, Italy},
   month = {March},
   year = {2006}
}

Abstract

In this paper, we propose a new model of resilient data aggregation in sensor networks, where the aggregator analyzes the received sensor readings and tries to detect unexpected deviations before the aggregation function is called. In this model, the adversary does not only want to cause maximal distortion in the output of the aggregation function, but it also wants to remain undetected. The advantage of this approach is that in order to remain undetected, the adversary cannot distort the output arbitrarily, but rather the distortion is usually upper bounded, even for aggregation functions that were considered to be insecure earlier (e.g., the average). We illustrate this through an example in this paper.

Resilient Aggregation: Statistical Approaches

L. Buttyán and P. Schaffer and I. Vajda

Chapter 10, in N.P.Mahalik (ed.): Sensor Networks and Configuration, Springer, 2006.

Bibtex | Abstract | PDF

@inbook {
   author = {Levente Buttyán and Peter Schaffer and István VAJDA},
   title = {Resilient Aggregation: Statistical Approaches},
   chapter = {Chapter 10},
   publisher = {in N.P.Mahalik (ed.): Sensor Networks and Configuration, Springer},
   year = {2006}
}

Abstract

In typical sensor network applications, the sensors are left unattended for a long period of time. In addition, due to cost reasons, sensor nodes are usually not tamper resistant. Consequently, sensors can be easily captured and compromised by an adversary. Once compromised, a sensor can send authentique messages to other nodes and to the base station, but those messages may contain arbitrary data created by the adversray (e.g., bogus measurments). A similar effect can be achieved by manipulating the physical environment of uncompromised sensors so that they measure false values. Bogus data introduced by the adversary may considerably distort the output of the aggregation function at the base station, and may lead to wrong decisions. The goal of resilient aggregation is to perform the aggregation correctly despite the possibility of the above mentioned attacks. In this paper, we give an overview of the state-of-the-art in resilient aggregation in sensor networks, and briefly summarize the relevant techniques in the field of mathematical statistics. In addition, we introduce a particular approach for resilient aggregation in more details. This approach is based on RANSAC (RAndom SAmple Consensus), which we adopted for our purposes. We also present some initial simulation results showing that our RANSAC based approach can tolerate a high percentage of compromised nodes.

SEVECOM - Secure Vehicle Communication

T. Leinmueller and L. Buttyán and J. P. Hubaux and F. Kargl and P. Papadimitratos and M. Raya and E. Schoch

IST Mobile Summit, ??, June, 2006.

Bibtex | Abstract

@inproceedings {
   author = {Tim Leinmueller and Levente Buttyán and Jean-Pierre Hubaux and Frank Kargl and Panagiotis Papadimitratos and Maxim Raya and Elmar Schoch},
   title = {SEVECOM - Secure Vehicle Communication},
   booktitle = {IST Mobile Summit},
   publisher = {??},
   month = {June},
   year = {2006}
}

Abstract

Vehicle to Vehicle communication (V2V) and Vehicle to Infrastructure communication (V2I) promise to improve road safety and optimize road traffic through cooperative systems applications. A prerequisite for the successful deployment of vehicular communications is to make them secure. The specific operational environment (moving vehicles, sporadic connectivity, etc. ) makes the problem very novel and challenging. Because of the challenges, a research and development road map is needed. We consider SEVECOM [1] to be the first phase of a longer term undertaking. In this first phase, we aim to define a consistent and future-proof solution to the problem of V2V/V2I security. SEVECOM will focus on communications specific to road traffic. This includes messages related to traffic information, anonymous safety-related messages, and liability related messages.

Statistical analysis of the results of the DHA protection system (in hungarian)

Géza Szabó and B. Bencsáth

Proceedings of Networkshop 2006 conference, NIIF, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Géza Szabó and Boldizsár Bencsáth},
   title = {Statistical analysis of the results of the DHA protection system (in hungarian)},
   booktitle = {Proceedings of Networkshop 2006 conference},
   publisher = {NIIF},
   year = {2006}
}

Abstract

Obtaining the e-mail addresses which are handled by the mail servers is the Directory Harvest Attack. The root of the problem in DHA is in the SMTP protocol itself: the e-mail servers, if they got the mail to a proper address, would not respond, simply accept it. If the server got a mail to a non-existent address, then it would give a response either immediately or later whether the post office box exists or not. This process gives information about the e-mail addresses which are upkept by the server. The attackers use this information, sending huge amount of messages to the e-mail server. The addresses from which do not arrive response (so the server accepts the e-mail without negative signal) are gathered to a list. These addresses should belong to valid user accounts, so it is worthy to send uninvited mails to it. In our presentation we would like to introduce our research, development, and show the results gained from the running of the implemented system. The implemented protection is component based developments, which are strongly coherent and use each other software elements to a high extent. Last year we presented a possible implementation plan. We have continued this work, implemented the system and run it for a long period to collect data from attackers. We would like to analyse the data collected by our system. We present which typical DHA attackers exist and whether it is possible to distinguish them unambiguously from each other based on just the attacker statistics. We compare the distribution of attackers by country in Europe. We review the Hungarian DHA situation based on internet access. With modern statistical methods we examine the question whether we can get answer for that why is DHA happening.

Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban

L. Buttyán and G. Ács

Híradástecnika, November, 2006.

Bibtex | Abstract

@article {
   author = {Levente Buttyán and Gergely Ács},
   title = {Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban},
   journal = {Híradástecnika},
   month = {November},
   year = {2006}
}

Abstract

A szenzorhálózatok változatos alkalmazásai különbözõ követelményeket támasztanak az útvonalválasztó protokollokkal szemben. A különbözõ követelményeknek köszönhetõen igen sok javasolt protokoll található az irodalomban. Ebben a cikkben rendszerezzük ezeket a vonalválasztó protokollokat, és minden családból bemutatunk egy prominens képviselõt. A cikk újdonsága a rendszerezéshez használt szempontrendszer, mely a protokollok eddigieknél részletesebb taxonómiáját eredményezi.

WiFi biztonság - A jó, a rossz, és a csúf

L. Dóra and L. Buttyán

Híradástechnika, May, 2006.

Bibtex | Abstract | PDF

@article {
   author = {László DÓRA and Levente Buttyán},
   title = {WiFi biztonság - A jó, a rossz, és a csúf},
   journal = {Híradástechnika},
   month = {May},
   year = {2006}
}

Abstract

Jelen cikkben ismeretterjesztõ jellegû áttekintést adunk a WiFi biztonsághoz kapcsolódó szabványokról, a WEP-rõl és a 802.11i-rõl.

2005

A framework for the revocation of unintended digital signatures initiated by malicious terminals

I. Zs. Berta and L. Buttyán and I. Vajda

IEEE Transactions on Secure and Dependable Computing, vol. (Vol. 2, No. 3), July-September, 2005, pp. 268-272.

Bibtex | Abstract

@article {
   author = {István Zsolt BERTA and Levente Buttyán and István VAJDA},
   title = {A framework for the revocation of unintended digital signatures initiated by malicious terminals},
   journal = {IEEE Transactions on Secure and Dependable Computing},
   volume = {(Vol. 2, No. 3)},
   month = {July-September},
   year = {2005},
   pages = {268-272}
}

Abstract

Human users need trusted computers when they want to generate digital signatures. In many applications, in particular, if the users are mobile, they need to carry their trusted computers with themselves. Smart cards are easy to use, easy to carry, and relatively difficult to tamper with, but they do not have a user interface; therefore, the user still needs a terminal for authorizing the card to produce digital signatures. If the terminal is malicious, it can mislead the user and obtain a digital signature on an arbitrary document. In order to mitigate this problem, we propose a solution based on conditional signatures. More specifically, we propose a framework for the controlled revocation of unintended digital signatures. We also propose a solution with a special emphasis on privacy issues.

Ad hoc útvonalválasztó protokollok bizonyított biztonsága

G. Ács and L. Buttyán and I. Vajda

Híradástechnika, March, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács and Levente Buttyán and István VAJDA},
   title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
   journal = {Híradástechnika},
   month = {March},
   year = {2005}
}

Keywords

ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigma

Abstract

Ebben a cikkben egy olyan formális módszert mutatunk be, amivel a vezeték nélküli ad hoc hálózatok számára javasolt, igény szerinti, forrás alapú útvonalválasztó protokollokat (on-demand source routing) lehet biztonsági szempontból elemezni. A módszer alapját a szimulációs paradigma adja, mely egy jól ismert, általános eljárás kriptográfiai protokollok biztonságának bizonyítására. A cikkben bemutatjuk a szimulációs paradigma adaptációját ad hoc útvonalválasztó protokollokra. Formálisan megfogalmazzuk, hogy mit értünk biztonságos útvonalválasztás alatt, melyhez felhasználjuk a statisztikai megkülönböztethetetlenség fogalmát. A módszer gyakorlati alkalmazását egy példán keresztül szemléltetjük, melyben röviden ismertetjük az endairA útvonalválasztó protokoll mûködését, és bebizonyítjuk, hogy a protokoll biztonságos az általunk definiált modellben.

Components to improve the protection against spam and viruses

B. Bencsáth and Géza Szabó

HSN LAB Workshop, Jun, 2005.

Bibtex | Abstract

@inproceedings {
   author = {Boldizsár Bencsáth and Géza Szabó},
   title = {Components to improve the protection against spam and viruses},
   booktitle = {HSN LAB Workshop},
   month = {Jun},
   year = {2005}
}

Keywords

virus dos rbl centralized protection

Abstract

In our presentation we would like to show our research plans, and achievments in the field of virus and spam protection. The planned protection methods are component based developments, close-knit methods, which use each other software components to a great extent. One of the most important methods out of the protection against SPAM is to avoid getting the e-mail addresses maintained by us on to a SPAM list. Among other methods, the attackers use the directory harvest attack (DHA), therefore I would like to show a protection method against it, which works on the recognition and centralised forbidding of the attackers. The novel in our solution is that, in other anti-SPAM methods the emphasis is not put on prevention, they just filter the incoming unsolicited mails. In contrast to this, we suggest a system consists of components, which can be built in our existent working system and prevents the directory harvest attacks. Our system can also be connected with spam-recognition softwares. The solution makes savings possible by mails, coming from known DHA attackers, are not subjected to resource consuming content filtering methods, just simply forbidden. Our system combined with other methods can improve their efficiency as well. The other important component, which can improve our system efficiency is the component developed in the VIRUSFLAGS project, which gives a solution to the problem in connection with the arriving of a virus infected mail from an falsified sender. In this case there is no point in sending a virus alert to the falsified sender, because this is just misleading. But if the virus (for example a Word macro virus) did not falsify the sender, our machine deletes the letter, but the sender is not notified, then legal problems may occur: if our business neither accepted the resignation of a contradiction, because it is infected with a macro virus, nor notified anyone, would cause a legal problem. The virus scanners may know this information, but taking into consideration the system and component theory, a system component can be more efficient which deals with only this question whether a virus falsifies the sender or not. As an add-in of the VIRUSFLAGS current software components, it make it possible to do statistical data collection about the spread of different viruses, which has the same importance level, if it was not more important. We have prototypes about the presented systems, but the utilization and reuse of the results on the modell is in progress.

Cooperative Packet Forwarding in Multi-Domain Sensor Networks

M. Felegyhazi and J. P. Hubaux and L. Buttyán

Proceedings of the First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005), March, 2005.

Bibtex

@inproceedings {
   author = {Mark Felegyhazi and and Levente Buttyán},
   title = {Cooperative Packet Forwarding in Multi-Domain Sensor Networks},
   booktitle = {Proceedings of the First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005)},
   month = {March},
   year = {2005}
}

Abstract

Efficient Directory Harvest Attacks

B. Bencsáth and I. Vajda

William McQuay and Waleed W. Smari, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, IEEE, IEEE Computer Society, July, 2005, pp. 62- 68.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Efficient Directory Harvest Attacks},
   editor = {William McQuay and Waleed W. Smari},
   booktitle = {Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE, IEEE Computer Society},
   month = {July},
   year = {2005},
   pages = {62- 68}
}

Keywords

DHA, SPAM, e-mail attack, DoS

Abstract

In this paper the E-mail Directory Harvest Attacks (DHA) are investigated. We elaborated a method for optimizing the wordlist size used by the attacker in a resource limited environment. We analyzed the results and proved that our method is optimal. We also present an efficient countermeasure against DHA.

Mitigating the attacks of malicious terminals

I. Zs. Berta

BME, 2005.

Bibtex | Abstract | PDF

@phdthesis {
   author = {István Zsolt BERTA},
   title = {Mitigating the attacks of malicious terminals},
   school = {BME},
   year = {2005}
}

Abstract

Smart cards, having no user interface, are unable to communicate with the user directly. Communication is only possible with the aid of a terminal, which leads to several security problems. For example, if the terminal is untrusted (which is a very typical scenario), it may perform a man-in-the middle attack. I have created a formal model for dealing with untrusted terminals, and developed mathematical proofs on the limitations of a user in an untrusted terminal environment. Unfortunately, these limitations are too severe, so the attacks of malicious terminals cannot be fully eliminated. Thus, I elaborated solutions to mitigate the problem: I have developed a protocol that takes advantage of the biometric abilities of the user and thus allows sending authentic messages from untrusted terminals. I have also developed a framework for the user to review signatures made in untrusted environment, and to revoke unintended signatures.

Mobility Helps Peer-to-Peer Security

S. Capkun and J. P. Hubaux and L. Buttyán

IEEE Transactions on Mobile Computing, to appear, 2005.

Bibtex

@article {
   author = { and and Levente Buttyán},
   title = {Mobility Helps Peer-to-Peer Security},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks

M. Felegyhazi and J. P. Hubaux and L. Buttyán

IEEE Transactions on Mobile Computing, to appear, 2005.

Bibtex

@article {
   author = {Mark Felegyhazi and and Levente Buttyán},
   title = {Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Node Cooperation in Hybrid Ad hoc Networks

N. B. Salem and L. Buttyán and J. P. Hubaux and M. Jakobsson

IEEE Transactions on Mobile Computing, to appear, 2005.

Bibtex

@article {
   author = {N. Ben Salem and Levente Buttyán and and Markus Jakobsson},
   title = {Node Cooperation in Hybrid Ad hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Possible protection methods against DHA attacks by the attackers recognition and centralized ban (in hungarian)

Géza Szabó and Gábor Szabó

Networkshop 2005 Konferencia, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Géza Szabó and Gábor Szabó},
   title = {Possible protection methods against DHA attacks by the attackers recognition and centralized ban (in hungarian)},
   booktitle = {Networkshop 2005 Konferencia},
   year = {2005}
}

Abstract

Introduction: In result of growing number of uninvited mails,viruses spreading in mails and other malwares people tend to think it twice who they give their e-mails to. They have another think whether they should take the risk to use their e-mail on an online forum, or even to leave it on their own web page or calling card. Cause of the reasons above, the users usually keep an other one-time e-mail address, often at some free service provider, which in case of flooding of uninvited mails, it can be leaved to its own devices. The root of the problem in DHA is in the SMTP protocoll itself: the e-mail servers, if they got the mail to a proper address, would not respond, simply accept it. If the server got a mail to a non-existent address, then it would give a response either immediately or later whether the post office box exists or not. This process gives information about the e-mail addresses which are upkept by the server. The attackers use this information, sending huge amount of messages to the email server. The addresses from which do not arrive response (so the server accepts the e-mail without negative signal) are gathered to a list. These addresses should belong to valid user accounts, so it is worthy to send uninvited mails to it. Beside of getting out of our address, the other problem may the DoS like attack of the mail server. For the sake of gathering the e-mails, the attacker (or even more than one) sends huge amount of misaddressed e-mails, which can result in the overloading of computing and network capacity of the server. There are two main types of DHA attack: the first one is a “brute force” like method, when all the possible character combinations are tried out as e-mail address; the second, a much more sophisticated: typical occurent e-mail addresses are generated from first, second, and nick names, offten occurent words, and well-known e-mail IDs. One way of the protection against DHA attacks can be the simply complicated-choosen e-mail addresses. Although our collegues may be hardly able to remember it, and the other side of the coin is that this method can do nothing against brute force like attacks. Other solution can be if we configure the server to accept every e-mails and do not feedback to anyone, and so the misaddressed e-mails are simply ignored. This solution has several backdraws: the mail senders does not know that an address does not exist, so the server may be flooded by uninvited mails. It is also important, that even the legitim user is not informed about misaddressed e-mails. So because of all of these reasons, the ban of feedback is not suggested. The most applicable would be the refinement of SMTP protocoll, but what can we do by the time this not happens? Our suggested solution: We suggest a system built up by components, which infiltrates besides our current system and halts these types of attacks. This system consists of a syslog analyzator, a spam detector, and a virus searching portion. The results are summerised in a centralized registration list, so we keep the list of those computers which are involved in the DHA attack. With the help of the centralized registration list, all member of the system using our components gain information even from each others problems, so the attacker can be banned not only from one place but it can not do any harm for the others as well. The syslog analyzing system looks up in the e-mail server notifications that where the misadressed emails are coming from (which IP address), and makes a detailed report to the central database. In favour of the low number of misaddressed mails, we introduce a method that the discrete missaddressed e-mails can be divided from the real attackers. Our system can be connected to spam-recognizing softwares. The solution makes it possible to save resources by not analysing the e-mails coming from known DHA attacking servers with other resourceintensive content filtering methods but we ban them. Our system even raises these softwares efficiency combined with them.

Provable Security for Ad Hoc Routing Protocols

G. Ács and L. Buttyán and I. Vajda

Híradástechnika, June, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács and Levente Buttyán and István VAJDA},
   title = {Provable Security for Ad Hoc Routing Protocols},
   journal = {Híradástechnika},
   month = {June},
   year = {2005}
}

Keywords

ad hoc networks, on-demand ad hoc source routing, secure ad hoc routing, provable security, simulation paradigm

Abstract

In this article we present a new formal framework that can be used for analyzing the ecurity of on-demand source routing protocols proposed for wireless mobile ad hoc networks. Our approach is based on the simulation paradigm which is a well-known and general procedure to prove the security of cryptographic protocols. We give the formal definition of secure ad hoc routing in a precise and rigorous manner using the concept of statistical indistinguishability. We present an ad hoc source routing protocol, called endairA, and we illustrate the usage of our approach by proving that this protocol is secure in our model.

Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks

G. Ács and L. Buttyán and I. Vajda

In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács and Levente Buttyán and István VAJDA},
   title = {Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks},
   booktitle = {In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005},
   year = {2005}
}

Abstract

In this paper, we propose a framework for the security analysis of on-demand, distance vector routing protocols for ad hoc networks, such as AODV, SAODV, and ARAN. The proposed approach is an adaptation of the simulation paradigm that is used extensively for the analysis of cryptographic algorithms and protocols, and it provides a rigorous method for proving that a given routing protocol is secure. We demonstrate the approach by representing known and new attacks on SAODV in our framework, and by proving that ARAN is secure in our model.

Spontaneous Cooperation in Multi-domain Sensor Networks

P. Schaffer and T. Holczer and L. Buttyán

In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS), Springer, Visegrád, Hungary, July, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Peter Schaffer and Tamas Holczer and Levente Buttyán},
   title = {Spontaneous Cooperation in Multi-domain Sensor Networks},
   booktitle = {In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS)},
   publisher = {Springer},
   address = {Visegrád, Hungary},
   month = {July},
   year = {2005}
}

Abstract

Sensor networks are large scale networks consisting of several nodes and some base stations. The nodes are monitoring the environment and send their measurement data towards the base stations possibly via multiple hops. Since the nodes are often battery powered, an important design criterion for sensor networks is the maximization of their lifetime. In this paper, we consider multi-domain sensor networks, by which we mean a set of sensor networks that co-exist at the same physical location but run by different authorities. In this setting, the lifetime of all networks can be increased if the nodes cooperate and also forward packets originating from foreign domains. There is a risk, however, that a selfish network takes advantage of the cooperativeness of the other networks and exploits them. We study this problem in a game theoretic setting, and show that, in most cases, there is a Nash equilibrium in the system, in which at least one of the strategies is cooperative, even without introducing any external incentives (e.g., payments).

Standards for Product Security Assessment

I. Zs. Berta and L. Buttyán and I. Vajda

Chapter 53, in IT Security Handbook, edited by Hossein Bidgoli, John Wiley and Sons, 2005, (to appear).

Bibtex

@inbook {
   author = {István Zsolt BERTA and Levente Buttyán and István VAJDA},
   title = {Standards for Product Security Assessment},
   chapter = {Chapter 53},
   publisher = {in IT Security Handbook, edited by Hossein Bidgoli, John Wiley and Sons},
   year = {2005},
   note = {(to appear)}
}

Abstract

Statistical Wormhole Detection in Sensor Networks

L. Dóra and L. Buttyán and I. Vajda

Refik Molva, Gene Tsudik, Dirk Westhoff, Lecture Notes in Computer Science, Springer-Verlag GmbH, 2005, pp. Volume 3813/ 2005, pp. 128 - 141, Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {László DÓRA and Levente Buttyán and István VAJDA},
   title = {Statistical Wormhole Detection in Sensor Networks},
   editor = {Refik Molva, Gene Tsudik, Dirk Westhoff},
   booktitle = {Lecture Notes in Computer Science},
   publisher = {Springer-Verlag GmbH},
   year = {2005},
   pages = {Volume 3813/ 2005, pp. 128 - 141},
   note = {Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005}
}

Keywords

Sensor network, wormhole detection, chi-square

Abstract

n this paper, we propose two mechanisms for wormhole detection in wireless sensor networks. The proposed mechanisms are based on hypothesis testing and they provide probabilistic results. The first mechanism, called the Neighbor Number Test (NNT), detects the increase in the number of the neighbors of the sensors, which is due to the new links created by the wormhole in the network. The second mechanism, called the All Distances Test (ADT), detects the decrease of the lengths of the shortest paths between all pairs of sensors, which is due to the shortcut links created by the wormhole in the network. Both mechanisms assume that the sensors send their neighbor list to the base station, and it is the base station that runs the algorithms on the network graph that is reconstructed from the received neighborhood information. We describe these mechanisms and investigate their performance by means of simulation.

The applied Spam-filtering methods and the Sender ID in Hungary (in hungarian)

Gábor Szabó and Géza Szabó

Proceedings of Networkshop 2005 conference, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gábor Szabó and Géza Szabó},
   title = {The applied Spam-filtering methods and the Sender ID in Hungary (in hungarian)},
   booktitle = {Proceedings of Networkshop 2005 conference},
   year = {2005}
}

Abstract

Nowadays we could hear a lot of advantages and disadvantages of Microsoft’s Sender ID Framework. This industrial standard combines the Microsoft’s Caller ID for E-mail, the Sender Policy Framework and the Submitter Optimisation specification. Instead of describing the specification or the problems of the method, I want to make an overview of the incidence of Sender ID and the other methods in Hungary. Analysing the Hungarian position of Sender ID and making a comparison to the related specifications (Sender Policy Framework, SpamAssassin, etc.) I want to come to a conclusion whether the Sender ID could be viable in Hungary.

2004

A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol

L. Buttyán and J. P. Hubaux and S. Capkun

Journal on Computer Security, vol. 12, no. 3-4, 2004, pp. 551-587.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and and },
   title = {A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol},
   journal = {Journal on Computer Security},
   volume = {12},
   number = {3-4},
   year = {2004},
   pages = {551-587}
}

Abstract

We propose a formal model of rational exchange and exchange protocols in general, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game that is played by the protocol parties and the network that they use to communicate with each other. Within this model, we give a formal definition for rational exchange and various other properties of exchange protocols, including fairness. In particular, rational exchange is defined in terms of a Nash equilibrium in the protocol game. We also study the relationship between rational and fair exchange, and prove that fairness implies rationality, but not vice versa. Finally, we illustrate the usage of our formal model for the analysis of existing rational exchange protocols by analyzing a protocol proposed by Syverson. We show that the protocol is rational only under the assumption that the network is reliable.

Az informatikai hálózati infrastruktúra biztonsági kockázatai és kontrolljai

P. Orvos and B. Bencsáth and A. Bogár and B. K. Erdélyi and M. Juhász and T. Horváth and Z. Kincses and L. Kún and B. Martos and P. Mátó and G. Vid and P. Papp and M. Pásztor and Sz. Pásztor and E. Rigó and G. Szappanos and T. Tiszai and B. Tóth and T. Tuzson

IHM - MTA-SZTAKI, 2004.

Bibtex | Abstract | PDF

@techreport {
   author = {Péter ORVOS and Boldizsár Bencsáth and Attila BOGÁR and Bálint Károly ERDÉLYI and Miklós JUHÁSZ and Tamás HORVÁTH and Zoltán KINCSES and László KÚN and Balázs MARTOS and Péter MÁTÓ and Gábor VID and Pál PAPP and Miklós PÁSZTOR and Szilárd PÁSZTOR and Ernõ RIGÓ and Gábor SZAPPANOS and Tamás TISZAI and Beatrix TÓTH and Tibor TUZSON},
   title = {Az informatikai hálózati infrastruktúra biztonsági kockázatai és kontrolljai},
   institution = {IHM - MTA-SZTAKI},
   year = {2004}
}

Abstract

http://www.cert.hu/ismert/00tanulmany/MTAsec_w1_TOC.pdf

Az internetes vírus- és spamvédelem rendszerszemléletben

B. Bencsáth

HISEC 2004 konferencia, 10., 2004, Budapest, in Hungarian.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth},
   title = {Az internetes vírus- és spamvédelem rendszerszemléletben},
   booktitle = {HISEC 2004 konferencia},
   month = {10.},
   year = {2004},
   note = {Budapest, in Hungarian}
}

Abstract

Az internetes virus- és spamvédelem rendszerszemléletben Az elmúlt idõszak bebizonyította, hogy a régóta ismert vírusok és kéretlen reklámlevelek olyan súlyos problémát jelentenek az Internet szereplõinek, amit nem lehet figyelmen kívül hagyni. A cégek többsége jelenleg is használ vírusvédelmi és kéretlen levelek szûrésére alkalmas eszközöket. A vírusok és férgek ennek ellenére gyakorta megelõzik, kicselezik a védelmet és bejutnak a cégek hálózatába. A kéretlen levelek elleni védelem pedig gyakorta hibázik és kiforratlannak tekinthetõ. A problémák megoldására számos kereskedelmi és ingyenesen elérhetõ szoftvertermék létezik. Hiába a megannyi szoftver, a vírusok és reklámlevelek mennyisége arányaiban és abszolút értékben is folyamatosan növekedett az elmúlt idõszakban. A növekedés oka az eszközök hatékonytalansága. A hatékonytalanság nem annak a következménye, hogy a termékek rosszak. A probléma oka az, hogy az egyes termékek, ötletek, megoldások nincsenek megfelelõ rendszere szervezve, hiányoznak a kulcs-komponensek, elfogadott jogi és etikai alapelvek, sztenderdek. A ma telepített vírusvédelmi rendszerek többsége egyszerû mintaillesztéses keresésen és heurisztikus analízisen alapul. Noha ez elfogadható lehet a végponton, az Internet szempontjából összetettebb rendszerekre van szükség. A megoldandó feladatok: az egyedi rendszerek hatékonyságának növelése, összegzett, átfogó adatok kinyerése és a kinyert adatok alapján mûködõ, elosztott Internet-szintû védelem. A megoldáshoz számos apró komponens szükségeltetik, elõadásomban ilyen ötleteket is ismertetni kívánok. Az ötletek olyan apró komponensek, mint a karanténozás segítése a járványterjedés megfigyelésével, a hálózati forgalom alapján történõ járványvizsgálatok, a vírusvédelmi rendszerek valósidejû minõségellenõrzése stb. A kéretlen reklámlevelek elleni védelem többnyire már ma is épít rendszerszemlétre: A megoldások jelentõs része nem egy algoritmust tartalmaz, hanem több metódus használatának szinergiáját használja ki. Nem mondhatjuk azonban, hogy a rendszerszemlélet teljes körû lenne: az egyedi megoldások jelentõs része támadható, és makró szinten a megoldások nem mondhatók hatékonynak a kéretlen reklámok elleni védekezésben. Elõadásomban be kívánok mutatni néhány ötletet, amellyel a védelem hatékonysága növelhetõ (külön kitérve a hazai szigorú törvényekbõl adódó lehetõségek kiaknázására), továbbá be kívánom mutatni azokat a tényezõket, amelyek miatt a védelem jelenleg makró szinten hatástalan. Elõadásom célja összegezve az, hogy bemutassa a rendszerszemlélet elengedhetetlenségét a védelmi módszerek között a jelenlegi komponensek kapcsolatai és további ötletek (és kísérleti rendszerek) bemutatása segítségével.

---
The system approach in the field of virus and spam protection The biggest infection events show that the most dangerous viruses propagate via the Internet email systems. The problem of Internet viruses and spam email messages is no longer dismissible. Multi-layer virus and spam protection reduces the number of infections but still does not eliminate the problem itself. Infected computers send out thousands of infected messages to other hosts, a large part of the Internet traffic is generated by malicious code. A wide range of commercial and free software is available to solve these problems, but along the introduction of these software components, the number of infected hosts and messages is still growing year by year. The reason of the growth is the inefficiency of our software components. This does not mean that the software used against these problems is wrong. The problem is, that the various ideas, tools, software and network components do not build up a whole system. Elaborated key-components, widely accepted standards and legal system and collaborative tools are still missing. As for improvement we do not need new statistical engine to protect a host, but we need a distributed, Internet-fashioned system with collaborative parties to evaluate the situation, to rapidly respond to unknown viruses and other threats. We propose small software components to gain information about the propagation of malicious code, to build up a efficient Internet-wide quarantine system, to monitor and check our protection systems, and to identify or inform owners about problems with their hosts. Many of theses software tools are available but unusable as collaborative tools. The small components cannot work together; we cannot build up a whole, efficient system from these components. The goal of my speech is to present how necessary is a system approach in the field of virus and spam protection. I also present of achievements (plans and prototypes) to develop software components to use in a wide-area protection system.

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case

M. Felegyhazi and J. P. Hubaux and L. Buttyán

Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004), March, 2004.

Bibtex

@inproceedings {
   author = {Mark Felegyhazi and and Levente Buttyán},
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case},
   booktitle = {Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004)},
   month = {March},
   year = {2004}
}

Abstract

HUNEID - Hungarian Electronic ID smart card specifications

I. Zs. Berta and I. Vajda and L. Buttyán and B. Bencsáth and T. Veiland

Ministry of Informatics and Telecommunications (www.ihm.hu), 2004.

Bibtex

@techreport {
   author = {István Zsolt BERTA and István VAJDA and Levente Buttyán and Boldizsár Bencsáth and Tamás Veiland},
   title = {HUNEID - Hungarian Electronic ID smart card specifications},
   institution = {Ministry of Informatics and Telecommunications (www.ihm.hu)},
   year = {2004}
}

Abstract

Incentives for Cooperation in Multi-hop Wireless Networks

L. Buttyán and T. Holczer and P. Schaffer

Híradástechnika, vol. LIX, no. 3, March, 2004, pp. 30--34, (in Hungarian).

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and Tamas Holczer and Peter Schaffer},
   title = {Incentives for Cooperation in Multi-hop Wireless Networks},
   journal = {Híradástechnika},
   volume = {LIX},
   number = {3},
   month = {March},
   year = {2004},
   pages = {30--34},
   note = {(in Hungarian)}
}

Abstract

Cikkünkben bevezetjük a kooperációra való ösztönzés problémáját, ami tipikus problémaként jelentkezik a többugrásos vezetéknélküli hálózatokban. Röviden áttekintjük a nem-kooperatív viselkedési fajtákat, és a kooperációra ösztönzõ mechanizmusok típusait. Végül összefoglaljuk két általunk javasolt ösztönzõ mechanizmus fõbb elemeit, ötleteit.

Kriptográfia és alkalmazásai

L. Buttyán and I. Vajda

Typotex Kiadó, 2004, Budapest, 445p.

Bibtex

@book {
   author = {Levente Buttyán and István VAJDA},
   title = {Kriptográfia és alkalmazásai},
   publisher = {Typotex Kiadó},
   year = {2004},
   note = {Budapest, 445p}
}

Abstract

Limitations of humans when using malicious terminals

I. Zs. Berta and I. Vajda

Tatra Mountains Mathematical Publications, vol. 29, 2004, pp. 1-16.

Bibtex | Abstract | PDF

@article {
   author = {István Zsolt BERTA and István VAJDA},
   title = {Limitations of humans when using malicious terminals},
   journal = {Tatra Mountains Mathematical Publications},
   volume = {29},
   year = {2004},
   pages = {1-16}
}

Abstract

Limitations of humans when using malicious terminals

István Zsolt BERTA, István VAJDA

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal a potential attacker.

According to our model, the user is able to encrypt or authenticate messages with very small degree of security, so these messages can be broken by the terminal with significant probability. Since the cryptographic abilities of the user are more than limited, and no solution is known for the problem, our assumption seems to be realistic.

In this model, we prove, that if the user lacks the ability to encrypt (and decrypt) messages in one step, the remote partner is unable to help the user in constructing a secret channel. We also present our conjecture, that the case is similar in case of authenticity: If the user is unable to calculate a MAC that cannot be broken by the terminal with high probability, then the remote partner is unable to help the user in constructing an authenticated channel.

Mitigating the Untrusted Terminal Problem Using Conditional Signatures

I. Zs. Berta and L. Buttyán and I. Vajda

Proceedings of International Conference on Information Technology ITCC 2004, IEEE, Las Vegas, NV, USA, April, 2004.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István Zsolt BERTA and Levente Buttyán and István VAJDA},
   title = {Mitigating the Untrusted Terminal Problem Using Conditional Signatures},
   booktitle = {Proceedings of International Conference on Information Technology ITCC 2004},
   publisher = {IEEE},
   address = { Las Vegas, NV, USA},
   month = {April},
   year = {2004}
}

Abstract

We study the problem of how a user at an untrusted terminal can generate digital signatures with the help of a smart card. This problem may arise in many practical applications; an example would be a user generating an electronic check at a merchant's terminal in a shop. The danger is that after receiving the PIN code of the card from the user, the terminal can obtain a signature from the card on an arbitrarily chosen document, that is different from the one displayed on the screen and confirmed by the user. We propose a solution to this problem which is based on a new concept called conditional signature. This leads to a new paradigm where digital signatures are not considered as non-repudiable proofs, at least until a short deadline.

Modelling Location Reveal Attacks in Mobile Systems

L. Zombik and L. Buttyán

Periodica Polytechnica, vol. 48, no. 1-2, 2004, pp. 85-100.

Bibtex

@article {
   author = {Laszlo Zombik and Levente Buttyán},
   title = {Modelling Location Reveal Attacks in Mobile Systems},
   journal = { Periodica Polytechnica},
   volume = {48},
   number = {1-2},
   year = {2004},
   pages = {85-100}
}

Abstract

Privacy Protecting Protocols for Revokable Digital Signatures

I. Zs. Berta and L. Buttyán and I. Vajda

Proceedings of Cardis 2004, Toulouse, France (to appear), Kluwer, 2004.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István Zsolt BERTA and Levente Buttyán and István VAJDA},
   title = {Privacy Protecting Protocols for Revokable Digital Signatures},
   booktitle = {Proceedings of Cardis 2004, Toulouse, France (to appear)},
   publisher = {Kluwer},
   year = {2004}
}

Abstract

Consider an application where a human user has to digitally sign a message. It is usually assumed that she has a trusted computer at her disposal, however, this assumption does not hold in several practical cases, especially if the user is mobile. Smart cards have been proposed to solve this problem, but they do not have a user interface, therefore the user still needs a (potentially untrusted) terminal to authorize the card to produce digital signatures. In order to mitigate this problem, we proposed a solution based on conditional signatures to provide a framework for the repudiation of unintended signatures. Our previous solution relies on a trusted third party who is able to link the issuer of the signature with the intended recipient, which may lead to severe privacy problems. In this paper we extend our framework and propose protocols that allow the user to retain her privacy with respect to this trusted third party.

Protection Against DDoS Attacks Based On Traffic Level Measurements

B. Bencsáth and I. Vajda

Waleed W. Smari, William McQuay, 2004 International Symposium on Collaborative Technologies and Systems, The Society for Modeling and Simulation International, San Diego, CA, USA, January, 2004, pp. 22-28., Simulation series vol 36. no. 1., ISBN 1-56555-272-5.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Protection Against DDoS Attacks Based On Traffic Level Measurements},
   editor = {Waleed W. Smari, William McQuay},
   booktitle = {2004 International Symposium on Collaborative Technologies and Systems},
   publisher = {The Society for Modeling and Simulation International},
   address = {San Diego, CA, USA},
   month = {January},
   year = {2004},
   pages = {22-28.},
   note = {Simulation series vol 36. no. 1., ISBN 1-56555-272-5}
}

Keywords

DDoS attacks, traffic analysis, network protection

Abstract

A method for protecting an Internet server against a bandwidth-consuming DDoS attack is proposed and analyzed. Incoming traffic is monitored continuously and ``dangerous'' traffic intensity rises are detected. Such an event activates a traffic filtering rule which pushes down the incoming aggregate traffic to an acceptable level by discarding excess packets according to the measured relative traffic levels of active sources. Compared to other studies, our method has a structurally stronger base: legitimate traffic to the server is not necessarily hindered because of the attack or the traffic suppression. The method is supported by an analysis and a simulation as well.

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács and L. Buttyán and I. Vajda

http://eprint.iacr.org/ under report number 2004/159., March, 2004.

Bibtex | Abstract

@techreport {
   author = {Gergely Ács and Levente Buttyán and István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   institution = {http://eprint.iacr.org/ under report number 2004/159.},
   month = {March},
   year = {2004}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers, and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols have mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined, and routing protocols for mobile ad hoc networks can be analyzed rigorously. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the usage of our framework by proving that it is secure in our model.

Sending authentic messages from malicious terminals

I. Zs. Berta and B. Bencsáth

Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004.

Bibtex | Abstract

@inproceedings {
   author = {István Zsolt BERTA and Boldizsár Bencsáth},
   title = {Sending authentic messages from malicious terminals},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the user’s messages. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal. This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. In the first part of our lecture, we review various solutions and protocols from literature that can aid the user in an untrusted terminal environment. In the second part of the lecture, we propose a solution, that can be implemented with smart cards that exist today, and does not need the user to perform cryptographic operations. Although the smart card cannot decide if the message came from the user or from a malicious software running on the terminal, but can still aid the user in authenticating the message. This is possible if the user sends a so-called biometric message. A biometric message could be a video or voice message. Such a message is very hard to manipulate, it may even require human interaction. In order to prevent the attack, the smart card should ensure, that the attacker has no possibility, no time to perform such a complicated attack. The smart card can be used as a secure time that can guarantee that the message was sent in a certain time frame. This way, the time the attacker has to manipulate the message can be severely limited so even simple algorithmic authenticators can provide strong security.

The problems and connections of network virus protection and the protection against denial of service attacks

B. Bencsáth

Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth},
   title = {The problems and connections of network virus protection and the protection against denial of service attacks},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Keywords

virus, denial of service attack, e-mail

Abstract

First I will provide some introduction into the problems and solutions in both the network virus protection and the protection against Distributed Denial of Service (DDoS). I will show the usual and most workable methods in the area of virus protection: client-side virus protection, mail server / relay server protection (with the priority of open source tools) (e.g. linux, amavis, mailscanner, clamav, unix virus scanners, „mail gateway” protection software), content-filtering tools (filtering web traffic), extended file access control systems (RSBAC malware scan module). I will also introduce the problem area of DDoS protection: Different types of DDoS attacks (protocol fault („magic packet”), network bandwidth overflow, server resource consumption). I will also show the most usable techniques for the protection (error correction, firewalls, anomaly detection (SYN flood protection etc.), protection based on network analysis) and will provide some data about the recent major attacks (Ebay, SCO, anti-spam rbl providers, zombie networks). After the introduction I will show the possible DDoS problems of the network virus protection: The resource consumption of the virus protection, the possibility of flooding, the dangers of virus reports and e-mail alerts. After defining the problems I’ll show our proposed solutions: A virus protection system combined with the technique of network analysis to protect the system against DoS attacks. The incoming mails will be examined by the network analysis engine and therefore it makes possible to filter out DDoS attacks against the virus protection system. Our proposed solution might be useful against unknown (not detectable) viruses and in the area early epidemic protection. To support our method I’ll show the details of the structure of our pilot implementation.

Towards Provable Security for Ad Hoc Routing Protocols

L. Buttyán and I. Vajda

Proceedings of the 2nd ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2004), ACM, October, 2004.

Bibtex

@inproceedings {
   author = {Levente Buttyán and István VAJDA},
   title = {Towards Provable Security for Ad Hoc Routing Protocols},
   booktitle = {Proceedings of the 2nd ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2004)},
   publisher = {ACM},
   month = {October},
   year = {2004}
}

Abstract

Trap E-mail Address for Combating E-mail Viruses

I. Vajda and B. Bencsáth

Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks, University of Split, October, 2004, pp. 220-224.

Bibtex | PDF

@inproceedings {
   author = {István VAJDA and Boldizsár Bencsáth},
   title = {Trap E-mail Address for Combating E-mail Viruses},
   booktitle = {Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks},
   publisher = {University of Split},
   month = {October},
   year = {2004},
   pages = {220-224}
}

Abstract

Why are not digital signatures spreading as quickly as it was expected?

I. Zs. Berta

MBA dissertation, Buckinghamshire Chilterns University College, Buckinghamshire Business School, Számalk Open Business School, 2004.

Bibtex | PDF

@mastersthesis {
   author = {István Zsolt BERTA},
   title = {Why are not digital signatures spreading as quickly as it was expected?},
   school = {MBA dissertation, Buckinghamshire Chilterns University College, Buckinghamshire Business School, Számalk Open Business School},
   year = {2004}
}

Abstract

2003

A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks

N. B. Salem and L. Buttyán and J. P. Hubaux and M. Jakobsson

4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003), June, 2003.

Bibtex | Abstract

@inproceedings {
   author = {N. Ben Salem and Levente Buttyán and and Markus Jakobsson},
   title = {A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks},
   booktitle = {4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003)},
   month = {June},
   year = {2003}
}

Abstract

In multi-hop cellular networks, data packets have to be relayed hop by hop from a given mobile station to a base station and vice-versa. This means that the mobile stations must accept to forward information for the benefit of other stations. In this paper, we propose an incentive mechanism that is based on a charging/rewarding scheme and that makes collaboration rational for selfish nodes. We base our solution on symmetric cryptography to cope with the limited resources of the mobile stations. We provide a set of protocols and study their robustness with respect to various attacks. By leveraging on the relative stability of the routes, our solution leads to a very moderate overhead.

A game based analysis of the client puzzle approach to defend against DoS attacks

B. Bencsáth and L. Buttyán and I. Vajda

Proceedings of SoftCOM 2003 11. International conference on software, telecommunications and computer networks, Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split, 2003, pp. 763-767.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth and Levente Buttyán and István VAJDA},
   title = {A game based analysis of the client puzzle approach to defend against DoS attacks},
   booktitle = {Proceedings of SoftCOM 2003 11. International conference on software, telecommunications and computer networks},
   publisher = {Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split},
   year = {2003},
   pages = {763-767}
}

Abstract

DoS attacks are aimed at the loss of or the reduction in availability, which is one of the most important general security requirements in computer networks. A promising approach proposed to alleviate the problem of DoS attacks is to use client puzzles. In this paper, we study this approach using the apparatus of game theory. In our analysis, we derive the optimal strategy for the attacked server (e.g., a web server on the Internet) in all conceivable cases. We also present two new client puzzles as examples.

A Micropayment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks

M. Jakobsson and J. P. Hubaux and L. Buttyán

Proceedings of Financial Crypto 2003, La Guadeloupe, January, 2003.

Bibtex | Abstract

@inproceedings {
   author = {Markus Jakobsson and and Levente Buttyán},
   title = {A Micropayment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks},
   booktitle = {Proceedings of Financial Crypto 2003},
   address = {La Guadeloupe},
   month = {January},
   year = {2003}
}

Abstract

We propose a micro-payment scheme for multi-hop cellular networks that encourages collaboration in packet forwarding by letting users benefit from relaying others` packets. At the same time as proposing mechanisms for detecting and rewarding collaboration, we introduce appropriate mechanisms for detecting and punishing various forms of abuse. We show that the resulting scheme -- which is exceptionally light-weight -- makes collaboration rational and cheating undesirable.

Documents from Malicious Terminals

I. Zs. Berta and I. Vajda

SPIE's Microtechnologies for the New Millenium 2003, Bioengineered and Bioinspired Systems, Grand Canaria, Spain, 2003.

Bibtex | Abstract | PDF

@misc {
   author = {István Zsolt BERTA and István VAJDA},
   title = {Documents from Malicious Terminals},
   howpublished = {SPIE's Microtechnologies for the New Millenium 2003, Bioengineered and Bioinspired Systems, Grand Canaria, Spain},
   year = {2003}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed for communication. Cryptographic algorithms running on the terminal may provide authent icity for the user's messages.

In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal a potential attacker.

Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. However, the ir lack of user interface enables man-in-the middle attack from the terminal.

The authors assume, that user is a human being with limited memory and computational power, and also makes mis takes in his calculations. They demnostrate, that only exceptional useres are able to authenticate messages without a trusted device.

Several biometric media encapsulate the content of the message and the identity of the sender, such as speech, video and handwriting. The authors suggest, that such media is far more difficult to counterfeit than plaintext. Thus, the user must rely on his other resources, like biometric ones.

In the protocol proposed by the authors, the user sends messages in a biometric format, strengthened by simple algorithmic authenticators. The smart card functions as a secure time gate ensuring, that the attacker has extremely little time to counterfeit both the biometric and the algorithmic protection on the message.

The authors claim, that with the proper calibration of the biometric method and the time gate of the smart card, their protocol is strong enough for practical use.

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case

M. Felegyhazi and L. Buttyán and J. P. Hubaux

8th International Conference on Personal Wireless Communications (PWC 2003), September, 2003.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Mark Felegyhazi and Levente Buttyán and },
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case},
   booktitle = {8th International Conference on Personal Wireless Communications (PWC 2003)},
   month = {September},
   year = {2003}
}

Abstract

In multi-hop wireless networks, every node is expected to forward packets for the benefit of other nodes. Yet, if each node is its own authority, then it may selfishly deny packet forwarding in order to save its own resources. Some researchers have proposed to introduce an incentive mechanism in the network that motivates the nodes to cooperate. In this paper, we address the question of whether such an incentive mechanism is necessary or cooperation between the nodes exists in the absence of it. We define a model in a game theoretic framework and identify the conditions under which cooperative strategies can form an equilibrium. As the problem is somewhat involved, we deliberately restrict ourselves to a static configuration.

From Fault-Tolerance to Security and Back

F. Gaertner and L. Buttyán and K. Kursawe

IEEE Distributed Systems Online, vol. 4, no. 9, 2003.

Bibtex

@article {
   author = {Felix Gaertner and Levente Buttyán and Klaus Kursawe},
   title = {From Fault-Tolerance to Security and Back},
   journal = { IEEE Distributed Systems Online},
   volume = {4},
   number = {9},
   year = {2003}
}

Abstract

Hardware and Software Security I

I. Zs. Berta and I. Berta

Elektrotechnika, vol. 2003/10, 2003, pp. 4.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA and István Berta},
   title = {Hardware and Software Security I},
   journal = {Elektrotechnika},
   volume = {2003/10},
   year = {2003},
   pages = {4}
}

Abstract

Hardware and Software Security II

I. Zs. Berta and I. Berta

Elektrotechnika, vol. 2003/11, 2003, pp. 4.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA and István Berta},
   title = {Hardware and Software Security II},
   journal = {Elektrotechnika},
   volume = {2003/11},
   year = {2003},
   pages = {4}
}

Abstract

Lightweight Authentication Protocols for Low-Cost RFID Tags

I. Vajda and L. Buttyán

2nd Workshop on Security in Ubiquitous Computing, in conjunction with Ubicomp 2003, October, 2003.

Bibtex | Abstract

@inproceedings {
   author = {István VAJDA and Levente Buttyán},
   title = {Lightweight Authentication Protocols for Low-Cost RFID Tags},
   booktitle = {2nd Workshop on Security in Ubiquitous Computing, in conjunction with Ubicomp 2003},
   month = {October},
   year = {2003}
}

Abstract

Providing security in low-cost RFID tags is a challenging task because tags are highly resource constrained and cannot support strong cryptography. Special lightweight algorithms and protocols need to be designed that take into account the limitations of the tags. In this paper, we propose a set of extremely lightweight tag authentication protocols. We also provide an analysis of the proposed protocols.

Limitations of users when using malicious terminals

I. Vajda and I. Zs. Berta

Third Central European Conference on Cryptography (Tatracrypt'03), 2003.

Bibtex

@misc {
   author = {István VAJDA and István Zsolt BERTA},
   title = {Limitations of users when using malicious terminals},
   howpublished = {Third Central European Conference on Cryptography (Tatracrypt'03)},
   year = {2003}
}

Abstract

Mobility Helps Security in Ad Hoc Networks

S. Capkun and J. P. Hubaux and L. Buttyán

4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003), June, 2003.

Bibtex | Abstract

@inproceedings {
   author = { and and Levente Buttyán},
   title = {Mobility Helps Security in Ad Hoc Networks},
   booktitle = {4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003)},
   month = {June},
   year = {2003}
}

Abstract

Contrary to the common belief that mobility makes security more difficult to achieve, we show that node mobility can, in fact, be useful to provide security in ad hoc networks. We propose a technique in which security associations between nodes are established, when they are in the vicinity of each other, by exchanging appropriate cryptographic material. We show that this technique is generic, by explaining its application to fully self-organized ad hoc networks and to ad hoc networks placed under an (off-line) authority. We also propose an extension of this basic mechanism, in which a security association can be established with the help of a “friend”. We show that our mechanism can work in any network configuration and that the time necessary to set up the security associations is strongly influenced by several factors, including the size of the deployment area, the mobility patterns, and the number of friends; we provide a detailed investigation of this influence.

Report on a Working Session on Security in Wireless Ad Hoc Networks

L. Buttyán and J. P. Hubaux

ACM Mobile Computing and Communications Review (MC2R), vol. 7, no. 1, March, 2003.

Bibtex | PDF

@article {
   author = {Levente Buttyán and },
   title = {Report on a Working Session on Security in Wireless Ad Hoc Networks},
   journal = {ACM Mobile Computing and Communications Review (MC2R)},
   volume = {7},
   number = {1},
   month = {March},
   year = {2003}
}

Keywords

ad hoc networks, security, authentication, routing, intrusion detection, cooperation

Abstract

SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks

S. Capkun and L. Buttyán and J. P. Hubaux

Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003), ACM, October, 2003.

Bibtex | Abstract

@inproceedings {
   author = { and Levente Buttyán and },
   title = {SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks},
   booktitle = {Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003)},
   publisher = {ACM},
   month = {October},
   year = {2003}
}

Keywords

ad hoc networks, security, hash chains, hash trees, secure routing, wormhole detection, topology control

Abstract

In this paper we present SECTOR, a set of mechanisms for the secure verification of the time of encounters between nodes in multi-hop wireless networks. This information can be used notably to prevent wormhole attacks (without requiring any clock synchronization), to secure routing protocols based on last encounters (with only loose clock synchronization), and to control the topology of the network. SECTOR is based primarily on distance-bounding techniques, on one-way hash chains and on Merkle hash trees. We analyze the communication, computation and storage complexity of the proposed mechanisms and we show that, due to their ef- ficiency and simplicity, they are compliant with the limited resources of most mobile devices.

Self-Organized Public-Key Management for Mobile Ad Hoc Networks

S. Capkun and L. Buttyán and J. P. Hubaux

IEEE Transactions on Mobile Computing, vol. 2, no. 1, January-March, 2003.

Bibtex | Abstract

@article {
   author = { and Levente Buttyán and },
   title = {Self-Organized Public-Key Management for Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {2},
   number = {1},
   month = {January-March},
   year = {2003}
}

Keywords

ad hoc networks, security, key management, PGP

Abstract

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and to node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories are not well-suited for securing ad hoc networks. In this paper, we propose a fully self-organized public-key management system that allows users to generate their publicprivate key pairs, to issue certificates, and to perform authentication regardless of the network partitions and without any centralized services. Furthermore, our approach does not require any trusted authority, not even in the system initialization phase.

Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks

L. Buttyán and J. P. Hubaux

ACM/Kluwer Mobile Networks and Applications, vol. 8, no. 5, October, 2003.

Bibtex | PDF

@article {
   author = {Levente Buttyán and },
   title = {Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks},
   journal = {ACM/Kluwer Mobile Networks and Applications},
   volume = {8},
   number = {5},
   month = {October},
   year = {2003}
}

Abstract

2002

A Formal Analysis of Syverson`s Rational Exchange Protocol

L. Buttyán and S. Capkun and J. P. Hubaux

Proceedings of IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June, 2002.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and and },
   title = {A Formal Analysis of Syverson`s Rational Exchange Protocol},
   booktitle = {Proceedings of IEEE Computer Security Foundations Workshop},
   address = {Cape Breton, Nova Scotia, Canada},
   month = {June},
   year = {2002}
}

Keywords

rational exchange, game theory, Nash equilibrium

Abstract

In this paper, we provide a formal analysis of a rational exchange protocol proposed by Syverson. A rational exchange protocol guarantees that misbehavior cannot generate benefits, and is therefore discouraged. The analysis is performed using our formal model, which is based on game theory. In this model, rational exchange is defined in terms of a Nash equilibrium.

A game theoretical approach to optimizing of protection against DoS attacks

B. Bencsáth and I. Vajda

presented on the Second Central European Conference on Cryptography (Hajducrypt), Július, 2002, (no proceedings).

Bibtex

@misc {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {A game theoretical approach to optimizing of protection against DoS attacks},
   howpublished = {presented on the Second Central European Conference on Cryptography (Hajducrypt)},
   month = {Július},
   year = {2002},
   note = {(no proceedings)}
}

Abstract

CVE-2002-0399

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399, 2002.

Bibtex | Abstract

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-2002-0399},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399},
   year = {2002}
}

Abstract

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

Eliminating Man-in-the-Middle attacks of Malicious Terminals

L. Buttyán and I. Zs. Berta and I. Vajda

Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest, 2002.

Bibtex | Abstract

@misc {
   author = {Levente Buttyán and István Zsolt BERTA and István VAJDA},
   title = {Eliminating Man-in-the-Middle attacks of Malicious Terminals},
   howpublished = {Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest},
   year = {2002}
}

Abstract

Communication with a remote partner is considered over an insecure network, where the user can gain access only to a terminal, which cannot be trusted: an attacker is assumed to be able to fully control the terminal, so the user must consider the terminal as a potential attacker. Surprisingly many terminals belong to this class.

Assuming such an environment the problem of sending authentic messages is considered. Various cryptographic algorithms exist for algorithmic protection, however to run such highly complex algorithms, the user must rely on the computational power of an insecure terminal. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic power, their lack of user interface (i.e. lack of direct access to its input/output channels) enables man-in-the middle attack from the terminal. Therefore involving a smart card cannot eliminate the basic problem, because any protocol between the user and the smart card would rely - once again - on the insecure terminal. It might seem obvious that the user should give all security goals up as hopeless.

We have come to the conclusion that the user is unable to send authentic messages to the card, so in case of untrusted terminals the signature of the card does not prove that the message originates from the user. This is why the authenticity of plaintext messages from insecure terminals cannot be guaranteed.

However the user as a human being has additional resources that can be exploited to increase the security level of the system. The user is an excellent 'biometric device'. Biometric data (e.g. speech, video, handwriting) carry the information content (plaintext) together with the identity of the sender, which is far more difficult to counterfeit than plaintext content. Moreover the human user has limited but trusted algorithmic capabilities too, having some secure memory and computational power.

Apart from encapsulating the identity of the user and the content of the message, biometric messages (or multimedia messages) also have structure. If the structure is violated, the message has obviously been tampered with.

The manipulation of biometric messages requires considerably more time and resources than that of plaintext ones. If the chosen biometric method is properly calibrated, the attacker may not only need massive computational power, but human interaction or biometric laboratories could be required to successfully counterfeit a biometric message. Thus, not only a large percentage of attackers have been excluded, but even the most advanced ones may require significantly more time to create a counterfeited biometric message than a plaintext one.

A protocol has been developed in our laboratory that combines the biometric powers of the user and cryptographic powers of the smart card to dramatically limit the time the attacker has to manipulate a message. In this case, the smart card acts as a secure time gate. The protocol verifies that only a small amount of time has passed between the recording of the biometric message and card signing it. Naturally, after the message passes through the smart card, attackers have no chance to manipulate.

The protocol also uses the smart card to securely introduce the user to the remote partner, so the latter would already be familiar with the biometric features of the user. Thus, the smart card not only ensures authenticity, but also enables communication without having to exchange biometric identities in advance.

Having investigated the problem of secure communication via insecure terminals, we propose a solution that enables the everyday user to send authentic messages. Combined usage of biometry and smart cards can increase security to a level suitable for several practical applications.

Empiric examination of random number generators of smart cards

B. Bencsáth and I. Zs. Berta

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, BME, 2002.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth and István Zsolt BERTA},
   title = {Empiric examination of random number generators of smart cards},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {BME},
   year = {2002}
}

Abstract

Evaluating Elliptic Curve Cryptography on PC and Smart Card

I. Zs. Berta and Z. Á. Mann

Periodica Polytechnica, Electrical Engineering, vol. 46/1-2, 2002, pp. 47-75.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Evaluating Elliptic Curve Cryptography on PC and Smart Card},
   journal = {Periodica Polytechnica, Electrical Engineering},
   volume = {46/1-2},
   year = {2002},
   pages = {47-75}
}

Abstract

Extraction of random bits for cryptographic purposes

I. Vajda

Tatra Mountains Mathematical Publications, vol. 25, 2002, pp. 91-107.

Bibtex

@article {
   author = {István VAJDA},
   title = {Extraction of random bits for cryptographic purposes},
   journal = {Tatra Mountains Mathematical Publications},
   volume = {25},
   year = {2002},
   pages = {91-107}
}

Abstract

Formal Verification of JavaCard Application Security Properties

I. Verók

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, Budapest University of Technology and Economics, 2002.

Bibtex | PDF

@inproceedings {
   author = {István VERÓK},
   title = {Formal Verification of JavaCard Application Security Properties},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {Budapest University of Technology and Economics},
   year = {2002}
}

Abstract

Hardware and Software Security

I. Zs. Berta and I. Berta

Magyar Elektrotechnikai Egyesület XLIX. vándorgyülés, Sopron, 2002.

Bibtex

@misc {
   author = {István Zsolt BERTA and István Berta},
   title = {Hardware and Software Security},
   howpublished = {Magyar Elektrotechnikai Egyesület XLIX. vándorgyülés, Sopron},
   year = {2002}
}

Abstract

Message Authentication using Smart Card and Biometry

I. Zs. Berta and I. Vajda

Second Central European Conference on Cryptography (HajduCrypt) 2002, Debrecen, Hungary, 2002.

Bibtex | Abstract

@misc {
   author = {István Zsolt BERTA and István VAJDA},
   title = {Message Authentication using Smart Card and Biometry},
   howpublished = {Second Central European Conference on Cryptography (HajduCrypt) 2002, Debrecen, Hungary},
   year = {2002}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the users messages.

In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker.

Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal.

This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. The authors show various algorithms from literature and history that do solve the problem of authentic messaging from untrusted terminals. Unfortunately, most of these are impractical for commercial use.

The authors highlight that while the human being is a very poor computer, it is an excellent biometric device. Several biometric media encapsulate the content of the message and the identity of the sender, such as speech, video and handwriting. The authors suggest, that such media is far more difficult to counterfeit than plaintext. The authors analyze this additional protection provided by biometry.

In the protocol proposed by the authors, the user sends messages in a biometric format, and strengthens biometry with simple algorithmic authenticators. The smart card functions in this protocol as a secure time gate ensuring, that the attacker has extremely little time to counterfeit both the biometric and the algorithmic protection on the message.

The authors claim, that with the proper calibration of the biometric method and the time gate of the smart card, their protocol is strong enough for practical use.

Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph

L. Buttyán and S. Capkun and J. P. Hubaux

Proceedings of The ACM New Security Paradigms Workshop 2002, Norfolk, Virginia Beach, USA, September, 2002, pp. 8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and and },
   title = {Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph},
   booktitle = {Proceedings of The ACM New Security Paradigms Workshop 2002},
   address = {Norfolk, Virginia Beach, USA},
   month = {September},
   year = {2002},
   pages = {8}
}

Keywords

PGP, small worlds, public-key management, self-organization

Abstract

We propose a new approach to securing self-organized mobile ad hoc networks. In this approach, security is achieved in a fully self-organized manner

The problem of sending authentic messages from insecure terminals

I. Zs. Berta

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, BME, 2002.

Bibtex

@inproceedings {
   author = {István Zsolt BERTA},
   title = {The problem of sending authentic messages from insecure terminals},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {BME},
   year = {2002}
}

Abstract

2001

A Mobile Agent Bidirectional One-to-Many Communications Framework

I. Verók

BME, 2001.

Bibtex

@mastersthesis {
   author = {István VERÓK},
   title = {A Mobile Agent Bidirectional One-to-Many Communications Framework},
   school = {BME},
   year = {2001}
}

Abstract

A Payment Scheme for Broadcast Multimedia Streams

N. B. Salem and L. Buttyán

Proceedings of 6th IEEE Symposium on Computers and Communications, Hammamet, Tunisia, July, 2001.

Bibtex | Abstract

@inproceedings {
   author = {N. Ben Salem and Levente Buttyán},
   title = {A Payment Scheme for Broadcast Multimedia Streams},
   booktitle = {Proceedings of 6th IEEE Symposium on Computers and Communications},
   address = {Hammamet, Tunisia},
   month = {July},
   year = {2001}
}

Keywords

electronic payment scheme, micropayment, user privacy, fairness, multimedia

Abstract

Streaming multimedia data on the Internet is developing as a mainstream technology, which attracts many users by providing a new and convenient form of access to online multimedia information. While its strong business potential is obvious, many problems related to charging, copyright protection, and privacy can delay or even hinder its extensive deployment. In this paper, we are concerned with the charging problem, and propose an electronic payment scheme to use for purchasing broadcast multimedia streams. Our design respects the pay-per-use principle, makes cheating uninteresting for both the user and the service provider, resists against forgery and over-spending, protects sensitive payment information and user privacy, and allows the identification of misbehaving users.

Building Blocks for Secure Services: Authenticated Key Transport and Rational Exchange Protocols

L. Buttyán

Swiss Federal Institute of Technology (EPFL), December, 2001.

Bibtex | Abstract | PDF

@phdthesis {
   author = {Levente Buttyán},
   title = {Building Blocks for Secure Services: Authenticated Key Transport and Rational Exchange Protocols},
   school = {Swiss Federal Institute of Technology (EPFL)},
   month = {December},
   year = {2001}
}

Keywords

authentication logic, protocol synthesis, game theory, formal verification, ad hoc networks, cooperation, nuglets

Abstract

This thesis is concerned with two security mechanisms: authenticated key transport and rational exchange protocols. These mechanisms are potential building blocks in the security architecture of a range of different services. Authenticated key transport protocols are used to build secure channels between entities, which protect their communications against eavesdropping and alteration by an outside attacker. In contrast, rational exchange protocols can be used to protect the entities involved in an exchange transaction from each other. This is important, because often the entities do not trust each other, and both fear that the other will gain an advantage by misbehaving. Rational exchange protocols alleviate this problem by ensuring that a misbehaving party cannot gain any advantages. This means that misbehavior becomes uninteresting and it should happen only rarely. The thesis is focused on the construction of formal models for authenticated key transport and rational exchange protocols. In the first part of the thesis, we propose a formal model for key transport protocols, which is based on a logic of belief. Building on this model, we also propose an original systematic protocol construction approach. The main idea is that we reverse some implications that can be derived from the axioms of the logic, and turn them into synthesis rules. The synthesis rules can be used to construct a protocol and to derive a set of assumptions starting from a set of goals. The main advantage is that the resulting protocol is guaranteed to be correct in the sense that all the specified goals can be derived from the protocol and the assumptions using the underlying logic. Another important advantage is that all the assumptions upon which the correctness of the protocol depends are made explicit. The protocol obtained in the synthesis process is an abstract protocol, in which idealized messages that contain logical formulae are sent on channels with various access properties. The abstract protocol can then be implemented in several ways by replacing the idealized messages and the channels with appropriate bit strings and cryptographic primitives, respectively. We illustrate the usage of the logic and the synthesis rules through an example: We analyze an authenticated key transport protocol proposed in the literature, identify several weaknesses, show how these can be exploited by various attacks, and finally, we redesign the protocol using the proposed systematic approach. We obtain a protocol that resists against the presented attacks, and in addition, it is simpler than the original one. In the second part of the thesis, we propose an original formal model for exchange protocols, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game played by the protocol parties and the network that they use to communicate with each other. We give formal definitions for various properties of exchange protocols in this model, including rationality and fairness. Most importantly, rationality is defined in terms of a Nash equilibrium in the protocol game. The model and the formal definitions allow us to rigorously study the relationship between rational exchange and fair exchange, and to prove that fairness implies rationality (given that the protocol satisfies some further usual properties), but the reverse is not true in general. We illustrate how the formal model can be used for rigorous verification of existing protocols by analyzing two exchange protocols, and formally proving that they satisfy the definition of rational exchange. We also present an original application of rational exchange: We show how the concept of rationality can be used to improve a family of micropayment schemes with respect to fairness without substantial loss in efficiency. Finally, in the third part of the thesis, we extend the concept of rational exchange, and describe how similar ideas can be used to stimulate the nodes of a self-organizing ad hoc network for cooperation. More precisely, we propose an original approach to stimulate the nodes for packet forwarding. Like in rational exchange protocols, our design does not guarantee that a node cannot deny packet forwarding, but it ensures that it cannot gain any advantages by doing so. We analyze the proposed solution analytically and by means of simulation.

Cahoots: A Mobile Agent Bidirectional One-to-Many Communications Framework

I. Verók

Budapest University of Technology and Economics, 2001.

Bibtex | PDF

@mastersthesis {
   author = {István VERÓK},
   title = {Cahoots: A Mobile Agent Bidirectional One-to-Many Communications Framework},
   school = {Budapest University of Technology and Economics},
   year = {2001}
}

Abstract

Collecting randomness from the net

B. Bencsáth and I. Vajda

Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security 2001, Kluwer, May, 2001, pp. 105-111.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Collecting randomness from the net},
   booktitle = {Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security 2001},
   publisher = {Kluwer},
   month = {May},
   year = {2001},
   pages = {105-111}
}

Keywords

generation of random values, tests of randomness, good source of random data, private and authentic communication

Abstract

Random data in their work is collected from network time delay measurements and its quality is checked by statistical tests, and a special enhancement, the system of collector-servers is proposed and analyzed

Cryptographic application of programmable smart cards

I. Zs. Berta and Z. Á. Mann

Proceedings of NetWorkshop'2001, 2001.

Bibtex | PDF

@inproceedings {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Cryptographic application of programmable smart cards},
   booktitle = {Proceedings of NetWorkshop'2001},
   year = {2001}
}

Abstract

Efficient Multi-Party Challenge-Response Protocols for Entity Authentication

L. Buttyán and A. Nagy and I. Vajda

Periodica Polytechnica, vol. 45, no. 1, April, 2001, pp. 43-64.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and and István VAJDA},
   title = {Efficient Multi-Party Challenge-Response Protocols for Entity Authentication},
   journal = {Periodica Polytechnica},
   volume = {45},
   number = {1},
   month = {April},
   year = {2001},
   pages = {43-64}
}

Keywords

challenge-response protocols, protocol graph, entity authentication, reflection attack

Abstract

In this paper, we address the problem of multi-party entity authen- tication. We prove that the lower bound on the number of messages of multi-party challenge-response protocols is 2n-1, where n is the num- ber of the participants of the protocol, and propose two protocols that achieve this lower bound. Our protocols are, thus, eÆcient in the sense that they use the minimum number of messages required to solve the multi-party entity authentication problem based on challenge-response principles.

Method for transmitting payment information between a terminal and a third equipment

L. Buttyán and E. Wiedmer and E. Lauper

May, 2001, International Patent Application.

Bibtex

@misc {
   author = {Levente Buttyán and and },
   title = {Method for transmitting payment information between a terminal and a third equipment},
   month = {May},
   year = {2001},
   note = {International Patent Application}
}

Keywords

electronic payment, smart card, authenticated session key establishment

Abstract

Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks

L. Buttyán and J. P. Hubaux

no. DSC/2001/001, EPFL-DI-ICA, January, 2001.

Bibtex | Abstract

@techreport {
   author = {Levente Buttyán and },
   title = {Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks},
   number = {DSC/2001/001},
   institution = {EPFL-DI-ICA},
   month = {January},
   year = {2001}
}

Keywords

mobile ad hoc networks, routing, cooperation, service availability

Abstract

In mobile ad hoc networks, it is usually assumed that all the nodes belong to the same authority

On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez

M. Hegedüs

BME, 2001.

Bibtex

@mastersthesis {
   author = {Márton HEGEDÜS},
   title = {On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez},
   school = {BME},
   year = {2001}
}

Abstract

On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez

M. Perényi

BME, 2001.

Bibtex

@mastersthesis {
   author = {Márton PERÉNYI},
   title = {On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez},
   school = {BME},
   year = {2001}
}

Abstract

Programozható chipkártya biztonsági alkalmazásai

I. Berta

BME, 2001.

Bibtex

@mastersthesis {
   author = {István Berta},
   title = {Programozható chipkártya biztonsági alkalmazásai},
   school = {BME},
   year = {2001}
}

Abstract

Rational Exchange -- A Formal Model Based on Game Theory

L. Buttyán and J. P. Hubaux

Proceedings of 2nd International Workshop on Electronic Commerce (WELCOM 2001), Heidelberg, Germany, November, 2001.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and },
   title = {Rational Exchange -- A Formal Model Based on Game Theory},
   booktitle = {Proceedings of 2nd International Workshop on Electronic Commerce (WELCOM 2001)},
   address = {Heidelberg, Germany},
   month = {November},
   year = {2001}
}

Keywords

electronic commerce, rational exchnage, fair exchange, formal model, game theory

Abstract

We introduce game theory as a formal framework in which exchange protocols can be modeled and their properties can be studied. We use this framework to give a formal definition for rational exchange relating it to the concept of Nash equilibrium in games. In addition, we study the relationship between rational exchange and fair exchange. We prove that fair exchange implies rational exchange, but the reverse is not true. The practical consequence of this is that rational exchange protocols may provide interesting solutions to the exchange problem by representing a trade-off between complexity and what they achieve. They could be particularly useful in mobile e-commerce applications.

Security of programmable smart cards

I. Zs. Berta

Budapest University of Technology and Economics, 2001.

Bibtex | Abstract | PDF

@mastersthesis {
   author = {István Zsolt BERTA},
   title = {Security of programmable smart cards},
   school = {Budapest University of Technology and Economics},
   year = {2001}
}

Abstract

Programmable smart cards are small security-oriented microcomputers. Although they have been present in the market for many years now, their exact area of application is still subject to research.

The author gives a detailed background about these cards in this paper. A card is not only discussed by itself, but together with its environment: the terminal, the network resources and the user.

A brief overview of today's programmable cards is given, but focus is laid on the Java Card specification, which is one of the most popular smart card programming environments. Various features of the Java Card are discussed, especially those in connection with security, the main power of smart cards.

In this paper three applications for programmable smart cards are presented. The first application is an elliptic curve cryptography engine for a Java smart card. In this case the programmable smart card is used as a prototype to test new algorithms in smart card environment.

The second application uses the smart card to store the profile of a user of a heterogeneous system. The card plays an important role in user authentication, but in this system not only the user is authenticated. The smart card also checks the identity of the terminal and protects the user's interests by denying certain information toward the insecure (or possibly malicious) terminal. In this application the programmable smart card is used as a platform for a security oriented software. The algorithm it runs is so complex that implementations other than software are totally out of the question.

The third application is not a pioneer by any means. It does not break into new areas of cryptography for smart cards, and does not explore unknown areas of complex smart card applications either. It is a simple, but very useful program, that gives extra security in SSH challenge and response authentication. The cardlet for this low-resource machine was developed in the Java Card language, and thus it was integrated into the world of high level programming languages.

Self-Organization in Mobile Ad-Hoc Networks: the Approach of Terminodes

L. Blazevic and L. Buttyán and S. Capkun and S. Giordano and J. P. Hubaux and J. Y. Le Boudec

IEEE Communications Magazine, vol. 39, no. 6, June, 2001.

Bibtex | Abstract

@article {
   author = { and Levente Buttyán and and and and },
   title = {Self-Organization in Mobile Ad-Hoc Networks: the Approach of Terminodes},
   journal = {IEEE Communications Magazine},
   volume = {39},
   number = {6},
   month = {June},
   year = {2001}
}

Keywords

self-organized network, MANET,self-organized routing, GPS-free positioning, incentive to cooperation, security

Abstract

The Terminodes project is designing a wide area, mobile ad-hoc network, which is meant to be used in a public environment, in our approach, the network is run by users themselves. We give a global description of the building blocks used by the basic operation of the network, they all rely on various concepts of self-organization. Routing uses a combination of geography-based information and local, MANET-like protocols. Terminode positioning is obtained either by GPS, or by a relative positioning method. Mobility management uses self-organized virtual regions. Terminodes employ a form of virtual money called ``nuglets

Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks

L. Buttyán and J. P. Hubaux

no. DSC/2001/046, EPFL-DI-ICA, August, 2001.

Bibtex | Abstract

@techreport {
   author = {Levente Buttyán and },
   title = {Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks},
   number = {DSC/2001/046},
   institution = {EPFL-DI-ICA},
   month = {August},
   year = {2001}
}

Keywords

terminodes

Abstract

In military and rescue applications of mobile ad hoc net tworks, all the nodes belong to the same authority; therefore, they are motivated to cooperate in order to support the basic functions of the network. In this paper, we consider the case when each node is its own authority and tries to maximize the benefits it gets from the network. More precisely, we assume that the nodes are not willing to forward packets for the benefit of other nodes. This problem may arise in civilian applications of mobile ad hoc networks. In order to stimulate the nodes for packet forwarding,we propose a simple mechanism based on a counter in each node. We study the behavior of the proposed mechanism analytically and by means of simulations, and detail the way in which it could be protected against misuse.

The Quest for Security in Mobile Ad Hoc Networks

J. P. Hubaux and L. Buttyán and S. Capkun

Proceedings of ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC), Long Beach, CA, USA, October, 2001.

Bibtex | Abstract

@inproceedings {
   author = { and Levente Buttyán and },
   title = {The Quest for Security in Mobile Ad Hoc Networks},
   booktitle = {Proceedings of ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC)},
   address = {Long Beach, CA, USA},
   month = {October},
   year = {2001}
}

Keywords

security, public-key infrastructure, PKI, self-organization, mobile ad hoc networking

Abstract

So far, research on mobile ad hoc networks has been focused primarily on routing issues. Security, on the other hand, has been given a lower priority. This paper provides an overview of security problems for mobile ad hoc networks, distinguishing the threats on basic mechanisms and on security mechanisms. It then describes our solution to protect the security mechanisms. The original features of this solution include that (i) it is fully decentralized and (ii) all nodes are assigned equivalent roles.

2000

A Decentralized Marketplace Composed of Mobile Intelligent Agents

I. Verók

Scientific student circles (TDK), 2000.

Bibtex | PDF

@misc {
   author = {István VERÓK},
   title = {A Decentralized Marketplace Composed of Mobile Intelligent Agents},
   howpublished = {Scientific student circles (TDK)},
   year = {2000}
}

Abstract

A Pessimistic Approach to Trust in Mobile Agent Platforms

U. Wilhelm and S. Staamann and L. Buttyán

IEEE Internet Computing, vol. 4, no. 5, September, 2000, pp. 40-48.

Bibtex | PDF

@article {
   author = { and and Levente Buttyán},
   title = {A Pessimistic Approach to Trust in Mobile Agent Platforms},
   journal = {IEEE Internet Computing},
   volume = {4},
   number = {5},
   month = {September},
   year = {2000},
   pages = {40-48}
}

Keywords

mobile agents, trust, tamper resistant hardware

Abstract

Analysis of public key cryptography based on elliptic curves in smart card and PC environment

I. Zs. Berta and Z. Á. Mann

Scientific student circles (TDK) 2000, Budapest University of Technology and Economics, 2000.

Bibtex

@misc {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Analysis of public key cryptography based on elliptic curves in smart card and PC environment},
   howpublished = {Scientific student circles (TDK) 2000, Budapest University of Technology and Economics},
   year = {2000}
}

Abstract

Biztonságos anonim hálózati kommunikációs rendszer

S. Tihanyi

BME, 2000.

Bibtex

@mastersthesis {
   author = {Sándor TIHANYI},
   title = {Biztonságos anonim hálózati kommunikációs rendszer},
   school = {BME},
   year = {2000}
}

Abstract

Design and Analysis of a Bluetooth Network Optimization Algorithm

Students' Scientific Conference, TU Budapest, October, 2000, in Hungarian.

Bibtex | Abstract | PDF

@misc {
   author = {},
   title = {Design and Analysis of a Bluetooth Network Optimization Algorithm},
   howpublished = {Students' Scientific Conference, TU Budapest},
   month = {October},
   year = {2000},
   note = {in Hungarian}
}

Abstract

A Bluetooth hálózat optimalizálására egy forgalommérések alapján müködõ algoritmust terveztünk. Ezzel olyan problémára nyújtottunk megoldást, amelyhez az irodalomban eddig nem volt ismert megoldás. Az algoritmus egyszerü szabályok segítségével - kapcsolat felépítése és bontása illetve master-slave szerepcsere - lokális információk alapján egy elõnyösebb hálózati topológiát hoz létre. Az algoritmus megvalósítására protokollt terveztünk, amely tulajdonságait szimulációs környezetben vizsgáltuk. A Bluetooth technológia vizsgálatára egy ad hoc modult alkottunk meg a PLASMA hálózat szimulátorban. A szimuláció során megmutattuk, hogy a paraméterek beállításától függõen az algoritmus alkalmazkodik a forgalmi viszonyok változásához.

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán and J. P. Hubaux

Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC), Boston, MA, USA, August, 2000.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   booktitle = {Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC)},
   address = {Boston, MA, USA},
   month = {August},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode nuggets, beans

Abstract

In this paper, we address the problem of service availability in mobile ad-hoc WANs. We present a secure mechanism to stimulate end users to keep their devices turned on, to refrain from overloading the network, and to thwart tampering aimed at converting the device into a ``selfish`` one. Our solution is based on the application of a tamper resistant security module in each device and cryptographic protection of messages.

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán and J. P. Hubaux

no. DSC/2000/025, EPFL-DI-ICA, May, 2000.

Bibtex | Abstract | PDF

@techreport {
   author = {Levente Buttyán and },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   number = {DSC/2000/025},
   institution = {EPFL-DI-ICA},
   month = {May},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode beans

Abstract

In this paper, we address the problem of service availability in mobile ad-hoc WANs. We present a secure mechanism to stimulate end users to keep their devices turned on, to refrain from overloading the network, and to thwart tampering aimed at converting the device into a ``selfish`` one. Our solution is based on the application of a tamper resistant security module in each device and cryptographic protection of messages.

Exact decoding error probability for slow frequency hopping

L. Györfi and Á. Jordán and I. Vajda

European Transactions on Telecommunication, vol. 11, no. 2, March/April, 2000, pp. 183-190.

Bibtex

@article {
   author = { and and István VAJDA},
   title = {Exact decoding error probability for slow frequency hopping},
   journal = {European Transactions on Telecommunication},
   volume = {11},
   number = {2},
   month = {March/April},
   year = {2000},
   pages = {183-190}
}

Abstract

Extensions to an Authentication Technique Proposed for the Global Mobility Network

L. Buttyán and C. Gbaguidi and S. Staamann and U. Wilhelm

IEEE Transactions on Communications, vol. 48, no. 3, March, 2000.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and and and },
   title = {Extensions to an Authentication Technique Proposed for the Global Mobility Network},
   journal = {IEEE Transactions on Communications},
   volume = {48},
   number = {3},
   month = {March},
   year = {2000}
}

Keywords

authentication protocol, global mobility network

Abstract

We present three attacks against the authentication protocol that has been proposed for the so called global mobility network in \cite{kn:Suz97}. We show that the attacks are feasible and propose corrections that make the protocol more robust and resistant against the presented attacks. Our aim is to highlight some basic design principles for cryptographic protocols, the adherence to which would have prevented these attacks.

Handover Analysis in a Wireless Mobile IP Network

12. Távközlési és Informatikai Hálózatok Szeminárium és Kiállítás, Sopron, Hungary, October 4-6, 2000, in Hungarian.

Bibtex | Abstract | PDF

@conference {
   author = {},
   title = {Handover Analysis in a Wireless Mobile IP Network},
   booktitle = {12. Távközlési és Informatikai Hálózatok Szeminárium és Kiállítás},
   address = {Sopron, Hungary},
   month = {October 4-6},
   year = {2000},
   note = {in Hungarian}
}

Abstract

Cikkünkben egy vezeték nélküli Mobile IP hálózaton mértük a bázisállomás-váltások hatását az alkalmazásokra. Elsösorban arra voltunk kiváncsiak, hogy a mobil számítógép mozgása milyen hatással van a folyamatban levö TCP adatkapcsolatokra. Ennek megállapításához egy kísérleti hálózatban periódikusan mozgatott számítógép adatkapcsolatait figyeltük meg, illetve mértük az elérhetö átviteli sebességet. Három különbözö algoritmust vizsgáltunk, melyek a bázisállomás-váltás döntési szakaszának idejét befolyásolják. Az idözítéses, a mohó és a felszólító algoritmusok egyaránt a bázisállomások által periódikusan kibocsátott beacon üzeneteket használják fel, de különböznek egymástól abban, hogy a mobil számítógép mikor dönt a bázisállomás-váltásról. Méréseinkkel kimutattuk, hogy az alkalmazásokra gyakorolt zavaró hatás az idözítéses algoritmus esetén a legnagyobb, és a felszólító algoritmus esetén a legkisebb. Ezt az eredményt a gyakorlatban a megfelelö algoritmus kiválasztásakor figyelembe kell venni. Megfigyeltük továbbá, hogy a leggyorsabb algoritmus használata esetén már a mobilitást kezelö programok belsö késleltetése is számottevö. Ez az észrevételünk felhívja a figyelmet ezen programok optimalizálásának fontosságára.

Home-made methods for enhancing network security (in Hungarian)

B. Bencsáth and S. Tihanyi

Magyar Távközlés, vol. X, no. 4, 2000, pp. 22-27..

Bibtex | PDF

@article {
   author = {Boldizsár Bencsáth and Sándor TIHANYI},
   title = {Home-made methods for enhancing network security (in Hungarian)},
   journal = {Magyar Távközlés},
   volume = {X},
   number = {4},
   year = {2000},
   pages = {22-27.}
}

Abstract

Információ- és kódelmélet

L. Györfi and S. Gyõri and I. Vajda

Typotex Kiadó, 2000, 376 p..

Bibtex

@book {
   author = { and Sándor GYÕRI and István VAJDA},
   title = {Információ- és kódelmélet},
   publisher = {Typotex Kiadó},
   year = {2000},
   note = {376 p.}
}

Abstract

Intelligens ügynök az elektronikus kereskedelemban

B. Korossy Khayll

BME, 2000.

Bibtex

@mastersthesis {
   author = {Balázs KOROSSY KHAYLL},
   title = {Intelligens ügynök az elektronikus kereskedelemban},
   school = {BME},
   year = {2000}
}

Abstract

Method for securing communications between a terminal and an additional user equipment

L. Buttyán and E. Wiedmer and E. Lauper

September, 2000, International Patent Application.

Bibtex

@misc {
   author = {Levente Buttyán and and },
   title = {Method for securing communications between a terminal and an additional user equipment},
   month = {September},
   year = {2000},
   note = {International Patent Application}
}

Keywords

authenticated session key establishment, user authentication, smart card

Abstract

Nyilvános kulcsú kriptográfiai megoldás elektronikus banki szolgáltatásra

T. Németh

BME, 2000.

Bibtex

@mastersthesis {
   author = {Tibor NÉMETH},
   title = {Nyilvános kulcsú kriptográfiai megoldás elektronikus banki szolgáltatásra},
   school = {BME},
   year = {2000}
}

Abstract

Programmable smart cards and their security

I. Zs. Berta and Z. Á. Mann

Magyar Távközlés, 4, 2000.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Programmable smart cards and their security},
   journal = {Magyar Távközlés},
   month = {4},
   year = {2000}
}

Abstract

Removing the financial incentive to cheat in micropayment schemes

L. Buttyán

IEE Electronics Letters, vol. 36, no. 2, January, 2000, pp. 132-133.

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán},
   title = {Removing the financial incentive to cheat in micropayment schemes},
   journal = {IEE Electronics Letters},
   volume = {36},
   number = {2},
   month = {January},
   year = {2000},
   pages = {132-133}
}

Keywords

fairness, micropayment,

Abstract

Micropayment schemes usually do not provide fairness, which means that either the payer or the payee, or both, can cheat the other and gain a financial advantage by misbehaving in the protocols. We propose an extension to a family of micropayment schemes that removes the financial incentive to cheat. Our extension does not provide true fairness, but it makes misbehaving practically futile for both the payer and the payee. We achieve this without any substantial loss in efficiency, in most practical cases.

Simple, free encrypted tunnels using linux

B. Bencsáth

Presented on Networkshop 2000, Gödöllõ, Hungary, 2000, http://nws.iif.hu/NwScd/docs/nevjegy/nj74.htm.

Bibtex

@misc {
   author = {Boldizsár Bencsáth},
   title = {Simple, free encrypted tunnels using linux},
   howpublished = { Presented on Networkshop 2000, Gödöllõ, Hungary},
   year = {2000},
   note = {http://nws.iif.hu/NwScd/docs/nevjegy/nj74.htm}
}

Abstract

Smart Card technológiát alkalmazó Internetes fizetési rendszer

BME, 2000.

Bibtex

@mastersthesis {
   author = {},
   title = {Smart Card technológiát alkalmazó Internetes fizetési rendszer},
   school = {BME},
   year = {2000}
}

Abstract

Smart Cards - Present and Future

I. Zs. Berta and Z. Á. Mann

Híradástechnika, Journal on C5, 12, 2000.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Smart Cards - Present and Future},
   journal = {Híradástechnika, Journal on C5},
   month = {12},
   year = {2000}
}

Abstract

Tanulmány a napvilágra került Elender jelszavakról

I. Vajda and B. Bencsáth and A. Bognár

Apr., 2000.

Bibtex | Abstract

@techreport {
   author = {István VAJDA and Boldizsár Bencsáth and Attila BOGNÁR},
   title = {Tanulmány a napvilágra került Elender jelszavakról},
   month = {Apr.},
   year = {2000}
}

Abstract

http://ebizlab.hit.bme.hu/pub/lrpasswd.html

Toward Mobile Ad-Hoc WANs: Terminodes

J. P. Hubaux and J. Y. Le Boudec and S. Giordano and M. Hamdi and L. Blazevic and L. Buttyán and M. Vojnovic

no. DSC/2000/006, EPFL-DI-ICA, February, 2000.

Bibtex | Abstract | PDF

@techreport {
   author = { and and and and and Levente Buttyán and },
   title = {Toward Mobile Ad-Hoc WANs: Terminodes},
   number = {DSC/2000/006},
   institution = {EPFL-DI-ICA},
   month = {February},
   year = {2000}
}

Keywords

wireless mobile ad-hoc network, wide area network, terminodes, mobility management, virtual home region, geodesic packet forwarding, beans, security

Abstract

Terminodes are personal devices that provide the functions of both the terminals and the nodes of the network. A network of terminodes is an autonomous, fully self-organized, wireless network, independent of any infrastructure. It must be able to scale up to millions of units, without any fixed backbone nor server. In this paper we present the main challenges and discuss the main technical directions.

Traffic Dependent Bluetooth Scatternet Optimization Procedure

M. Felegyhazi and Gy. Miklós

US patent, May, 2000, Nr: 09/666529.

Bibtex

@misc {
   author = {Mark Felegyhazi and György Miklós},
   title = {Traffic Dependent Bluetooth Scatternet Optimization Procedure},
   howpublished = {US patent},
   month = {May},
   year = {2000},
   note = {Nr: 09/666529}
}

Abstract

Virtuális magánhálózatok kiépítése és auditálása

B. Bencsáth

BME, 2000.

Bibtex

@mastersthesis {
   author = {Boldizsár Bencsáth},
   title = {Virtuális magánhálózatok kiépítése és auditálása},
   school = {BME},
   year = {2000}
}

Abstract

1999

Accountable Anonymous Access to Services in Mobile Communication Systems

L. Buttyán and J. P. Hubaux

Proceedings of 18th IEEE Symposium on Reliable Distributed Systems, Workshop on Electronic Commerce, Lausanne, Switzerland, October, 1999, pp. 384-389.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and },
   title = {Accountable Anonymous Access to Services in Mobile Communication Systems},
   booktitle = {Proceedings of 18th IEEE Symposium on Reliable Distributed Systems, Workshop on Electronic Commerce},
   address = {Lausanne, Switzerland},
   month = {October},
   year = {1999},
   pages = {384-389}
}

Keywords

electronic commerce, anonymity, accountability, ticket based service access, customer care agency

Abstract

We introduce a model that allows anonymous yet accountable access to services in mobile communication systems. This model is based on the introduction of a new business role, called the customer care agency, and a ticket based mechanism for service access. We introduce the general idea of ticket based service access, and present a categorisation of ticket types and ticket acquisition models. We analyse the role of customer care agencies and emphasise their advantages.

Accountable Anonymous Service Usage in Mobile Communication Systems

L. Buttyán and J. P. Hubaux

no. SSC/99/16, EPFL-DI-ICA, May, 1999.

Bibtex | Abstract

@techreport {
   author = {Levente Buttyán and },
   title = {Accountable Anonymous Service Usage in Mobile Communication Systems},
   number = {SSC/99/16},
   institution = {EPFL-DI-ICA},
   month = {May},
   year = {1999}
}

Keywords

ticket based service access, customer care, mobile computing, anonymity, accountability

Abstract

We introduce a model that allows of anonymous yet accountable service usage in mobile communication systems. This model is based on the introduction of a new business role, called the customer care agency, and a ticket based mechanism for service access. We motivate the introduction of customer care agencies by analyzing their role and emphasizing their advantages. We introduce the general idea of ticket based service access, present a categorization of ticket types and ticket acquisition models, and identify some possible attacks against ticket based systems. We illustrate how agencies and tickets work together by presenting a ticket based protocol between users, customer care agencies, and service providers. The protocol achieves authentication of the service provider to the user, establishment of a shared session key between the user and the service provider, and correct and undeniable charging. In addition, it provides revokable anonymity for users, which means that the identity of misbehaving users can be revealed.

An Experimental Analysis of Mobile IP in a Wireless Environment

V. Tímár and Cs. Szabó and M. Felegyhazi

Students' Scientific Conference, TU Budapest, October, 1999, in Hungarian.

Bibtex | Abstract | PDF

@misc {
   author = {Veronika Tímár and Csanád Szabó and Mark Felegyhazi},
   title = {An Experimental Analysis of Mobile IP in a Wireless Environment},
   howpublished = {Students' Scientific Conference, TU Budapest},
   month = {October},
   year = {1999},
   note = {in Hungarian}
}

Abstract

Dolgozatunkban egy vezeték nélküli hálózaton mértük a Mobile IP szabvány egyes teljesítményjellemzõit. Elsõsorban arra voltunk kiváncsiak, hogy a handoverek milyen hatással vannak a TCP-t használó alkalmazásokra. Az eredményekbõl azt a következtetést vonhatjuk le, hogy a Mobile IP fõleg a lassú handover vagyis a hordozhatóság kezelésére alkalmas, mert belsõ késleltetései nagyok. Gyakori handoverek esetén a Mobile IP-t használó TCP alkalmazások átviteli sebessége a nagy csomagvesztés miatt rohamosan csökken. A jövõben várható a cellák méretének csökkenése. Átmérõjük egészen néhány tíz méterig lecsökkenhet [HAA98]. Vegyünk egy példát, ahol a cellák 30 méter átmérõjûek és a felhasználó 1 m/s sebességgel halad, közben laptopjával kapcsolódik az Internetre. Ekkor percenként két handover történik. Az átviteli sebesség kétharmadára csökken ahhoz képest, mintha egyhelyben állna, azaz megállapíthatjuk, hogy a Mobile IP-t nem a gyakori handover kezelésére tervezték. Már léteznek javaslatok a szabvány kiegészítésére gyors cellaváltás esetén [RAM99], [MAL99], [MCA99]. A jövõben ezekkel fogunk foglalkozni.

Closed User Groups in Internet Service Centres

L. Buttyán and S. Staamann and A. Coignet and E. Ruggiano and U. Wilhelm and M. Zweiacker

Proceedings of DAIS`99, Helsinki, June, 1999.

Bibtex | Abstract

@inproceedings {
   author = {Levente Buttyán and and and and and },
   title = {Closed User Groups in Internet Service Centres},
   booktitle = {Proceedings of DAIS`99},
   address = {Helsinki},
   month = {June},
   year = {1999}
}

Keywords

Access Control, Authorisation, Closed Users Groups, Middleware, CORBA, Security

Abstract

The paper presents a model for end-user directed access control to services in Internet service centres that, beside the classical Internet services (e.g., e-mail), offer a multitude of new services (e.g., on-line conferencing and auctioning) over the Internet. The model is based on the concept of closed user groups. The main idea is that at creation time each service instance and its components are assigned to a user group previously formed by a subset of the end-users, and access control is performed for access attempts through checking the group assignment of the accessed resource against the group memberships of the authenticated accessing end-user. Access control is directed by the end-users through the management of group memberships. We describe the concept of closed user groups, the management of group memberships, the enforcement of access control, and the realisation with off-the-shelf software for a middleware based service environment, which is haracterised by the use of CORBA, Java, and WWW technology.

CVE-1999-1496

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496, 1999.

Bibtex | Abstract

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-1999-1496},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496},
   year = {1999}
}

Abstract

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

Formal methods in the design of cryptographic protocols (state of the art)

L. Buttyán

no. SSC/1999/38, EPFL-DI-ICA, November, 1999.

Bibtex | Abstract

@techreport {
   author = {Levente Buttyán},
   title = {Formal methods in the design of cryptographic protocols (state of the art)},
   number = {SSC/1999/38},
   institution = {EPFL-DI-ICA},
   month = {November},
   year = {1999}
}

Keywords

cryptographic protocols, formal methods, verification, specification

Abstract

This paper is a state of the art review of the use of formal methods in the design of cryptographic rotocols.

Internetes értékpapír-megbízásokat kezelõ rendszer

D. Labanc

1999.

Bibtex

@mastersthesis {
   author = {Dániel LABANC},
   title = {Internetes értékpapír-megbízásokat kezelõ rendszer},
   year = {1999}
}

Abstract

Introducing Trusted Third Parties to the Mobile Agent Paradigm

U. Wilhelm and S. Staamann and L. Buttyán

in J. Vitek, C. Jensen: Proceedings of Secure Internet Programming: Security Issues for Mobile and Distributed Objects, Springer-Verlag (LNCS 1603), 1999.

Bibtex | Abstract

@inbook {
   author = { and and Levente Buttyán},
   title = {Introducing Trusted Third Parties to the Mobile Agent Paradigm},
   publisher = {in J. Vitek, C. Jensen: Proceedings of Secure Internet Programming: Security Issues for Mobile and Distributed Objects, Springer-Verlag (LNCS 1603)},
   year = {1999}
}

Keywords

Protecting Mobile Agents, Trust, Tamper Proof Environment

Abstract

Systems that support mobile agents are increasingly being used on the global Internet. An important application that is considered for these agents is electronic commerce, where agents roam the World Wide Web in search of goods for their owners. In these applications, an agent moves along some itinerary in order to search for the best offer for the good sought by the user. The problem with this approach is that malicious providers on the agent`s itinerary can damage the agent, tamper with the agent so that the agent itself becomes malicious, or forward the agent to any arbitrary provider that might not be on the agent`s itinerary. In this presentation we will primarily address the question how an agent can safely follow some pre-defined itinerary. We will identify the problem of trust as a major issue in this context and describe a trusted and tamper-proof hardware that can be used to enforce a policy. Based on this policy, we will show how the agent can take advantage of it in order to achieve the desired goal.

Multilateral Security in Middleware Based Telecommunications Architectures

S. Staamann and U. Wilhelm and L. Buttyán

in G. Mueller, K. Rannenberg, Proceedings of Multilateral Security in Communications, Addison-Wesley, 1999.

Bibtex | Abstract

@inbook {
   author = { and and Levente Buttyán},
   title = {Multilateral Security in Middleware Based Telecommunications Architectures},
   publisher = {in G. Mueller, K. Rannenberg, Proceedings of Multilateral Security in Communications, Addison-Wesley},
   year = {1999}
}

Keywords

multilateral security, middleware, CORBA, telecommunications, TINA

Abstract

The concept of middleware based architectures for telecommunication services in the broadband, multimedia, and information era is emerging. One representative example is the Telecommunications Information Networking Architecture (TINA), which is characterised by a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce TINA, analyse it with regard to security and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.

Possibilities of authenticity using intelligent smart card

I. Zs. Berta and Z. Á. Mann

Scientific student circles (TDK) 1999, Budapest University of Technology and Economics, 1999.

Bibtex | Abstract | PDF

@misc {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Possibilities of authenticity using intelligent smart card},
   howpublished = {Scientific student circles (TDK) 1999, Budapest University of Technology and Economics},
   year = {1999}
}

Abstract

Az intelligens (alkalmazások futtatására képes) smartcardok óriási lehetõségeket nyitottak meg az elektronikus biztonságtechnikai alkalmazások elõtt. Habár a technikai lehetõség régóta megvan programok smartcardokon való futtatására, ezek alkalmazása mindmáig nem terjedt el.

Célunk ezen lehetõségek feltérképezése s kiaknázása volt. A hitelesség biztosításának módszereit néztük végig, s valósítottuk meg a 1999. május óta béta verzióban létezõ Microsoft Smart Card for Windows eszközön. Dolgozatunkkal demonstrálni szeretnénk, hogy ez a kártya milyen lehetõségeket nyújt e terület fõbb ágain, úgymint:

  • Üzenethitelesítés,
  • Hozzáférésvédelem (dinamikus jelszavak segítségével),
  • Rejtjelezés,
  • Digitális aláírás,
  • Kulcsgondozás, kulcsok tárolása és generálása.

    A fentiek bemutatására példaalkalmazásokat készítünk a kártyához tartozó Visual Basic alapú fejlesztõkörnyezet segítségével. Beszámolunk azirányú tapasztalatainkról, hogy kis (32 kilobyte EEPROM, 1 kilobyte SRAM) erõforráskészlettel rendelkezõ eszközön mennyiben lehet kihasználni a magas szintû nyelv és programozási környezet által biztosított lehetõségeket. Felmérjük a kártya képességeit, korlátait, s ezen korlátok ismeretében próbáljuk értékelni, hogy a jelen technológia milyen alkalmazásokat tesz lehetõvé, s milyen változások, fejlõdési irányok várhatóak a jövõben.

  • Problem areas of the security aspects of network operating systems

    B. Bencsáth and S. Tihanyi

    Scientific student groups (TDK) 1999, 1999.

    Bibtex | PDF

    @misc {
       author = {Boldizsár Bencsáth and Sándor TIHANYI},
       title = {Problem areas of the security aspects of network operating systems},
       howpublished = {Scientific student groups (TDK) 1999},
       year = {1999}
    }

    Abstract

    SmartCardos mobiltelefonokkal megvalósított biztonságos elektronikus fizetõeszköz

    I. Kiss

    BME, 1999.

    Bibtex

    @mastersthesis {
       author = {István KISS},
       title = {SmartCardos mobiltelefonokkal megvalósított biztonságos elektronikus fizetõeszköz},
       school = {BME},
       year = {1999}
    }

    Abstract

    Toward a Formal Model of Fair Exchange - a Game Theoretic Approach

    L. Buttyán and J. P. Hubaux

    no. SSC/1999/39, EPFL-DI-ICA, December, 1999.

    Bibtex | Abstract | PDF

    @techreport {
       author = {Levente Buttyán and },
       title = {Toward a Formal Model of Fair Exchange - a Game Theoretic Approach},
       number = {SSC/1999/39},
       institution = {EPFL-DI-ICA},
       month = {December},
       year = {1999}
    }

    Keywords

    fair exchane protocol, formal model, game theory, electronic commerce

    Abstract

    A fair exchange protocol is a protocol, in which two (or more) mutually suspicious parties exchange their digital items in a way that neither party can gain an advantage over the other by misbehaving. Many fair exchange protocols have been proposed in the academic literature, but they provide rather different types of fairness. The formal comparison of these proposals remained difficult, mainly, because of the lack of a common formal framework, in which each can be modelled and formal fairness definitions can be given. In this paper, we propose to use game theory for this purpose. We show how to represent fair exchange protocols with game trees and give three definitions of fairness using standard game theoretic notions. We are not aware of any other work that uses the apparatus of game theory for modelling fair exchange protocols.

    1998

    A Note on an Authentication Technique Based on Distributed Security Management for the Global Mobility Network

    C. Gbaguidi and S. Staamann and U. Wilhelm and L. Buttyán

    no. SSC/98/18, EPFL-DI-ICA, April, 1998.

    Bibtex | Abstract

    @techreport {
       author = { and and and Levente Buttyán},
       title = {A Note on an Authentication Technique Based on Distributed Security Management for the Global Mobility Network},
       number = {SSC/98/18},
       institution = {EPFL-DI-ICA},
       month = {April},
       year = {1998}
    }

    Keywords

    authentication protocol, belief logic, verification

    Abstract

    In this paper, we analyse the authentication protocol that has been proposed for the so called global mobility network in the October 1997 issue of the IEEE Journal on Selected Areas in Communications. Using a simple logic of authentication, we show that the protocol has flaws, and we present three different attacks that exploit these. We correct the protocol using a simple design tool that we have developed.

    A Simple Logic for Authentication Protocol Design

    L. Buttyán and S. Staamann and U. Wilhelm

    Proceedings of IEEE Computer Security Foundations Workshop, Rockport, MA, USA, June, 1998, pp. 153-162.

    Bibtex | Abstract

    @inproceedings {
       author = {Levente Buttyán and and },
       title = {A Simple Logic for Authentication Protocol Design},
       booktitle = {Proceedings of IEEE Computer Security Foundations Workshop},
       address = {Rockport, MA, USA},
       month = {June},
       year = {1998},
       pages = {153-162}
    }

    Keywords

    authentication protocol, belief logic, logic based design

    Abstract

    In this paper, we describe a simple logic. The logic uses the notion of channels that are generalisations of communication links with various security properties. The abstract nature of channels enables us to treat the protocol at a higher abstraction level than do most of the known logics for authentication, and thus, we can address the higher level functional properties of the system, without having to be concerned with the problems of the actual implementation. The major advantage of the proposed logic is its suitability for the design of authentication protocols. We give a set of synthetic rules that can be used by protocol designers to construct a protocol in a systematic way.

    Analysis of Protocol Sequences for Slow Frequency Hopping

    L. Györfi and I. Vajda

    Wireless Networks, vol. 4, 1998, pp. 411-418.

    Bibtex

    @article {
       author = { and István VAJDA},
       title = {Analysis of Protocol Sequences for Slow Frequency Hopping},
       journal = {Wireless Networks},
       volume = {4},
       year = {1998},
       pages = {411-418}
    }

    Abstract

    Analysis of Protocol Sequences for Slow Frequency Hopping

    S. Csibi and L. Györfi and I. Vajda

    Proceedings of the 1998 International Zürich Seminar on Broadband Communication (IEEE Catalog No.98TH8277), 1998, pp. 237-242.

    Bibtex

    @inproceedings {
       author = { and and István VAJDA},
       title = {Analysis of Protocol Sequences for Slow Frequency Hopping},
       booktitle = {Proceedings of the 1998 International Zürich Seminar on Broadband Communication (IEEE Catalog No.98TH8277)},
       year = {1998},
       pages = {237-242}
    }

    Abstract

    CrySTINA: Security in the Telecommunications Information Networking Architecture

    S. Staamann and U. Wilhelm and L. Buttyán

    no. SSC/98/4, EPFL-DI-ICA, January, 1998.

    Bibtex | Abstract

    @techreport {
       author = { and and Levente Buttyán},
       title = {CrySTINA: Security in the Telecommunications Information Networking Architecture},
       number = {SSC/98/4},
       institution = {EPFL-DI-ICA},
       month = {January},
       year = {1998}
    }

    Keywords

    security, CORBA, TINA, DPE, interoperability

    Abstract

    TINA specifies an open architecture for telecommunication services in the broadband, multimedia, and information era. Its characteristics most relevant for security are a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce the TINA-C architecture, analyse it with regard to security and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.

    Internetes telebanki szolgáltatás és a szerver oldali adatbiztonsága

    Á. Csernitzky

    BME, 1998.

    Bibtex

    @mastersthesis {
       author = {Ádám Csernitzky},
       title = {Internetes telebanki szolgáltatás és a szerver oldali adatbiztonsága},
       school = {BME},
       year = {1998}
    }

    Abstract

    On the distribution of Hamming correlation of cyclically permutable subsets of RS codes

    Á. Jordán and I. Vajda

    Proceedings of the II. International Workshop on Optimal Codes'98, Sazopol,Bulgaria, June 9-15, 1998, pp. 144-150.

    Bibtex

    @inproceedings {
       author = { and István VAJDA},
       title = {On the distribution of Hamming correlation of cyclically permutable subsets of RS codes},
       booktitle = {Proceedings of the II. International Workshop on Optimal Codes'98},
       address = {Sazopol,Bulgaria},
       month = {June 9-15},
       year = {1998},
       pages = {144-150}
    }

    Abstract

    On the Hamming correlation distribution of SFH signature sequence sets

    Á. Jordán and I. Vajda

    roceedings of the IEEE ISSSTA '98 (IEEE Fifth International Symposium on Spread Sectrum Techniques & Applications), Sun City, South Africa, September 2-4, 1998, pp. 676-680.

    Bibtex

    @inproceedings {
       author = { and István VAJDA},
       title = {On the Hamming correlation distribution of SFH signature sequence sets},
       booktitle = {roceedings of the IEEE ISSSTA '98 (IEEE Fifth International Symposium on Spread Sectrum Techniques & Applications)},
       address = {Sun City, South Africa},
       month = {September 2-4},
       year = {1998},
       pages = {676-680}
    }

    Abstract

    On the Problem of Trust in Mobile Agent Systems

    U. Wilhelm and S. Staamann and L. Buttyán

    Proceedings of Internet Society`s Symposium on Network and Distributed System Security, San Diego, CA, USA, March, 1998.

    Bibtex | Abstract

    @inproceedings {
       author = { and and Levente Buttyán},
       title = {On the Problem of Trust in Mobile Agent Systems},
       booktitle = {Proceedings of Internet Society`s Symposium on Network and Distributed System Security},
       address = {San Diego, CA, USA},
       month = {March},
       year = {1998}
    }

    Keywords

    trust, mobile agent, tamper proof environment

    Abstract

    Systems that support mobile agents are increasingly being used on the global Internet. Security concerns dealing with the protection of the execution environment from malicious agents are extensively being tackled. We concentrate on the reverse problem, namely how a mobile agent can be protected from malicious behaviour of the execution environment, which is largely ignored. We will identify the problem of trust as the major issue in this context and describe a trusted and tamper-proof hardware that can be used to divide this problem among several principals, each of which has to be trusted with a special task. We show that the presented approach can be used to mitigate an important problem in the design of open systems.

    Protecting the Itinerary of Mobile Agents

    U. Wilhelm and S. Staamann and L. Buttyán

    Proceedings of ECOOP Workshop on Mobile Object Systems: Secure Internet Mobile Communications, Brussels, Belgium, June, 1998.

    Bibtex | Abstract

    @inproceedings {
       author = { and and Levente Buttyán},
       title = {Protecting the Itinerary of Mobile Agents},
       booktitle = {Proceedings of ECOOP Workshop on Mobile Object Systems: Secure Internet Mobile Communications},
       address = {Brussels, Belgium},
       month = {June},
       year = {1998}
    }

    Keywords

    mobile agent protection

    Abstract

    Systems that support mobile agents are increasingly being used on the global Internet. An important application that is considered for these agents is electronic commerce, where agents roam the World Wide Web in search of goods for their owners. In these applications, an agent moves along some itinerary in order to search for the best offer for the good sought by the user. The problem with this approach is that malicious providers on the agent`s itinerary can damage the agent, tamper with the agent so that the agent itself becomes malicious, or forward the agent to any arbitrary provider that might not be on the agent`s itinerary. In this presentation we will primarily address the question how an agent can safely follow some pre-defined itinerary. We will identify the problem of trust as a major issue in this context and describe a trusted and tamper-proof hardware that can be used to enforce a policy. Based on this policy, we will show how the agent can take advantage of it in order to achieve the desired goal.

    Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach

    S. Staamann and U. Wilhelm and L. Buttyán

    no. SSC/98/4, EPFL-DI-ICA, January, 1998.

    Bibtex | Abstract

    @techreport {
       author = { and and Levente Buttyán},
       title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
       number = {SSC/98/4},
       institution = {EPFL-DI-ICA},
       month = {January},
       year = {1998}
    }

    Keywords

    security, TINA

    Abstract

    The article presents the first results of the CrySTINA project. We analyze and structure the security problem domain in the TINA-C architecture and present our approach to provide the necessary security functionality in the form of self-contained application-independent security services and security mechanisms as part of the DPE functionality. The DPE is assumed to be basically provided by CORBA products. Therefore, we introduce the CORBA security specification and investigate if and how the identified TINA security services can be implemented using the CORBA security functionality.

    Security in TINA

    S. Staamann and U. Wilhelm and L. Buttyán

    Proceedings of IFIP-SEC`98, Wienna-Budapest, August, 1998.

    Bibtex | Abstract

    @inproceedings {
       author = { and and Levente Buttyán},
       title = {Security in TINA},
       booktitle = {Proceedings of IFIP-SEC`98},
       address = {Wienna-Budapest},
       month = {August},
       year = {1998}
    }

    Keywords

    security, CORBA, DPE, TINA, interoperability

    Abstract

    TINA is a specification of an open architecture for telecommunication services in the broadband, multimedia, and information era. Its characteristics most relevant for security are a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce the TINA-C architecture, analyse it with regard to security, and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.

    1997

    A hitelkártyás vásárlás SET (Secure Electronic Transaction) draft standard adatbiztonsági protokolljának vizsgálata

    Zs. Nagy

    BME, 1997.

    Bibtex

    @mastersthesis {
       author = {Zsigmond NAGY},
       title = {A hitelkártyás vásárlás SET (Secure Electronic Transaction) draft standard adatbiztonsági protokolljának vizsgálata},
       school = {BME},
       year = {1997}
    }

    Abstract

    Biztonságos kommunikáció X400 MTA és Web Browser ügyfél alkalmazás között

    Zs. Szabadi

    BME, 1997.

    Bibtex

    @mastersthesis {
       author = {Zsolt SZABADI},
       title = {Biztonságos kommunikáció X400 MTA és Web Browser ügyfél alkalmazás között},
       school = {BME},
       year = {1997}
    }

    Abstract

    Data Security Issues of Computer Networks

    L. Buttyán

    Magyar Távközlés (Selected Papers from the Hungarian Telecommunications), 1997, pp. 50-57..

    Bibtex

    @article {
       author = {Levente Buttyán},
       title = {Data Security Issues of Computer Networks},
       journal = {Magyar Távközlés (Selected Papers from the Hungarian Telecommunications)},
       year = {1997},
       pages = {50-57.}
    }

    Abstract

    On the Design of Strong Bit Permutations and Substitutions

    L. Buttyán and I. Vajda

    Budapest University of Technology, January, 1997.

    Bibtex

    @techreport {
       author = {Levente Buttyán and István VAJDA},
       title = {On the Design of Strong Bit Permutations and Substitutions},
       institution = {Budapest University of Technology},
       month = {January},
       year = {1997}
    }

    Abstract

    On the Design of Substitution-Permutation Ciphers

    I. Vajda and L. Buttyán

    Budapest University of Technology, January, 1997.

    Bibtex

    @techreport {
       author = {István VAJDA and Levente Buttyán},
       title = {On the Design of Substitution-Permutation Ciphers},
       institution = {Budapest University of Technology},
       month = {January},
       year = {1997}
    }

    Abstract

    Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach

    S. Staamann and U. Wilhelm and A. Schiper and L. Buttyán and J. P. Hubaux

    Proceedings of TINA`97, November, 1997.

    Bibtex | Abstract

    @inproceedings {
       author = { and and and Levente Buttyán and },
       title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
       booktitle = {Proceedings of TINA`97},
       month = {November},
       year = {1997}
    }

    Keywords

    security, TINA

    Abstract

    The article presents the first results of the CrySTINA project. We analyze and structure the security problem domain in the TINA-C architecture and present our approach to provide the necessary security functionality in the form of self-contained application-independent security services and security mechanisms as part of the DPE functionality. The DPE is assumed to be basically provided by CORBA products. Therefore, we introduce the CORBA security specification and investigate if and how the identified TINA security services can be implemented using the CORBA security functionality.

    1996

    Data Security Issues of Computer Networks (in Hungarian)

    L. Buttyán

    Magyar Távközlés, vol. VII., no. 4., April, 1996, pp. 11-19..

    Bibtex

    @article {
       author = {Levente Buttyán},
       title = {Data Security Issues of Computer Networks (in Hungarian)},
       journal = {Magyar Távközlés},
       volume = {VII.},
       number = {4.},
       month = {April},
       year = {1996},
       pages = {11-19.}
    }

    Abstract

    1995

    Code construction for FH/CDMA channels

    I. Vajda

    IEEE Transactions on Communications, vol. 43, no. 10, October, 1995.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Code construction for FH/CDMA channels},
       journal = {IEEE Transactions on Communications},
       volume = {43},
       number = {10},
       month = {October},
       year = {1995}
    }

    Abstract

    Nyílt számítógépes hálózatok adatvédelmi kérdései

    K. Rassay

    BME, 1995.

    Bibtex

    @mastersthesis {
       author = {Krisztián RASSAY},
       title = {Nyílt számítógépes hálózatok adatvédelmi kérdései},
       school = {BME},
       year = {1995}
    }

    Abstract

    On Design Criteria of Conventional Block Ciphers (in Hungarian)

    I. Vajda and L. Buttyán

    Hiradástechnika, vol. XLVI., March, 1995, pp. 10-18., (awarded with the Pollak-Virag Award of the Hungarian Telecommunication Scientific Society).

    Bibtex

    @article {
       author = {István VAJDA and Levente Buttyán},
       title = {On Design Criteria of Conventional Block Ciphers (in Hungarian)},
       journal = {Hiradástechnika},
       volume = {XLVI.},
       month = {March},
       year = {1995},
       pages = {10-18.},
       note = {(awarded with the Pollak-Virag Award of the Hungarian Telecommunication Scientific Society)}
    }

    Abstract

    S-box Design, (in Hungarian)

    L. Buttyán

    Budapest University of Technology, May, 1995.

    Bibtex

    @mastersthesis {
       author = {Levente Buttyán},
       title = {S-box Design, (in Hungarian)},
       school = {Budapest University of Technology},
       month = {May},
       year = {1995}
    }

    Abstract

    Searching for the best linear approximation of DES-like cryptosystems

    L. Buttyán and I. Vajda

    IEE Electronics Letters, vol. 31, no. 11, May, 1995, pp. 873-874.

    Bibtex

    @article {
       author = {Levente Buttyán and István VAJDA},
       title = {Searching for the best linear approximation of DES-like cryptosystems},
       journal = {IEE Electronics Letters},
       volume = {31},
       number = {11},
       month = {May},
       year = {1995},
       pages = {873-874}
    }

    Abstract

    1994

    Code Constructions for Code Division Multiple Access Channels

    I. Vajda

    Journal on Communications, vol. XLV, March, 1994, pp. 2-9.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Code Constructions for Code Division Multiple Access Channels},
       journal = {Journal on Communications},
       volume = {XLV},
       month = {March},
       year = {1994},
       pages = {2-9}
    }

    Abstract

    1993

    Construction of Protocol Sequences for Multiple-Access Collision Channels

    L. Györfi and I. Vajda

    Proceedings of the 1993 IEEE International Symposium on Information Theory, San Antonio, USA, Jan 17-22, 1993, pp. 157.

    Bibtex

    @inproceedings {
       author = { and István VAJDA},
       title = {Construction of Protocol Sequences for Multiple-Access Collision Channels},
       booktitle = {Proceedings of the 1993 IEEE International Symposium on Information Theory},
       address = {San Antonio, USA},
       month = {Jan 17-22},
       year = {1993},
       pages = {157}
    }

    Abstract

    Hibakorlátozó kódolás

    I. Vajda

    Chapter 7, in Géher K. (ed.): Híradástechnika, Mûszaki Könyvkiadó, 1993.

    Bibtex

    @inbook {
       author = {István VAJDA},
       title = {Hibakorlátozó kódolás},
       chapter = {Chapter 7},
       publisher = {in Géher K. (ed.): Híradástechnika, Mûszaki Könyvkiadó},
       year = {1993}
    }

    Abstract

    Spread Spectrum Principle Based Wireless Telecommunication Networks

    I. Vajda

    Magyar Távközlés, 1993, pp. 43-49, Selected papers 1993.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Spread Spectrum Principle Based Wireless Telecommunication Networks},
       journal = {Magyar Távközlés},
       year = {1993},
       pages = {43-49},
       note = {Selected papers 1993}
    }

    Abstract

    1992

    Code sequences for FH-CDMA channels

    I. Vajda

    Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications, Yokohama, Japan, 1992, pp. 195-197.

    Bibtex

    @inproceedings {
       author = {István VAJDA},
       title = {Code sequences for FH-CDMA channels},
       booktitle = {Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications},
       address = {Yokohama, Japan},
       year = {1992},
       pages = {195-197}
    }

    Abstract

    Construction of Protocol Sequences for Multiple-Access Collision Channel without Feedback

    L. Györfi and I. Vajda

    IEEE Transactions on Information Theory, vol. 39, no. 5, September, 1992, pp. 1762-1765.

    Bibtex

    @article {
       author = { and István VAJDA},
       title = {Construction of Protocol Sequences for Multiple-Access Collision Channel without Feedback},
       journal = { IEEE Transactions on Information Theory},
       volume = {39},
       number = {5},
       month = {September},
       year = {1992},
       pages = {1762-1765}
    }

    Abstract

    Lokális számítógéphálózatok algoritmikus adatvédelme

    Gy. Hernádi

    BME, 1992.

    Bibtex

    @mastersthesis {
       author = {György HERNÁDI},
       title = {Lokális számítógéphálózatok algoritmikus adatvédelme},
       school = {BME},
       year = {1992}
    }

    Abstract

    1991

    A cryptographic element based on number system conversion

    T. Nemetz and I. Vajda

    Proceedings of 1991 IEEE International Symposium on Information Theory, Budapest, Hungary, 1991, pp. 127.

    Bibtex

    @inproceedings {
       author = {Tibor NEMETZ and István VAJDA},
       title = {A cryptographic element based on number system conversion},
       booktitle = {Proceedings of 1991 IEEE International Symposium on Information Theory},
       address = {Budapest, Hungary},
       year = {1991},
       pages = {127}
    }

    Abstract

    Bevezetés az algoritmikus adatvédelembe

    T. Nemetz and I. Vajda

    Az elektronika újabb eredményei 9.kötet, Akadémiai Kiadó, 1991, Budapest.

    Bibtex

    @book {
       author = {Tibor NEMETZ and István VAJDA},
       title = {Bevezetés az algoritmikus adatvédelembe},
       series = {Az elektronika újabb eredményei 9.kötet},
       publisher = {Akadémiai Kiadó},
       year = {1991},
       note = {Budapest}
    }

    Abstract

    Comments on Code-Division Multiple Access Techniques in Optical Fiber Networks

    I. Vajda

    IEEE Transactions on Communications, vol. 39, no. 2, February, 1991, pp. 196.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Comments on Code-Division Multiple Access Techniques in Optical Fiber Networks},
       journal = {IEEE Transactions on Communications},
       volume = {39},
       number = {2},
       month = {February},
       year = {1991},
       pages = {196}
    }

    Abstract

    Reed-Solomon kódok alkalmazási lehetõségei az adatvédelemben

    T. Szántó

    BME, 1991.

    Bibtex

    @mastersthesis {
       author = {Tibor SZÁNTÓ},
       title = {Reed-Solomon kódok alkalmazási lehetõségei az adatvédelemben},
       school = {BME},
       year = {1991}
    }

    Abstract

    Side information gained from signal matrices in FFH spread spectrum systems

    I. Vajda

    Electronics and Communications, vol. 45, no. 2, March, 1991, pp. 70-76, Hirzel Verlag.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Side information gained from signal matrices in FFH spread spectrum systems},
       journal = {Electronics and Communications},
       volume = {45},
       number = {2},
       month = {March},
       year = {1991},
       pages = {70-76},
       note = {Hirzel Verlag}
    }

    Abstract

    Substitution of characters in q-ary m-sequences

    I. Vajda and T. Nemetz

    Lecture Notes in Computer Science 508, 1991, pp. 96-105, Springer-Verlag.

    Bibtex

    @article {
       author = {István VAJDA and Tibor NEMETZ},
       title = {Substitution of characters in q-ary m-sequences},
       journal = {Lecture Notes in Computer Science 508},
       year = {1991},
       pages = {96-105},
       note = {Springer-Verlag}
    }

    Abstract

    1990

    AGC based hard detected FFH signal matrices

    I. Vajda

    IEE Electronics Letters, vol. 26, no. 3, February, 1990, pp. 218-219.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {AGC based hard detected FFH signal matrices},
       journal = {IEE Electronics Letters},
       volume = {26},
       number = {3},
       month = {February},
       year = {1990},
       pages = {218-219}
    }

    Abstract

    On random code-hopping DS/SSMA systems

    I. Vajda

    Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications, London, 1990, pp. 47-52.

    Bibtex

    @inproceedings {
       author = {István VAJDA},
       title = {On random code-hopping DS/SSMA systems},
       booktitle = {Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications},
       address = {London},
       year = {1990},
       pages = {47-52}
    }

    Abstract

    1987

    Code acquisition for a frequency hopping system

    I. Vajda and G. Einarsson

    IEEE Transactions on Communications, vol. 35, no. 5, May, 1987, pp. 566-568.

    Bibtex

    @article {
       author = {István VAJDA and },
       title = {Code acquisition for a frequency hopping system},
       journal = {IEEE Transactions on Communications},
       volume = {35},
       number = {5},
       month = {May},
       year = {1987},
       pages = {566-568}
    }

    Abstract

    Error probability of a code-division multiple-access frequency-hopping system

    I. Vajda and G. Einarsson and L. Molnár

    Electronics and Communications, vol. 41, no. 6, December, 1987, pp. 356-364, Hirzel Verlag.

    Bibtex

    @article {
       author = {István VAJDA and and },
       title = {Error probability of a code-division multiple-access frequency-hopping system},
       journal = {Electronics and Communications},
       volume = {41},
       number = {6},
       month = {December},
       year = {1987},
       pages = {356-364},
       note = {Hirzel Verlag}
    }

    Abstract

    Some results on generation of shift-register sequences with large linear complexity

    I. Vajda and J. Landsmann

    Proceedings of Applied Algebra, Algebraic Algorithms and Error Control Codes, AAECC-5, Menorca, Spain, June 15-19, 1987, pp. 81.

    Bibtex

    @inproceedings {
       author = {István VAJDA and },
       title = {Some results on generation of shift-register sequences with large linear complexity},
       booktitle = {Proceedings of Applied Algebra, Algebraic Algorithms and Error Control Codes, AAECC-5},
       address = {Menorca, Spain},
       month = {June 15-19},
       year = {1987},
       pages = {81}
    }

    Abstract

    1985

    More on modelling and performance evaluation for frequency coded multiple access channels

    I. Vajda

    Proceedings of U.R.S.I. XXIst General Assembly, Florence, Italy, 1985, pp. 104.

    Bibtex

    @inproceedings {
       author = {István VAJDA},
       title = {More on modelling and performance evaluation for frequency coded multiple access channels},
       booktitle = {Proceedings of U.R.S.I. XXIst General Assembly},
       address = {Florence, Italy},
       year = {1985},
       pages = {104}
    }

    Abstract

    1983

    A coding rule for frequency-hopped multiple access channels

    I. Vajda

    Problems of Control and Information Theory, vol. 13, no. 5, 1983, pp. 331-335.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {A coding rule for frequency-hopped multiple access channels},
       journal = {Problems of Control and Information Theory},
       volume = {13},
       number = {5},
       year = {1983},
       pages = {331-335}
    }

    Abstract

    Block coding and correlation decoding for an M-user weighted adder channel

    L. Györfi and I. Vajda

    Problems of Control and Information Theory, vol. 12, no. 6, 1983, pp. 405-417.

    Bibtex

    @article {
       author = { and István VAJDA},
       title = {Block coding and correlation decoding for an M-user weighted adder channel},
       journal = {Problems of Control and Information Theory},
       volume = {12},
       number = {6},
       year = {1983},
       pages = {405-417}
    }

    Abstract

    Decoding error probability of the Einarsson-code for frequency-hopped multiple access channel

    L. Molnár and I. Vajda

    Problems of Control and Information Theory, vol. 13, no. 2, 1983, pp. 109-120.

    Bibtex

    @article {
       author = { and István VAJDA},
       title = {Decoding error probability of the Einarsson-code for frequency-hopped multiple access channel},
       journal = {Problems of Control and Information Theory},
       volume = {13},
       number = {2},
       year = {1983},
       pages = {109-120}
    }

    Abstract

    1982

    Hibajavító kódolás és mûszaki alkalmazásai

    I. Vajda

    BME Mérnöktovábbképzõ Intézet, 1982.

    Bibtex

    @book {
       author = {István VAJDA},
       title = {Hibajavító kódolás és mûszaki alkalmazásai},
       publisher = {BME Mérnöktovábbképzõ Intézet},
       year = {1982}
    }

    Abstract

    1980

    Information transmission with intermediate storage under the special conditions of microcomputers

    S. Csibi and L. Györfi and Z. Györfi and I. Vajda

    Periodica Polytechnica, vol. 24, 1980, pp. 222-227.

    Bibtex

    @article {
       author = { and and and István VAJDA},
       title = {Information transmission with intermediate storage under the special conditions of microcomputers},
       journal = {Periodica Polytechnica},
       volume = {24},
       year = {1980},
       pages = {222-227}
    }

    Abstract

    Upper bound on the error probability of detection in non-Gaussian noise

    L. Györfi and I. Vajda

    Problems of Control and Information Theory, vol. 9, no. 3, 1980, pp. 215-224.

    Bibtex

    @article {
       author = { and István VAJDA},
       title = {Upper bound on the error probability of detection in non-Gaussian noise},
       journal = {Problems of Control and Information Theory},
       volume = {9},
       number = {3},
       year = {1980},
       pages = {215-224}
    }

    Abstract

    1979

    Remarks on a coding technique for asynchronous multiple access communication

    I. Vajda and I. Kerekes and L. Györfi and H. Gomez

    Problems of Control and Information Theory, vol. 9, no. 4, 1979, pp. 287-296.

    Bibtex

    @article {
       author = {István VAJDA and and and },
       title = {Remarks on a coding technique for asynchronous multiple access communication},
       journal = {Problems of Control and Information Theory},
       volume = {9},
       number = {4},
       year = {1979},
       pages = {287-296}
    }

    Abstract

    1978

    Adaptive Gaussian detection without a priori symbol synchronization

    I. Vajda

    Problems of Control and Information Theory, vol. 9, no. 2, 1978, pp. 133-140.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Adaptive Gaussian detection without a priori symbol synchronization},
       journal = {Problems of Control and Information Theory},
       volume = {9},
       number = {2},
       year = {1978},
       pages = {133-140}
    }

    Abstract

    Bayesian decision with rejection

    L. Györfi and Z. Györfi and I. Vajda

    Problems of Control and Information Theory, vol. 8, no. 5, 1978, pp. 445-452.

    Bibtex

    @article {
       author = { and and István VAJDA},
       title = {Bayesian decision with rejection},
       journal = {Problems of Control and Information Theory},
       volume = {8},
       number = {5},
       year = {1978},
       pages = {445-452}
    }

    Abstract

    1977

    A strong law of large numbers and some applications

    L. Györfi and Z. Györfi and I. Vajda

    Studia Scientiarum Mathematicarum Hungarica, vol. 12, 1977, pp. 233-244.

    Bibtex

    @article {
       author = { and and István VAJDA},
       title = {A strong law of large numbers and some applications},
       journal = {Studia Scientiarum Mathematicarum Hungarica},
       volume = {12},
       year = {1977},
       pages = {233-244}
    }

    Abstract