CrySyS Lab Publications

Total number of publications: 342

2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997 | 1996 | 1995 | 1994 | 1993 | 1992 | 1991 | 1990 | 1987 | 1985 | 1983 | 1982 | 1980 | 1979 | 1978 | 1977

2017

CAN compression based IDS

A. Gazdag

IT-SECX 2017, 2017, FH St. Pölten.

Bibtex | Abstract

@conference {
   author = {András Gazdag},
   title = {CAN compression based IDS},
   booktitle = {IT-SECX 2017},
   year = {2017},
   publisher = {FH St. Pölten}
}

Abstract

Modern vehicles are mainly controlled by ECUs (Electric Control Units). They are small programmable computers responsible for single tasks. New smart features of vehicles showed demand for Internet connectivity rendering these previously isolated computer networks reachable for malicious attacks. Detecting cyber-attacks requires a continuous network traffic logging for online and offline analysis. This generates a huge amount of data which is a challenge to store and to analyze, as well. In this presentation, we show a proposed semantic compression mechanism that is capable of representing the original data in a lossless form while using a fraction of the space. The introduced algorithm understands properties of the CAN traffic log. This is a powerful foundation for compression and for intrusion detection. The compressed traffic log can be directly used as an input for a machine learning based IDS, which is then capable to effectively recognize malicious attack patterns.

Differentially Private Mixture of Generative Neural Networks

G. Ács, L. Melis, C. Castelluccia, E. De Cristofaro

IEEE International Conference on Data Mining (ICDM), IEEE, 2017.

Bibtex

@inproceedings {
   author = {Gergely Ács, Luca Melis, Claude Castelluccia, Emiliano De Cristofaro},
   title = {Differentially Private Mixture of Generative Neural Networks},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

Efficient Lossless Compression of CAN Traffic Logs

A. Gazdag, L. Buttyán, Zs. Szalay

IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom), IEEE, 2017.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag, Levente BUTTYÁN, Zsolt Szalay},
   title = {Efficient Lossless Compression of CAN Traffic Logs},
   booktitle = {IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by cyber attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data, therefore, it contributes to reduced analysis time and effort. We achieve this by performing semantic compression on the CAN traffic logs, rather than simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of state-of-the-art syntactic compression methods, such as gzip.

Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange

G. Biczók, M Dramitinos, L. Toka, P Heegaard, H Lønsethagen

IEEE Communications Magazine, vol. 55, no. 4, 2017.

Bibtex | Abstract

@article {
   author = {Gergely Biczók, Manos Dramitinos, Laszlo Toka, Poul E. Heegaard, Håkon Lønsethagen},
   title = {Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange},
   journal = {IEEE Communications Magazine},
   volume = {55},
   number = {4},
   year = {2017}
}

Abstract

Bla

Privacy-Aware Caching in Information-Centric Networking

G. Ács, M. Conti, P. Gasti, C. Ghali, G. Tsudik, C. Wood

IEEE Transactions on Dependable Computing (TDSC), 2017.

Bibtex

@article {
   author = {Gergely Ács, Mauro Conti, Paulo Gasti, Cesar Ghali, Gene Tsudik, Christopher Wood},
   title = {Privacy-Aware Caching in Information-Centric Networking},
   journal = {IEEE Transactions on Dependable Computing (TDSC)},
   year = {2017}
}

Abstract

Searchable Symmetric Encryption: Sequential Scan Can Be Practical

M. Horváth, I. Vajda

The 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2017), IEEE, 2017.

Bibtex | Abstract

@inproceedings {
   author = {Máté Horváth, István VAJDA},
   title = {Searchable Symmetric Encryption: Sequential Scan Can Be Practical},
   booktitle = {The 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2017)},
   publisher = {IEEE},
   year = {2017}
}

Keywords

Searchable Symmetric Encryption; Forward Index; Type-3 Pairings; MAC

Abstract

The proliferation of cloud computing highlights the importance of techniques that allow both securing sensitive data and flexible data management at the same time. One line of research with this double motivation is the study of Searchable Symmetric Encryption (SSE) that has provided several outstanding results in the recent years. These solutions allow sublinear keyword search in huge databases by using various data structures to store keywords and document identifiers. In this work, we focus on certain scenarios in which search over the whole database is not necessary and show that the otherwise inefficient sequential scan (in linear time) can be very practical. This is due to the fact that adding new entries to the database comes for free in this case while updating a complex data structure without information leakage is rather complicated. To demonstrate the practicality of our approach we build a simple SSE scheme based on bilinear pairings and prove its security against adaptive chosen-keyword attacks in the standard model under the widely used SXDH assumption.

Semantics-Preserving Encryption for Computer Networking Related Data Types

G. Ládi

12th International Symposium on Applied Informatics and Related Areas, Proceedings, Óbuda University, 2017, pp. 176-181, ISBN 978-963-449-032-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Semantics-Preserving Encryption for Computer Networking Related Data Types},
   booktitle = {12th International Symposium on Applied Informatics and Related Areas, Proceedings},
   publisher = {Óbuda University},
   year = {2017},
   pages = {176-181},
   note = {ISBN 978-963-449-032-6}
}

Keywords

semantics-preserving encryption; format-preserving encryption; networking; data type; MAC address; IPv4 address; IPv6 address; TCP port; UDP port; privacy; log anonymization;

Abstract

Semantics-preserving encryption methods are encryption methods that not only preserve the format (data structure) of the input, but also a set of additional properties that are desired to be preserved (for example, transforming an IP address into another from the same subnet). Such methods may be used to anonymize logs or otherwise hide potentially sensitive information from third parties, while preserving characteristics that are essential for a given purpose. This paper presents tuneable semantics-preserving encryption methods that may be applied to common computer networking related data types such as IPv4, IPv6, and MAC addresses.

Towards Efficient Compression of CAN Traffic Logs

A. Gazdag, L. Buttyán, Zs. Szalay

Balázs Vehovszky, Krisztián Bán, János Takács, 34th International Colloquium on Advanced Manufacturing and Repairing Technologies in Vehicle Industry: 17-19 May 2017, Visegrád, Hungary. 190 p., Budapest University of Technology and Economics, 2017.

Bibtex | PDF

@inproceedings {
   author = {András Gazdag, Levente BUTTYÁN, Zsolt Szalay},
   title = {Towards Efficient Compression of CAN Traffic Logs},
   editor = {Balázs Vehovszky, Krisztián Bán, János Takács},
   booktitle = {34th International Colloquium on Advanced Manufacturing and Repairing Technologies in Vehicle Industry: 17-19 May 2017, Visegrád, Hungary. 190 p.},
   publisher = {Budapest University of Technology and Economics},
   year = {2017}
}

Keywords

CAN, network traffic capture, semantic compression, forensic analysis

Abstract

Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance

D. Papp, L. Buttyán, Z. Ma

Workshop on Software Assurance at ARES 2017, 2017.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp, Levente BUTTYÁN, Zhendong Ma},
   title = {Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance},
   booktitle = {Workshop on Software Assurance at ARES 2017},
   year = {2017}
}

Abstract

A program exhibits trigger-based behavior if it performs undocumented, often malicious, functions when the environmental conditions and/or specific input values match some pre-specified criteria. Checking whether such hidden functions exist in the program is important for increasing trustworthiness of software. In this paper, we propose a framework to effectively detect trigger-based behavior at the source code level. Our approach is semi-automated: We use automated source code instrumentation and mixed concrete and symbolic execution to generate potentially suspicious test cases that may trigger hidden, potentially malicious functions. The test cases must be investigated by a human analyst manually to decide which of them are real triggers. While our approach is not fully automated, it greatly reduces manual work by allowing analysts to focus on a few test cases found by our automated tools.

Transparent Encryption for Cloud-based Services

G. Ládi

Mesterpróba 2017, Conference Proceedings, Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics, 2017, pp. 5-8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {Mesterpróba 2017, Conference Proceedings},
   publisher = {Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics},
   year = {2017},
   pages = {5-8}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that even if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services.

Transparent Encryption for Cloud-based Services

G. Ládi

25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2017, pp. 64-68, ISSN 1847-3598.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
   publisher = {FESB, University of Split},
   year = {2017},
   pages = {64-68},
   note = {ISSN 1847-3598}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; TLS inspection; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services, even if the connection between the client and the provider is secured by Transport Layer Security.

2016

Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence

I. Symeonidis, F. Shirazi, G. Biczók, C. Perez-Sola, B. Preneel

IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC), Springer, 2016.

Bibtex | Abstract

@inproceedings {
   author = {Iraklis Symeonidis, Fatemeh Shirazi, Gergely Biczók, Cristina Perez-Sola, Bart Preneel},
   title = {Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence},
   booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC)},
   publisher = {Springer},
   year = {2016}
}

Abstract

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage.

Intrusion detection in Cyber Physical Systems Based on Process Modelling

A. Gazdag, T. Holczer, Gy. Miru

Proceedings of 16th European Conference on Cyber Warfare & Security, Academic conferences, 2016.

Bibtex | Abstract

@inproceedings {
   author = {András Gazdag, Tamas Holczer, Gyorgy Miru},
   title = {Intrusion detection in Cyber Physical Systems Based on Process Modelling},
   booktitle = {Proceedings of 16th European Conference on Cyber Warfare & Security},
   publisher = {Academic conferences},
   year = {2016}
}

Abstract

Cyber physical systems (CPS) are used to control chemical processes, and can be found in manufacturing, civil infrastructure, energy industry, transportation and in many more places. There is one common characteristic in these areas, their operation is critical as a malfunction can potential be life-threatening. In the past, an attack against the cyber part of the systems can lead to physical consequences. The first well known attack against a CPS was Stuxnet in 2010. It is challenging to develop countermeasures in this field without endangering the normal operation of the underlying system. In our research, our goal was to detect attacks without interfering with the cyber physical systems in any way. This can be realized by an anomaly detection system using passive network monitoring. Our approach is based on analysing the state of the physical process by interpreting the communication between the control system and the supervisory system. This state can be compared to a model based prediction of the system, which can serve as a solid base for intrusion detection. In order to realize our intrusion detection system, a testbed was built based on widely used Siemens PLCs. Our implementation consists of three main parts. The first task is to understand the network communication in order to gain information about the controlled process. This was realized by analysing and deeply understanding the publicly undocumented Siemens management protocol. The resulting protocol parser was integrated into the widely-used Bro network security monitoring framework. Gathering information about the process state for a prolonged time creates time series. With these time series, as the second step, statistical models of the physical process can be built to predict future states. As the final step, the new states of the physical process can be compared with the predicted states. Significant differences can be considered as an indicator of compromise.

Near-Optimal Fingerprinting with Constraints

G. Gy. Gulyás, G. Ács, C. Castelluccia

PET Symposium, ACM, 2016.

Bibtex

@inproceedings {
   author = {Gábor György Gulyás, Gergely Ács, Claude Castelluccia},
   title = {Near-Optimal Fingerprinting with Constraints},
   booktitle = {PET Symposium},
   publisher = {ACM},
   year = {2016}
}

Abstract

Privacy Preserving Data Aggregation over Multi-hop Networks

Sz. Lestyán

Infocommunications Journal, pp. 7-15, December 2016, Volume VIII, Number 4, ISSN 2061-2079, 2016.

Bibtex

@article {
   author = {Szilvia Lestyan},
   title = {Privacy Preserving Data Aggregation over Multi-hop Networks},
   journal = {Infocommunications Journal, pp. 7-15, December 2016, Volume VIII, Number 4, ISSN 2061-2079},
   year = {2016}
}

Abstract

Private VNFs for collaborative multi-operator service delivery: An architectural case

G. Biczók, B. Sonkoly, N. Bereczky, C. Boyd

IEEE/IFIP Network Operations and Management Symposium (NOMS), IEEE, 2016.

Bibtex | Abstract

@inproceedings {
   author = {Gergely Biczók, Balázs Sonkoly, Nikolett Bereczky, Colin Boyd},
   title = {Private VNFs for collaborative multi-operator service delivery: An architectural case},
   booktitle = {IEEE/IFIP Network Operations and Management Symposium (NOMS)},
   publisher = {IEEE},
   year = {2016}
}

Abstract

Flexible service delivery is a key requirement for 5G network architectures. This includes the support for collaborative service delivery by multiple operators, when an individual operator lacks the geographical footprint or the available network, compute or storage resources to provide the requested service to its customer. Network Function Virtualisation is a key enabler of such service delivery, as network functions (VNFs) can be outsourced to other operators. Owing to the (partial lack of) contractual relationships and co-opetition in the ecosystem, the privacy of user data, operator policy and even VNF code could be compromised. In this paper, we present a case for privacy in a VNF-enabled collaborative service delivery architecture. Specifically, we show the promise of homomorphic encryption (HE) in this context and its performance limitations through a proof of concept implementation of an image transcoder network function. Furthermore, inspired by application-specific encryption techniques, we propose a way forward for private, payload-intensive VNFs.

RoViM: Rotating Virtual Machines for Security and Fault-Tolerance

D. Papp, Z. Ma, L. Buttyán

EMC2 Summit at CPS Week 2016, 2016.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp, Zhendong Ma, Levente BUTTYÁN},
   title = {RoViM: Rotating Virtual Machines for Security and Fault-Tolerance},
   booktitle = {EMC2 Summit at CPS Week 2016},
   year = {2016}
}

Abstract

Nowadays, the field of embedded system experiences a number of changes. On one hand, recent cyber attacks against safety-critical systems demonstrate that malware can force safety-critical systems to endanger human lives and harm the environment. Therefore, a new requirement of security have arisen for safety-critical and embedded systems. However, security should be designed hand in hand with safety to resolve conflicts between the two fields. On the other hand, the emerging trend of virtualization has significant impact on the embedded market. The isolation and protection mechanisms of virtualization contributes to both safety and security via redundancy and the prevention of one virtual machine affecting another. In this paper we present RoViM, a system of rotating virtual machines providing proactive security for embedded devices. RoViM uses multiple virtual machines in the system which increases redundancy as a safety measure. Our design satisfies reachability, liveness and safety requirements and we present a proof-of-concept implementation with use case of an Internet Protocol Security (IPsec) gateway. We evaluate our design with formal verification and show that rotating virtual machines cause no significant change in the performance of the IPsec gateway.

Sharing is Power: Incentives for Information Exchange in Multi-Operator Service Delivery

P Heegaard, G. Biczók, L. Toka

IEEE Global Communications Conference (GLOBECOM), IEEE, 2016.

Bibtex

@inproceedings {
   author = {Poul E. Heegaard, Gergely Biczók, Laszlo Toka},
   title = {Sharing is Power: Incentives for Information Exchange in Multi-Operator Service Delivery},
   booktitle = {IEEE Global Communications Conference (GLOBECOM)},
   publisher = {IEEE},
   year = {2016}
}

Abstract

2015

Attribute-Based Encryption Optimized for Cloud Computing

M. Horváth

SOFSEM 2015: Theory and Practice of Computer Science, Springer Berlin Heidelberg, 2015, Italiano, GiuseppeF. and Margaria-Steffen, Tiziana and Pokorny, Jaroslav and Quisquater, Jean-Jacques and Wattenhofer, Roger, pp. 566-577, http://dx.doi.org/10.1007/978-3-662-46078-8_47.

Bibtex | Abstract

@incollection {
   author = {Máté Horváth},
   title = {Attribute-Based Encryption Optimized for Cloud Computing},
   booktitle = {SOFSEM 2015: Theory and Practice of Computer Science},
   publisher = {Springer Berlin Heidelberg},
   year = {2015},
   editor = {Italiano, GiuseppeF. and Margaria-Steffen, Tiziana and Pokorny, Jaroslav and Quisquater, Jean-Jacques and Wattenhofer, Roger},
   pages = {566-577},
   note = {http://dx.doi.org/10.1007/978-3-662-46078-8_47}
}

Keywords

storage in clouds; access control; attribute-based encryption; multi-authority; user revocation

Abstract

In this work, we aim to make attribute-based encryption (ABE) more suitable for access control to data stored in the cloud. For this purpose, we concentrate on giving to the encryptor full control over the access rights, providing feasible key management even in case of multiple independent authorities, and enabling viable user revocation, which is essential in practice. Our main result is an extension of the decentralized CP-ABE scheme of Lewko and Waters [6] with identity-based user revocation. Our revocation system is made feasible by removing the computational burden of a revocation event from the cloud service provider, at the expense of some permanent, yet acceptable overhead of the encryption and decryption algorithms run by the users. Thus, the computation overhead is distributed over a potentially large number of users, instead of putting it on a single party (e.g., a proxy server), which would easily lead to a performance bottleneck. The formal security proof of our scheme is given in the generic bilinear group and random oracle models.

Attribute-Based Encryption Optimized for Cloud Computing

M. Horváth

Infocommunications Journal, vol. 7, no. 2, 2015, pp. 1-9.

Bibtex

@article {
   author = {Máté Horváth},
   title = {Attribute-Based Encryption Optimized for Cloud Computing},
   journal = {Infocommunications Journal},
   volume = {7},
   number = {2},
   year = {2015},
   pages = {1-9}
}

Keywords

storage in clouds; access control; attribute-based encryption; multi-authority; user revocation

Abstract

Duqu 2.0:A comparison to Duqu

G. Ács-Kurucz, G. Molnár, G. Vaspöri, R. Kamarás, L. Buttyán, B. Bencsáth

BME CrySyS Lab, 2015.

Bibtex | PDF

@techreport {
   author = {Gábor Ács-Kurucz, Gábor Molnár, Gábor Vaspöri, Roland Kamarás, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {Duqu 2.0:A comparison to Duqu},
   institution = {BME CrySyS Lab},
   year = {2015}
}

Abstract

Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy

D. Papp, Z. Ma, L. Buttyán

IEEE International Confenrence on Privacy, Security, and Trust, 2015.

Bibtex | Abstract

@conference {
   author = {Dorottya Papp, Zhendong Ma, Levente BUTTYÁN},
   title = {Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy},
   booktitle = {IEEE International Confenrence on Privacy, Security, and Trust},
   year = {2015}
}

Abstract

Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and ``invisible' way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. In this paper, we conduct a systematic review of the existing threats and vulnerabilities in embedded systems based on public available data. Moreover, based on the information, we derive an attack taxonomy for embedded systems. We envision that the findings in this paper provide a valuable insight of the threat landscape facing embedded systems. The knowledge can be used for a better understanding and the identification of security risks in system analysis and design.

On pricing online data backup

L. Toka, G. Biczók

IEEE INFOCOM Smart Data Pricing WS, IEEE, 2015.

Bibtex

@inproceedings {
   author = {Laszlo Toka, Gergely Biczók},
   title = {On pricing online data backup},
   booktitle = {IEEE INFOCOM Smart Data Pricing WS},
   publisher = {IEEE},
   year = {2015}
}

Abstract

On the Unicity of Smartphone Applications

J. P. Achara, G. Ács, C. Castelluccia

ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.

Bibtex

@inproceedings {
   author = {Jagdish Prasad Achara, Gergely Ács, Claude Castelluccia},
   title = {On the Unicity of Smartphone Applications},
   booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2015}
}

Abstract

Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)

G. Ács, J. P. Achara, C. Castelluccia

IEEE International Conference on Big Data (Big Data), IEEE, 2015.

Bibtex

@inproceedings {
   author = {Gergely Ács, Jagdish Prasad Achara, Claude Castelluccia},
   title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
   booktitle = {IEEE International Conference on Big Data (Big Data)},
   publisher = {IEEE},
   year = {2015}
}

Abstract

ROSCO: Repository of signed code

D. Papp, B. Kócsó, T. Holczer, L. Buttyán, B. Bencsáth

Virus Bulletin, 2015.

Bibtex | PDF

@conference {
   author = {Dorottya Papp, Balázs Kócsó, Tamas Holczer, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract

The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems

T. Holczer, M. Felegyhazi, L. Buttyán

Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, IAEA, 2015.

Bibtex

@inproceedings {
   author = {Tamas Holczer, Mark Felegyhazi, Levente BUTTYÁN},
   title = {The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems},
   booktitle = {Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange},
   publisher = {IAEA},
   year = {2015}
}

Abstract

2014

A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris

G. Ács, C. Castelluccia

The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), ACM, 2014.

Bibtex

@inproceedings {
   author = {Gergely Ács, Claude Castelluccia},
   title = {A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris},
   booktitle = {The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)},
   publisher = {ACM},
   year = {2014}
}

Abstract

Adatbányászat az informatikai biztonságban

K Szücs, T. Holczer, A. Kiss

INFODIDACT konferencia, 2014, Webdidaktika Alapítvány, ISBN: 9789631206272.

Bibtex

@conference {
   author = {Szücs Katalin, Tamas Holczer, Attila Kiss},
   title = {Adatbányászat az informatikai biztonságban},
   booktitle = { INFODIDACT konferencia},
   year = {2014},
   publisher = {Webdidaktika Alapítvány},
   note = {ISBN: 9789631206272}
}

Abstract

An independent test of APT attack detection appliances

B. Bencsáth, L. Buttyán, Z. Balázs, G. Ács-Kurucz, G. Molnár, G. Vaspöri, R. Kamarás

MRG Effitas and BME CrySyS Lab, 2014.

Bibtex

@techreport {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Zoltán Balázs, Gábor Ács-Kurucz, Gábor Molnár, Gábor Vaspöri, Roland Kamarás},
   title = {An independent test of APT attack detection appliances},
   institution = {MRG Effitas and BME CrySyS Lab},
   year = {2014}
}

Abstract

Android Malware Analysis Based On Memory Forensics

A. Gazdag, L. Buttyán

Annual Scientific Conference of the Hungarian National Coordinating Center for Infocommunications (NIKK) 2014, Veszprém, Springer, 2014.

Bibtex

@inproceedings {
   author = {András Gazdag, Levente BUTTYÁN},
   title = {Android Malware Analysis Based On Memory Forensics},
   booktitle = {Annual Scientific Conference of the Hungarian National Coordinating Center for Infocommunications (NIKK) 2014, Veszprém},
   publisher = {Springer},
   year = {2014}
}

Abstract

Android Memory Forensics Hello Workshop

A. Gazdag

Hacktivity 2014., 2014.

Bibtex | Abstract

@conference {
   author = {András Gazdag},
   title = {Android Memory Forensics Hello Workshop},
   booktitle = {Hacktivity 2014.},
   year = {2014}
}

Abstract

Szakértõk kezében a sérülékeny memóriatartalmak vizsgálata már jó ideje hatékony fegyvernek bizonyult. Az új technológiák robbanásszerû elterjedése szükségessé teszi a megbízható technológiák átalakítását, hogy azok az új kihívásoknak is eleget tudjanak ezáltal tenni. Erre az egyik legkézenfekvõbb példa az Android platform. Az utóbbi években látható jelentõs térhódítása ennek a platformnak elkerülhetetlenné tette – többek között – a memória vizsgálati módszerek kifejlesztését is. A workshop célja a résztvevõk megismertetése a jelenleg elérhetõ technológiákkal, gyakorlati példákon keresztül. A lehetséges megközelítések rövid összefoglalása után a résztvevõk megtanulhatják, hogy hogyan lehetséges memória tartalmat rögzíteni Android-ot futtató eszközökrõl, ezután pedig a minták elemzésére kerül sor a széles körben elterjedt Volatility framework segítségével.

CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp

D. Buza, F. Juhasz, Gy. Miru, M. Felegyhazi, T. Holczer

Kiss Natália Nagy Bálint Németh István Péter (Eds), Tudományos terek, pp. 9-20, DUF Press, 2014, ISBN: 9789632870755.

Bibtex

@inbook {
   author = {Daniel Buza, Ferenc Juhasz, Gyorgy Miru, Mark Felegyhazi, Tamas Holczer},
   editor = {Kiss Natália Nagy Bálint Németh István Péter (Eds)},
   title = {CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp},
   chapter = {Tudományos terek},
   pages = {9-20},
   publisher = {DUF Press},
   year = {2014},
   note = {ISBN: 9789632870755}
}

Abstract

CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot

D. Buza, F. Juhasz, Gy. Miru, M. Felegyhazi, T. Holczer

in Proceedings of SmartGridSec 2014, February 26, 2014.

Bibtex | Abstract | PDF

@article {
   author = {Daniel Buza, Ferenc Juhasz, Gyorgy Miru, Mark Felegyhazi, Tamas Holczer},
   title = {CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot},
   journal = {in Proceedings of SmartGridSec 2014},
   month = {February 26},
   year = {2014}
}

Keywords

PLC honeypot, critical infrastructures, advanced threat monitoring, industrial control systems security

Abstract

Smart grids consist of suppliers, consumers, and other parts. The main suppliers are normally supervised by industrial control sys- tems. These systems rely on programmable logic controllers (PLCs) to control industrial processes and communicate with the supervisory sys- tem. Until recently, industrial operators relied on the assumption that these PLCs are isolated from the online world and hence cannot be the target of attacks. Recent events, such as the infamous Stuxnet attack [15] directed the attention of the security and control system community to the vulnerabilities of control system elements, such as PLCs. In this paper, we design and implement the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems. This PLC honeypot can be implemented as part of a larger security monitoring system. Our honeypot implementation improves upon existing solutions in several aspects: most importantly in level of interaction and ease of configuration. Results of an evaluation show that our honeypot is largely indistinguishable from a real device from the attacker’s perspective. As a collateral of our analysis, we were able to identify some security issues in the real PLC device we tested and implemented specific firewall rules to protect the device from targeted attacks.

Efficient Apriori Based Algorithms for Privacy Preserving Frequent Itemset Mining

Sz. Lestyán, A. Csiszárik, A. Lukács

Cognitive Infocommunications (CogInfoCom), 2014 5th IEEE Conference on Cognitive Infocommunications, 2014.

Bibtex | Abstract

@article {
   author = {Szilvia Lestyan, Adrián Csiszárik, András Lukács},
   title = {Efficient Apriori Based Algorithms for Privacy Preserving Frequent Itemset Mining},
   journal = {Cognitive Infocommunications (CogInfoCom), 2014 5th IEEE Conference on Cognitive Infocommunications},
   year = {2014}
}

Abstract

Frequent Itemset Mining as one of the principal routine of data analysis and a basic tool of large scale information aggregation also bears a serous interest in Privacy Preserving Data Mining. In this paper Apriori based distributed, privacy preserving Frequent Itemset Mining algorithms are considered. Our secure algorithms are designed to fit in the Secure Multiparty Computation model of privacy preserving computation.

Retargeting Without Tracking

M.-D. Tran, G. Ács, C. Castelluccia

INRIA, 2014.

Bibtex

@techreport {
   author = {Minh-Dung Tran, Gergely Ács, Claude Castelluccia},
   title = {Retargeting Without Tracking},
   institution = {INRIA},
   year = {2014}
}

Abstract

2013

A Game-Theoretic Analysis of Content-Adaptive Steganography with Independent Embedding

P. Schöttle, A. Laszka, B. Johnson, J. Grossklags, R. Böhme

21st European Signal Processing Conference (EUSIPCO 2013), 2013, September.

Bibtex | Abstract

@conference {
   author = {Pascal Schöttle, Aron Laszka, Benjamin Johnson, Jens Grossklags, },
   title = {A Game-Theoretic Analysis of Content-Adaptive Steganography with Independent Embedding},
   booktitle = {21st European Signal Processing Conference (EUSIPCO 2013)},
   year = {2013},
   month = {September}
}

Abstract

We provide a game-theoretic analysis of a scenario from the field of content-adaptive steganography. Alice, a steganographer, wants to embed a secret message into a ran- dom binary sequence with a known distribution in which the value of each position is independently but non-identically distributed. Eve, a steganalyst, observes the sequence and wants to determine whether it contains a hidden message. Al- ice is allowed to flip binary values independently at random, with the constraint that the expected number of changes is a fixed constant. Eve may choose to classify each sequence as either unmodified (cover) or modified (stego). The payoff for Eve in the game is the probability that her classification is correct; and the payoff for Alice is the probability that Eve’s classification is incorrect, so that the game is constant-sum. We show that Eve’s best response strategy in this game can be expressed as a linear aggregation threshold formula similar to those used in practical steganalysis. We give a gen- eral formula for Alice’s best response strategy; and we com- pute explicit pure strategy equilibria for the special case of changing one bit in a length-two sequence.

A Game-Theoretic Approach to Risk Mitigation Against Targeted and Non-Targeted Covert Attacks

A. Laszka, B. Johnson, J. Grossklags

4th Conference on Decision and Game Theory for Security (GameSec 2013), 2013, November, (accepted).

Bibtex

@conference {
   author = {Aron Laszka, Benjamin Johnson, Jens Grossklags},
   title = {A Game-Theoretic Approach to Risk Mitigation Against Targeted and Non-Targeted Covert Attacks},
   booktitle = {4th Conference on Decision and Game Theory for Security (GameSec 2013)},
   year = {2013},
   month = {November},
   note = {(accepted)}
}

Abstract

A Survey of Security Issues in Hardware Virtualization

G. Pék, L. Buttyán, B. Bencsáth

ACM Computing Surveys (CSUR), vol. 45 , no. 3, June , 2013, doi:10.1145/2480741.2480757.

Bibtex | Abstract

@article {
   author = {Gábor PÉK, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {A Survey of Security Issues in Hardware Virtualization},
   journal = { ACM Computing Surveys (CSUR)},
   volume = {45 },
   number = {3},
   month = {June },
   year = {2013},
   note = {doi:10.1145/2480741.2480757}
}

Abstract

Virtualization is a powerful technology to increase the efficiency of computing services; however, besides its advantages, it also raises a number of security issues. In this paper, we provide a thorough survey of those security issues in hardware virtualization. We focus on potential vulnerabilities and existing attacks on various virtualization platforms, but we also briefly sketch some possible countermeasures. To the best of our knowledge, this is the first survey of security issues in hardware virtualization with this level of details. Moreover, the adversary model and the structuring of the attack vectors are original contributions, never published before.

Bitspotting: Detecting Optimal Adaptive Steganography

B. Johnson, P. Schöttle, A. Laszka, J. Grossklags, R. Böhme

12th International Workshop on Digital-Forensics and Watermarking (IWDW), 2013, October.

Bibtex

@conference {
   author = {Benjamin Johnson, Pascal Schöttle, Aron Laszka, Jens Grossklags, },
   title = {Bitspotting: Detecting Optimal Adaptive Steganography},
   booktitle = {12th International Workshop on Digital-Forensics and Watermarking (IWDW)},
   year = {2013},
   month = {October}
}

Abstract

Cache Privacy in Named-Data Networking

G. Ács, M. Conti, P. Gasti, C. Ghali, G. Tsudik

The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.

Bibtex

@inproceedings {
   author = {Gergely Ács, Mauro Conti, Paulo Gasti, Cesar Ghali, Gene Tsudik},
   title = {Cache Privacy in Named-Data Networking},
   booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
   publisher = {IEEE},
   year = {2013}
}

Abstract

Designing Robust Network Topologies for Wireless Sensor Networks in Adversarial Environments

A. Laszka, L. Buttyán, D. Szeszlér

Pervasive and Mobile Computing, Elsevier, vol. 9, no. 4, August, 2013, pp. 546 - 563, (http://dx.doi.org/10.1016/j.pmcj.2012.05.001).

Bibtex | Abstract

@article {
   author = {Aron Laszka, Levente BUTTYÁN, Dávid Szeszlér},
   title = {Designing Robust Network Topologies for Wireless Sensor Networks in Adversarial Environments},
   journal = {Pervasive and Mobile Computing, Elsevier},
   volume = { 9},
   number = {4},
   month = {August},
   year = {2013},
   pages = {546 - 563},
   note = {(http://dx.doi.org/10.1016/j.pmcj.2012.05.001)}
}

Abstract

In this paper, we address the problem of deploying sink nodes in a wireless sensor network such that the resulting network topology be robust. In order to measure network robustness, we propose a new metric, called persistence, which better captures the notion of robustness than the widely known connectivity based metrics. We study two variants of the sink deployment problem: sink selection and sink placement. We prove that both problems are NP-hard, and show how the problem of sink placement can be traced back to the problem of sink selection using an optimal search space reduction te chnique, which may be of independent interest. To solve the problem of sink selection, we propose efficient heuristic algorithms. Finally, we provide experim ental results on the performance of our proposed algorithms.

eNeMI: Evading the state-of-the-art hardware protection of I/O virtualization

G. Pék

Presentation at Hactivity Conference, October, 2013.

Bibtex | Abstract

@misc {
   author = {Gábor PÉK},
   title = {eNeMI: Evading the state-of-the-art hardware protection of I/O virtualization},
   howpublished = {Presentation at Hactivity Conference},
   month = {October},
   year = {2013}
}

Keywords

hardware virtualization

Abstract

Direct-device assignment is one of the most controversial issues in hardware virtualization, as it allows for using devices almost at native speed, however, raises many security problems. As most of these issues can be evaded by properly configured system software and hardware, the security issues of that area seemed to be solved. At the same time, virtual instances with direct-device assignment are publicly available via various cloud providers, so the security issues have to be examined in more details. In my presentation, an interesting vulnerability is going to be detailed which is not a simple software bug, but an example for an issue on how to handle improperly a hardware-level mechanism: the interrupt generation.

Hiding Information in Social Networks from De-anonymization Attacks by Using Identity Separation

G. Gy. Gulyás, S. Imre

In: Proc. of the 14th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2013), 2013, Springer, September.

Bibtex | Abstract

@conference {
   author = {Gábor György Gulyás, Sándor Imre},
   title = {Hiding Information in Social Networks from De-anonymization Attacks by Using Identity Separation},
   booktitle = { In: Proc. of the 14th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2013)},
   year = {2013},
   publisher = {Springer},
   month = {September}
}

Abstract

Social networks allow their users to mark their pro le attributes, relationships as private in order to guarantee privacy, although private information get occasionally published within sanitized datasets o ered to third parties, such as business partners. Today, powerful de-anonymization attacks exist that enable the nding of corresponding nodes within these datasets and public network data (e.g., crawls of other networks) solely by considering structural information. In this paper, we propose an identity management technique, namely identity separation, as a tool for hiding information from attacks aiming to achieve large-scale re-identi cation. By simulation experiments we compare the protective strength of identity management to the state-of-the-art attack. We show that while a large fraction of participating users are required to repel the attack, with the proper settings it is possible to e ectively hide information, even for a handful of users. In addition, we propose a user-controllable method based on decoy nodes, which turn out to be successful for information hiding as at most 3.33% of hidden nodes are revealed in our experiments.

Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts

G. Pék

Xen Security Advisory CVE-2013-3495 / XSA-59, 2013.

Bibtex | Abstract

@misc {
   author = {Gábor PÉK},
   title = {Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts},
   howpublished = {Xen Security Advisory CVE-2013-3495 / XSA-59},
   year = {2013}
}

Abstract

Message Signaled Interrupts (MSI) interrupts on Intel platforms are defined as DWORD writes to a special address location (0xFEE?????). MSIs on Intel Platforms supporting VT-d have two defined formats - Remappable format interrupts, and Compatibility (not remappable) format interrupts, based on the format of their data payload. Remappable interrupts are subject to interrupt-remapping protection checks, while compatibility format interrupts are not. For protection reasons, host software disables compatibility format interrupts (causing them to be blocked by interrupt translation hardware) and manages the remappable interrupts through programming of interrupt-remapping table entries. Malformed MSIs are transactions to the special (0xFEE?????) address range that do not have proper attributes of MSI requests (e.g., size of request is invalid). Such malformed transactions are detected and aborted by the platform, before they are subject to further interrupt remapping/processing. For RAS purposes, some platforms may be configured to support System Error Reporting (SERR) capability. These platforms raise a PCI system error (SERR#) due to Unsupported Request, which are typically delivered as Non-Maskable Interrupts (NMI), to report such errors to software. Depending on hypervisor and Dom0 kernel configuration, such an NMI may be handled by the hypervisor/Dom0 or can result in a host software halt ("panic"). On platforms with SERR enabled, such malformed MSI requests can be generated by guest OS with an assigned device, causing hypervisor/Dom0 receive NMI despite using VT-d and interrupt remapping for device assignment.

Interdependent Privacy: Let Me Share Your Data

G. Biczók, P. Chia

Financial Cryptography & Data Security, Springer, 2013.

Bibtex | Abstract

@inproceedings {
   author = {Gergely Biczók, Pern Hui Chia},
   title = {Interdependent Privacy: Let Me Share Your Data},
   booktitle = {Financial Cryptography & Data Security},
   publisher = {Springer},
   year = {2013}
}

Abstract

Users share massive amounts of personal information and opinion with each other and different service providers every day. In such an interconnected setting, the privacy of individual users is bound to be affected by the decisions of others, giving rise to the phenomenon which we term as interdependent privacy. In this paper we define online privacy interdependence, show its existence through a study of Facebook application permissions, and model its impact through an Interdependent Privacy Game (IPG). We show that the arising negative externalities can steer the system into equilibria which are inefficient for both users and platform vendor. We also discuss how the underlying incentive misalignment, the absence of risk signals and low user awareness contribute to unfavorable outcomes.

Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats

A. Laszka, B. Johnson, P. Schöttle, J. Grossklags, R. Böhme

The 18th European Symposium on Research in Computer Security (ESORICS 2013) , 2013, September.

Bibtex | Abstract

@conference {
   author = {Aron Laszka, Benjamin Johnson, Pascal Schöttle, Jens Grossklags, },
   title = {Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats},
   booktitle = {The 18th European Symposium on Research in Computer Security (ESORICS 2013) },
   year = {2013},
   month = {September}
}

Abstract

We introduce a two-player stochastic game for modeling secure team selection to add resilience against insider threats. A project manager, Alice, has a secret she wants to protect but must share with a team of individuals selected from within her organization; while an adversary, Eve, wants to learn this secret by bribing one potential team member. Eve does not know which individuals will be chosen by Alice, but both players have information about the bribeability of each potential team member. Speci cally, the amount required to successfully bribe each such individual is given by a random variable with a known distribution but an unknown realization. We characterize best-response strategies for both players, and give nec- essary conditions for determining the game's equilibria. We nd that Alice's best strategy involves minimizing the information available to Eve about the team composition. In particular, she should select each potential team member with a non-zero probability, unless she has a per- fectly secure strategy. In the special case where the bribeability of each employee is given by a uniformly-distributed random variable, the equilibria can be divided into two outcomes {either Alice is perfectly secure, or her protection is based only on the randomness of her selection.

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

A. Laszka, B. Johnson, J. Grossklags

9th Conference on Web and Internet Economics (WINE), 2013, December.

Bibtex

@conference {
   author = {Aron Laszka, Benjamin Johnson, Jens Grossklags},
   title = {Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks},
   booktitle = {9th Conference on Web and Internet Economics (WINE)},
   year = {2013},
   month = {December}
}

Abstract

On formal and automatic security verification of WSN transport protocols

T. V. Thong, L. Buttyán, A. Dvir

ISRN Sensor Networks Journal, Hindawi, December, 2013, In Press.

Bibtex

@article {
   author = {Ta Vinh Thong, Levente BUTTYÁN, Amit Dvir},
   title = {On formal and automatic security verification of WSN transport protocols },
   journal = {ISRN Sensor Networks Journal, Hindawi},
   month = {December},
   year = {2013},
   note = {In Press}
}

Abstract

Quantifying All-to-One Network Topology Robustness Under Budget Constraints

A. Laszka, A. Gueye

The joint Workshop on Pricing and Incentives in Networks and Systems, 2013, June.

Bibtex | Abstract

@conference {
   author = {Aron Laszka, Assane Gueye},
   title = {Quantifying All-to-One Network Topology Robustness Under Budget Constraints},
   booktitle = {The joint Workshop on Pricing and Incentives in Networks and Systems},
   year = {2013},
   month = {June}
}

Abstract

To design robust network topologies that resist strategic at- tacks, one must rst be able to quantify robustness. In a recent line of research, the theory of network blocking games has been used to derive robustness metrics for topologies. However, these previous works did not consider the bud- get constraints of the network operator. In this paper, we introduce a budget limit on the operator and study two bud- get constraint formulations: the maximum and the expected cost constraints. For practical applications, the greatest challenge posed by blocking games is their computational complexity. Therefore, we show that the expected cost con- straint formulation leads to games that can be solved e- ciently, while the maximum cost constraint leads to NP-hard problems. As an illustrative example, this paper discusses the particular case of All-to-One (e.g., sensor or access) net- works

Quantifying Network Topology Robustness Under Budget Constraints: General Model and Computational Complexity

A. Laszka, A. Gueye

4th Conference on Decision and Game Theory for Security (GameSec 2013), 2013, November, (accepted).

Bibtex

@conference {
   author = {Aron Laszka, Assane Gueye},
   title = {Quantifying Network Topology Robustness Under Budget Constraints: General Model and Computational Complexity},
   booktitle = {4th Conference on Decision and Game Theory for Security (GameSec 2013)},
   year = {2013},
   month = {November},
   note = {(accepted)}
}

Abstract

Research and Development in E-Business through Service-Oriented Solutions

B. Károly, Á. M. Földes, G. Gy. Gulyás, S. Imre

Katalin Tarnay, Lai Xu, Sandor Imre, Tracking and Fingerprinting in E-Business: New Storageless Technologies and Coun, pp. 134-166, IGI Global, 2013.

Bibtex | Abstract

@inbook {
   author = {Károly Boda, Ádám Máté Földes, Gábor György Gulyás, Sándor Imre},
   editor = {Katalin Tarnay, Lai Xu, Sandor Imre},
   title = {Research and Development in E-Business through Service-Oriented Solutions},
   chapter = {Tracking and Fingerprinting in E-Business: New Storageless Technologies and Coun},
   pages = {134-166},
   publisher = {IGI Global},
   year = {2013}
}

Abstract

Online user tracking is a widely used marketing tool in e-business, even though it is often neglected in the related literature. In this chapter, the authors provide an exhaustive survey of tracking-related identification techniques, which are often applied against the will and preferences of the users of the Web, and therefore violate their privacy one way or another. After discussing the motivations behind the information-collecting activities targeting Web users (i.e., profiling), and the nature of the information that can be collected by various means, the authors enumerate the most important techniques of the three main groups of tracking, namely storage-based tracking, history stealing, and fingerprinting. The focus of the chapter is on the last, as this is the field where both the techniques intended to protect users and the current legislation are lagging behind the state-of-the-art technology; nevertheless, the authors also discuss conceivable defenses, and provide a taxonomy of tracking techniques, which, to the authors’ knowledge, is the first of its kind in the literature. At the end of the chapter, the authors attempt to draw the attention of the research community of this field to new tracking methods.

SDTP+: Securing a Distributed Transport Protocol for WSNs using Merkle Trees and Hash Chains

A. Dvir, L. Buttyán, T. V. Thong

IEEE International Confenrence on Communications (ICC), 2013, pp. 1-6, Budapest, Hungary, June.

Bibtex | Abstract

@conference {
   author = {Amit Dvir, Levente BUTTYÁN, Ta Vinh Thong},
   title = {SDTP+: Securing a Distributed Transport Protocol for WSNs using Merkle Trees and Hash Chains},
   booktitle = {IEEE International Confenrence on Communications (ICC)},
   year = {2013},
   pages = {1-6},
   address = {Budapest, Hungary},
   month = {June}
}

Abstract

Transport protocols for Wireless Sensor Networks (WSNs) are designed to fulfill both reliability and energy effi- ciency requirements. Distributed Transport for Sensor Networks (DTSN)is one of the most promising transport protocols designed for WSNs because of its effectiveness; however, it does not address any security issues, hence it is vulnerable to many attacks. The first secure transport protocol for WSN was the secure distributed transport protocol (SDTP) [2], which is a security extension of DTSN. Unfortunately, it turns out that the security methods provided by SDTP are not sufficient; some tricky attacks get around the protection mechanism. In this paper, we describe the security gaps in the SDTP protocol, and we introduce SDTP+ for patching the weaknesses. We show that SDTP+ resists attacks on reliability and energy efficiency of the protocol, and also present an overhead analysis for showing its effectiveness.

Technical Trends in Recent Targeted Attacks

G. Pék, B. Bencsáth, L. Buttyán, M. Felegyhazi

Presentation at Power of Community (POC 2013, Seoul, South Korea), November, 2013.

Bibtex

@misc {
   author = {Gábor PÉK, Boldizsár Bencsáth, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Technical Trends in Recent Targeted Attacks },
   howpublished = {Presentation at Power of Community (POC 2013, Seoul, South Korea)},
   month = {November},
   year = {2013}
}

Abstract

2012

A Machine Learning Based Approach for Predicting Undisclosed Attributes in Social Networks

G. Kótyuk, L. Buttyán

Proceedings of the IEEE Workshop on SEcurity and SOCial Networking (SESOC), IEEE, IEEE, Lugano, Switzerland, March, 2012, pp. 1-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Kótyuk, Levente BUTTYÁN},
   title = {A Machine Learning Based Approach for Predicting Undisclosed Attributes in Social Networks},
   booktitle = {Proceedings of the IEEE Workshop on SEcurity and SOCial Networking (SESOC)},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Lugano, Switzerland},
   month = {March},
   year = {2012},
   pages = {1-6}
}

Keywords

social networks, privacy, machine learning

Abstract

Online Social Networks have gained increased popularity in recent years. However, besides their many advanteges, they also represent privacy risks for the users. In order to control access to their private information, users of OSNs are typically allowed to set the visibility of their profile attributes, but this may not be sufficient, beacuse visible attributes, friendship relationships, and group memberships can be used to infer private information. In this paper, we propose a fully automated approach based on machine learning for inferring undisclosed attributes of OSN users. Our method can be used for both classification and regression tasks, and it makes large scale privacy attacks feasible. We also provide experimental results showing that our method achieves good performance in practice.

A Survey of Interdependent Security Games

A. Laszka, M. Felegyhazi, L. Buttyán

no. CRYSYS-TR-2012-11-15, CrySyS Lab, BME, Nov, 2012.

Bibtex | Abstract | PDF

@techreport {
   author = {Aron Laszka, Mark Felegyhazi, Levente BUTTYÁN},
   title = {A Survey of Interdependent Security Games},
   number = {CRYSYS-TR-2012-11-15},
   institution = {CrySyS Lab, BME},
   month = {Nov},
   year = {2012}
}

Keywords

interdependent security, security economics, security games

Abstract

Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the security-related decisions of other connected systems. Therefore, defending networked systems relies on the correlated action of the system operators or users. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies and present solution methods. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community.

A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability

A. Grilo, A. Casaca, P. Pereira, L. Buttyán, J. Goncalves, C. Fortunato

Euro-NF Conference on Next Generation Internet (NGI), IEEE, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Antonio M. Grilo, Augusto Casaca, Paulo Pereira, Levente BUTTYÁN, José Goncalves, Carlos Fortunato},
   title = {A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability},
   booktitle = {Euro-NF Conference on Next Generation Internet (NGI)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

This paper presents an overview of a Wireless Sensor and Actuator Network (WSAN) used to monitor an electrical power grid distribution infrastructure. The WSAN employs appropriate sensors to monitor key grid components, integrating both safety and security services, which improve the grid distribution dependability. The supported applications include, among others, video surveillance of remote secondary substations, which imposes special requirements from the point of view of quality of service and reliability. The paper presents the hardware and software architecture of the system together with performance results.

Célzott informatikai támadások napjainkban

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

Budapest New Tech Meetup, Budapest, Hungary., December, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Célzott informatikai támadások napjainkban},
   howpublished = {Budapest New Tech Meetup, Budapest, Hungary.},
   month = {December},
   year = {2012}
}

Abstract

Critical Infrastructure Security: Assessment, Prevention, Detection, Response

P. Langendoerfer, L. Buttyán, A. Casaca, E. Osipov, A. Hessler, C. Castelluccia, A. Alkassar

F. Flammini (ed), Wireless Sensor Networks for Critical Infrastructure Protection, pp. 155-167, WIT Press, 2012.

Bibtex

@inbook {
   author = {Peter Langendoerfer, Levente BUTTYÁN, Augusto Casaca, Evgeny Osipov, Alban Hessler, Claude Castelluccia, Ammar Alkassar},
   editor = {F. Flammini (ed)},
   title = {Critical Infrastructure Security: Assessment, Prevention, Detection, Response},
   chapter = {Wireless Sensor Networks for Critical Infrastructure Protection},
   pages = {155-167},
   publisher = {WIT Press},
   year = {2012}
}

Abstract

Cryptography: The strongest link in the chain

L. Buttyán, B. Bencsáth

Hackin9 Extra, vol. 8, no. 1, January, 2012, pp. 8-11.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {Cryptography: The strongest link in the chain},
   journal = {Hackin9 Extra},
   volume = {8},
   number = {1},
   month = {January},
   year = {2012},
   pages = {8-11}
}

Abstract

IT security architectures that use cryptographic elements sometimes fail, but it is rarely cryptography to blame. The reason is more often the use of cryptography in an inappropriate way, or the use of algorithms that do not really qualify as cryptographic. High quality cryptography is in fact the strongest link in the chain, and there are good reasons for that.

Differentially Private Histogram Publishing through Lossy Compression

G. Ács, R. Chen, C. Castelluccia

IEEE International Conference on Data Mining (ICDM), IEEE, 2012.

Bibtex

@inproceedings {
   author = {Gergely Ács, Rui Chen, Claude Castelluccia},
   title = {Differentially Private Histogram Publishing through Lossy Compression},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

Differentially Private Sequential Data Publication via Variable-Length N-Grams

R. Chen, G. Ács, C. Castelluccia

In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Rui Chen, Gergely Ács, Claude Castelluccia},
   title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
   booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

Digital Identity and Access Management: Technologies and Frameworks

G. Gy. Gulyás, R. Schulcz, S. Imre

Dr Raj Sharman, Dr. Sanjukta Das Smith, Manish Gupta, Separating Private and Business Identities, pp. 114-132, IGI Global, 2012.

Bibtex | Abstract

@inbook {
   author = {Gábor György Gulyás, Róbert Schulcz, Sándor Imre},
   editor = {Dr Raj Sharman, Dr. Sanjukta Das Smith, Manish Gupta},
   title = {Digital Identity and Access Management: Technologies and Frameworks},
   chapter = {Separating Private and Business Identities},
   pages = {114-132},
   publisher = {IGI Global},
   year = {2012}
}

Abstract

As various information technologies are penetrating everyday life, private and business matters inevitably mingle. Separating private and business past records, public information, actions or identities may, however, be crucial for an employee in certain situations. In this chapter we review the interrelated areas of employee privacy, and analyze in detail two areas of special importance from the viewpoint of the separation: web and social network privacy. In relation to these areas we discuss threats and solutions in parallel, and besides surveying the relevant literature, we also present current Privacy Enhancing Technologies applicable in each area. Additionally, we briefly review other means of workplace surveillance, providing some insight into the world of smartphones, where we expect the rise of new privacy-protecting technologies as these devices are getting capable of taking over the functions of personal computers.

Duqu, Flame, Gauss - new challenges for a new era

B. Bencsáth, L. Buttyán, M. Felegyhazi, G. Pék

EuroNOG 2012 conference, Budapest, 10-11 Sept 2012, September, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Mark Felegyhazi, Gábor PÉK},
   title = {Duqu, Flame, Gauss - new challenges for a new era },
   howpublished = {EuroNOG 2012 conference, Budapest, 10-11 Sept 2012},
   month = {September},
   year = {2012}
}

Abstract

Duqu: Analysis, Detection, and Lessons Learned

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

ACM European Workshop on System Security (EuroSec), ACM, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Duqu: Analysis, Detection, and Lessons Learned},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   year = {2012}
}

Abstract

In September 2011, a European company sought our help to investigate a security incident that happened in their IT system. During the investigation, we discovered a new malware that was unknown to all mainstream anti-virus products, however, it showed striking similarities to the infamous Stuxnet worm. We named the new malware Duqu, and we carried out its rst analysis. Our ndings led to the hypothesis that Duqu was probably created by the same people who developed Stuxnet, but with a di erent purpose: unlike Stuxnet whose mission was to attack industrial equipment, Duqu is an information stealer rootkit. Nevertheless, both pieces of malware have a modular structure, and they can be re-con gured remotely from a Command and Control server to include virtually any kind of functionality. In this paper, we present an abridged version of our initial Duqu analysis, which is available in a longer format as a technical report. We also describe the Duqu detector toolkit, a set of heuristic tools that we developed to detect Duqu and its variants. Finally, we discuss a number of issues that we learned, observed, or identi ed during our Duqu analysis project concerning the problems of preventing, detecting, and handling targeted malware attacks; we believe that solving these issues represents a great challenge to the system security community.

Game-theoretic Robustness of Many-to-one Networks

A. Laszka, D. Szeszlér, L. Buttyán

3rd International Conference on Game Theory for Networks (GameNets), 2012, May.

Bibtex | Abstract

@conference {
   author = {Aron Laszka, Dávid Szeszlér, Levente BUTTYÁN},
   title = {Game-theoretic Robustness of Many-to-one Networks},
   booktitle = {3rd International Conference on Game Theory for Networks (GameNets)},
   year = {2012},
   month = {May}
}

Abstract

In this paper, we study the robustness of networks that are characterized by many-to-one communications (e.g., access networks and sensor networks) in a game-theoretic model. More speci cally, we model the interactions between a network operator and an adversary as a two player zero-sum game, where the network operator chooses a spanning tree in the network, the adversary chooses an edge to be removed from the network, and the adversary's payo is proportional to the number of nodes that can no longer reach a designated node through the spanning tree. We show that the payo in every Nash equilibrium of the game is equal to the reciprocal of the persistence of the network. We describe optimal adversarial and operator strategies and give efficient, polynomial time algorithms to compute optimal strategies. We also generalize our game model to include varying node weights, as well as attacks against nodes.

Linear Loss Function for the Network Blocking Game: An Efficient Model for Measuring Network Robustness and Link Criticality

A. Laszka, D. Szeszlér, L. Buttyán

3rd Conference on Decision and Game Theory for Security (GameSec 2012), LNCS , November, 2012, pp. 152-170, Volume 7638.

Bibtex | Abstract

@inproceedings {
   author = {Aron Laszka, Dávid Szeszlér, Levente BUTTYÁN},
   title = {Linear Loss Function for the Network Blocking Game: An Efficient Model for Measuring Network Robustness and Link Criticality},
   booktitle = {3rd Conference on Decision and Game Theory for Security (GameSec 2012)},
   publisher = {LNCS },
   month = {November},
   year = {2012},
   pages = {152-170},
   note = {Volume 7638}
}

Abstract

In order to design robust networks, first, one has to be able to measure robustness of network topologies. In [1], a game-theoretic model, the network blocking game, was proposed for this purpose, where a network operator and an attacker interact in a zero-sum game played on a network topology, and the value of the equilibrium payoff in this game is interpreted as a measure of robustness of that topology. The payoff for a given pair of pure strategies is based on a loss-in-value function. Besides measuring the robustness of network topologies, the model can be also used to identify critical edges that are likely to be attacked. Unfortunately, previously proposed loss-in-value functions are either too simplistic or lead to a game whose equilibrium is not known to be computable in polynomial time. In this paper, we propose a new, linear loss-in-value function, which is meaningful and leads to a game whose equilibrium is efficiently computable. Furthermore, we show that the resulting game-theoretic robustness metric is related to the Cheeger constant of the topology graph, which is a well-known metric in graph theory.

Measuring Local Topological Anonymity in Social Networks

G. Gy. Gulyás, S. Imre

In: Privacy in Social Data Workshop in conjunction with the 11th IEEE International Conference on Data Mining, IEEE, Brussels, Belgium, December, 2012, pp. 563-570.

Bibtex | Abstract

@inproceedings {
   author = {Gábor György Gulyás, Sándor Imre},
   title = {Measuring Local Topological Anonymity in Social Networks},
   booktitle = {In: Privacy in Social Data Workshop in conjunction with the 11th IEEE International Conference on Data Mining},
   publisher = {IEEE},
   address = {Brussels, Belgium},
   month = {December},
   year = {2012},
   pages = {563-570}
}

Abstract

Service providers of social network based services release their sanitized graph structure for third parties (e.g., business partners) from time to time. However, as these releases contain valuable information additionally to what is publicly available in the network, these may be targeted by reidentification attacks, i.e., where an attacker tries to recover the identities of the nodes that were removed during the sanitization process. One powerful type of these, called structural re-identification attacks consider only structural properties, and work according to a specific strategy: first they re-identify some nodes by their globally unique properties, and then in an optional second phase, nodes related to these are reidentified by their locally unique properties. Global reidentifiability or global node anonymity is a well studied concept, however, node anonymity for local re-identification has not yet been analyzed. Therefore in this paper, after discussing the related literature on anonymity and re-identification, we introduce the novel term of Local Topological Anonymity (LTA), which describes the resistant power of a node against local re-identification attacks, or, in other words, indicates how well the node is structurally hidden in her neighborhood. Regarding these attacks in the literature, we propose three measure variants of LTA based on structural similarity measures, and evaluate them by visual inspection and simulation in multiple networks. We show that one of the proposed measures provides good prediction on local node re-identifiability as there is correlation between the LTA values and the re-identification statistics provided by the state-of-the-art algorithm.

Query Auditing for Protecting Max/Min Values of Sensitive Attributes in Statistical Databases

T. V. Thong, L. Buttyán

9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus), Springer LNCS, July, 2012, pp. 1-15.

Bibtex | Abstract

@inproceedings {
   author = {Ta Vinh Thong, Levente BUTTYÁN},
   title = {Query Auditing for Protecting Max/Min Values of Sensitive Attributes in Statistical Databases},
   booktitle = {9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus)},
   publisher = {Springer LNCS},
   month = {July},
   year = {2012},
   pages = {1-15}
}

Keywords

Query Auditing, Statistical databases, Full disclosure, Partial disclosure, MIN, MAX aggregation queries

Abstract

In this paper, we de ne a novel setting for query auditing, where instead of detecting or preventing the disclosure of individual sensitive values, we want to detect or prevent the disclosure of aggregate values in the database. More speci cally, we study the problem of detecting or preventing the disclosure of the maximum (minimum) value in the database, when the querier is allowed to issue average queries to the database. We propose efficient o ffline and online query auditors for this problem in the full disclosure model, and an ecient simulatable online query auditor in the partial disclosure model.

Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey

P. Schaffer, K. Farkas, Á. Horváth, T. Holczer, L. Buttyán

accepted for publication in Elsevier Computer Networks, 2012.

Bibtex | Abstract

@article {
   author = {Peter Schaffer, Károly Farkas, Ádám Horváth, Tamas Holczer, Levente BUTTYÁN},
   title = {Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey},
   journal = {accepted for publication in Elsevier Computer Networks},
   year = {2012}
}

Abstract

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols inWSNs with special emphasis on security and reliability issues. First, we define the taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols.

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

In collaboration with the sKyWIper Analysis Team , 2012.

Bibtex | PDF

@techreport {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks},
   institution = {In collaboration with the sKyWIper Analysis Team },
   year = {2012}
}

Abstract

Targeted attacks against Critical infrastructure: Stuxnet and beyond

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012, April, 2012, London.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Targeted attacks against Critical infrastructure: Stuxnet and beyond},
   howpublished = {SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012},
   month = {April},
   year = {2012},
   note = {London}
}

Abstract

Targeted Attacks of Recent Times

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico, February, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Targeted Attacks of Recent Times },
   howpublished = {Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico},
   month = {February},
   year = {2012}
}

Abstract

Technical analysis and information sharing in the handling of high-profile targeted attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012, June, 2012, Barcelona, Spain.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Technical analysis and information sharing in the handling of high-profile targeted attacks },
   howpublished = {2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012},
   month = {June},
   year = {2012},
   note = {Barcelona, Spain}
}

Abstract

The BIZ Top-Level Domain: Ten Years Later

T. Halvorson, J. Szurdi, G. Maier, M. Felegyhazi, C. Kreibich, N. Weaver, K. Levchenko, V. Paxson

in Proceedings of Passive Active Measurements (PAM 2012), PAM 2012, Vienna, Austria, March 12-14, 2012.

Bibtex | Abstract

@inproceedings {
   author = {, Szurdi János, Gregor Maier, Mark Felegyhazi, , , , },
   title = {The BIZ Top-Level Domain: Ten Years Later},
   booktitle = {in Proceedings of Passive Active Measurements (PAM 2012)},
   publisher = {PAM 2012},
   address = {Vienna, Austria},
   month = {March 12-14},
   year = {2012}
}

Abstract

On May 15, 2001 ICANN announced the introduction of the biz and info generic top-level domains (gTLDs)—the first new gTLDs since the inception of the Domain Name System—aiming to “increase consumer choice and create opportunities for entities that have been shut out under the current name structure.” The biz gTLD, in particular, was to become an alternative to the popular com top-level domain. In this paper we examine the current usage of the biz gTLD in order to determine whether it has evolved into the role intended by ICANN, and whether concerns expressed in the early discussions of this expansion have been justified. In particular, using DNS zone files, DNS probing, and Web crawler data, we attempt to answer the question of whether biz has become a viable alternative to com, giving trademark holders who find themselves unable to register a com name an attractive alternative; or whether it has merely induced defensive registrations by existing trademark holders who already had equivalent com domains

The cousins of Stuxnet: Duqu, Flame, Gauss, …

L. Buttyán, B. Bencsáth, G. Pék, M. Felegyhazi

ISCD 2012, Balatonöszöd, 3-4 Sep., September, 2012.

Bibtex

@misc {
   author = {Levente BUTTYÁN, Boldizsár Bencsáth, Gábor PÉK, Mark Felegyhazi},
   title = {The cousins of Stuxnet: Duqu, Flame, Gauss, …},
   howpublished = {ISCD 2012, Balatonöszöd, 3-4 Sep.},
   month = {September},
   year = {2012}
}

Abstract

The Cousins of Stuxnet: Duqu, Flame, and Gauss

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

Future Internet 2012, 4(4), doi:10.3390/fi4040971, 2012, pp. 971-1003, doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet.

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {The Cousins of Stuxnet: Duqu, Flame, and Gauss},
   journal = {Future Internet 2012, 4(4), doi:10.3390/fi4040971},
   year = {2012},
   pages = {971-1003},
   note = {doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet}
}

Abstract

Stuxnet was the first targeted malware that received worldwide attention forcausing physical damage in an industrial infrastructure seemingly isolated from the onlineworld. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. Wedescribe our contributions in the investigation ranging from the original detection of Duquvia finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in thesense that it used advanced cryptographic techniques to masquerade as a legitimate proxyfor the Windows Update service. We also present the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can onlybe decrypted on its target system; hence, the research community has not yet been able to analyze this module. For this particular malware, we designed a Gauss detector serviceand we are currently collecting intelligence information to be able to break its very specialencryption mechanism. Besides explaining the operation of these pieces of malware, wealso examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available tools. Finally, we discuss lessonsthat the community can learn from these incidents. We focus on technical issues, and avoidspeculations on the origin of these threats and other geopolitical questions.

Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks

L. Buttyán, T. Holczer

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), IEEE, June, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer},
   title = {Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks},
   booktitle = {IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN)},
   publisher = {IEEE},
   month = {June},
   year = {2012}
}

Abstract

In this paper, we study the problem of traffic analysis attacks in wireless body area sensor networks. When these networks are used in health-care for remote patient monitoring, traffic analysis can reveal the type of medical sensors mounted on the patient, and this information may be used to infer the patient’s health problems. We show that simple signal processing methods can be used effectively for performing traffic analysis attacks and identifying the sensor types in a rather weak adversary model. We then investigate possible traffic obfuscation mechanisms aiming at hiding the regular patterns in the observable wireless traffic. Among the investigated countermeasures, traffic shaping, a mechanism that introduces carefully chosen delays for message transmissions, appears to be the best choice, as it achieves close to optimal protection and incurs no overhead.

You Are What You Like! Information Leakage Through Users Interests

A. Chaabane, G. Ács, M. Ali Kaafar

In 19th Annual Network & Distributed System Security Symposium (NDSS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Abdelberi Chaabane, Gergely Ács, Mohamed Ali Kaafar},
   title = {You Are What You Like! Information Leakage Through Users Interests},
   booktitle = {In 19th Annual Network & Distributed System Security Symposium (NDSS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

2011

Duqu: A Stuxnet-like malware found in the wild

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

BME CrySyS Lab., October, 2011., First published in cut-down form as appendix to the Duqu report of Symantec.

Bibtex

@techreport {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Duqu: A Stuxnet-like malware found in the wild},
   institution = {BME CrySyS Lab.},
   month = {October},
   year = {2011.},
   note = {First published in cut-down form as appendix to the Duqu report of Symantec}
}

Abstract

Targeted attacks of recent days

B. Bencsáth, L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011..

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {Targeted attacks of recent days},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011.}
}

Abstract

A Secure Distributed Transport Protocol for Wireless Sensor Networks

L. Buttyán, A. Grilo

Proceedings of the IEEE International Confenrence on Communications (ICC), IEEE, Kyoto, Japan, June 5-9, 2011, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, Antonio M. Grilo},
   title = {A Secure Distributed Transport Protocol for Wireless Sensor Networks},
   booktitle = {Proceedings of the IEEE International Confenrence on Communications (ICC)},
   publisher = {IEEE},
   address = {Kyoto, Japan},
   month = {June 5-9},
   year = {2011},
   pages = {1-6}
}

Abstract

We propose a secure distributed transport protocol for wireless sensor networks that resists against attacks on the reliability service provided by the protocol, as well as against energy depleting attacks. Our protocol is based on the Distributed Transport for Sensor Networks (DTSN) protocol, to which we add a security extension that consists in an efficient, symmetric key based authentication scheme for control packets. Besides describing the operation of our protocol, we also provide its analysis in terms of security and overhead.

Analysis of Identity Separation Against a Passive Clique-Based De-anonymization Attack

G. Gy. Gulyás, S. Imre

Infocommunications journal, vol. 4, no. 3, December, 2011, pp. 11-20.

Bibtex | Abstract

@article {
   author = {Gábor György Gulyás, Sándor Imre},
   title = {Analysis of Identity Separation Against a Passive Clique-Based De-anonymization Attack},
   journal = {Infocommunications journal},
   volume = {4},
   number = {3},
   month = {December},
   year = {2011},
   pages = {11-20}
}

Abstract

Most of today’s online social networking services have a flat structure, i.e., these services only allow a single choice of connection type (usually called “friends”) for their users, and lack the functionality of identity separation. However, identity partitioning allows users to group their contacts, to share different or even diverse information, and therefore offer privacy protection against third parties looking to re-identify users in sanitized social graph data. In this paper, we analyze the protective strength of identity separation against these types of structural de-anonymization attacks by introducing a statistical user behavior model and defining attack failure probability formally. It turns out from simulations and the parameter analysis of the model that in case of even a relatively small number of users applying identity separation, an attacker is likely to fail.

Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks

T. Holczer, L. Buttyán

International Journal of Distributed Sensor Networks, 2011, pp. 1-18, Article ID 828414.

Bibtex | Abstract | PDF

@article {
   author = {Tamas Holczer, Levente BUTTYÁN},
   title = {Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   year = {2011},
   pages = {1-18},
   note = {Article ID 828414}
}

Abstract

In mission critical cyber-physical systems, dependability is an important requirement at all layers of the system architecture. In this paper, we propose protocols that increase the dependability of wireless sensor networks, which are potentially useful building blocks in cyber physical systems. More specifically, we propose two private aggregator node election protocols, a private data aggregation protocol, and a corresponding private query protocol for sensor networks that allow for secure in-network data aggregation by making it difficult for an adversary to identify and then physically disable the designated aggregator nodes. Our advanced protocols resist strong adversaries that can physically compromise some nodes.

Backpressure Approach for Bypassing Jamming Attacks in Wireless Sensor Networks

A. Dvir, L. Buttyán

IEEE INFOCOM, Demo/Posters, Shanghai, China, April 11-15, 2011, pp. 1.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Amit Dvir, Levente BUTTYÁN},
   title = {Backpressure Approach for Bypassing Jamming Attacks in Wireless Sensor Networks},
   publisher = {IEEE INFOCOM, Demo/Posters},
   address = {Shanghai, China},
   month = {April 11-15},
   year = {2011},
   pages = {1}
}

Abstract

The wireless medium used by sensor networks makes it easy for adversaries to launch jamming attacks that can block communication. In order to bypass the jamming area, tree-based routing protocols need to reconstruct the tree, a path or choosing new parent which is time consuming. In addition, bypassing congests the nodes at the border of the jamming area. In this paper, we present and implement a recovery algorithm based on a weighted backpressure function that bypasses the jamming area by spreading the congestion over a large subset of the sensor nodes, while no tree reconstruction and mapping of the jamming area are needed. As future work, we will implement and simulate our recovery algorithm using the IPv6 Routing Protocol for Low-power and Lossy Networks (RPL).

CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap

L. Buttyán, M. Felegyhazi, B. Bencsáth

Proceedings of the First SysSec Workshop SysSec 2011, SysSec, Amsterdam, The Netherlands, July 6, 2011, pp. 73-76.

Bibtex | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Mark Felegyhazi, Boldizsár Bencsáth},
   title = {CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap},
   booktitle = {Proceedings of the First SysSec Workshop SysSec 2011},
   publisher = {SysSec},
   address = { Amsterdam, The Netherlands},
   month = {July 6},
   year = {2011},
   pages = {73-76}
}

Abstract

Cryptography - the strongest chain element in the practice of cyber security

B. Bencsáth, L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {Cryptography - the strongest chain element in the practice of cyber security},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011}
}

Abstract

Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes

L. Buttyán, L. Czap, I. Vajda

IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, November/December, 2011.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, László CZAP, István VAJDA},
   title = {Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes},
   journal = {IEEE Transactions on Dependable and Secure Computing},
   volume = {8},
   number = {6},
   month = {November/December},
   year = {2011}
}

Abstract

We address the problem of pollution attacks in coding based distributed storage systems. In a pollution attack, the adversary maliciously alters some of the stored encoded packets, which results in the incorrect decoding of a large part of the original data upon retrieval. We propose algorithms to detect and recover from such attacks. In contrast to existing approaches to solve this problem, our approach is not based on adding cryptographic checksums or signatures to the encoded packets, and it does not introduce any additional redundancy to the system. The results of our analysis show that our proposed algorithms are suitable for practical systems, especially in wireless sensor networks.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

L. Buttyán, T. V. Thong

Periodica Polytechnica Journal, accepted for publication, 2011.

Bibtex | Abstract

@article {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   journal = {Periodica Polytechnica Journal},
   month = {accepted for publication},
   year = {2011}
}

Keywords

Automated verification, secure routing protocols, model-cheking, process calculus

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for adhoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated.

I have a DREAM! (DiffeRentially privatE smArt Metering)

G. Ács, C. Castelluccia

The 13th Information Hiding Conference (IH), Springer, 2011.

Bibtex

@inproceedings {
   author = {Gergely Ács, Claude Castelluccia},
   title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
   booktitle = {The 13th Information Hiding Conference (IH)},
   publisher = {Springer},
   year = {2011}
}

Abstract

nEther: In-guest Detection of Out-of-the-guest Malware Analyzers

G. Pék, B. Bencsáth, L. Buttyán

ACM European Workshop on System Security (EuroSec), ACM, Salzburg, Austria, April 10, 2011, pp. 1-6.

Bibtex | PDF

@inproceedings {
   author = {Gábor PÉK, Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {nEther: In-guest Detection of Out-of-the-guest Malware Analyzers},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   address = {Salzburg, Austria},
   month = {April 10},
   year = {2011},
   pages = {1-6}
}

Abstract

Network Regulation and Market Entry

G. Schwartz, J. Musacchio, M. Felegyhazi, J. Walrand

GameNets 2011, 2011, , Shanghai, China, April 16-18.

Bibtex | Abstract

@conference {
   author = {, , Mark Felegyhazi, },
   title = {Network Regulation and Market Entry},
   booktitle = {GameNets 2011},
   year = {2011},
   address = {, Shanghai, China},
   month = { April 16-18}
}

Abstract

This paper uses a two-sided market model to study if lastmile access providers (ISPs), should charge content providers (CPs), who derive revenue from advertisers, for the right to access ISP’s end-users. We compare two-sided pricing (ISPs could charge CPs for content delivery) with one-sided pricing (neutrality regulations prohibit such charges). Our analysis indicates that number of CPs is lower, and the number of ISPs often higher, with two- rather than one-sided pricing. From our results the superiority of one regime over the other depends on parameters of advertising rates, end-user demand, CPs’ and ISPs’ costs, and relative importance of their investments. Thus, caution should be taken in designing neutrality regulations

On automating the verification of secure ad-hoc network routing protocols

T. V. Thong, L. Buttyán

Springer Telecommunication Systems, accepted for publication, 2011, pp. 1-30, Article ID: 10.1007/s11235-011-9592-3.

Bibtex | Abstract

@article {
   author = {Ta Vinh Thong, Levente BUTTYÁN},
   title = {On automating the verification of secure ad-hoc network routing protocols},
   journal = {Springer Telecommunication Systems},
   month = {accepted for publication},
   year = {2011},
   pages = {1-30},
   note = {Article ID: 10.1007/s11235-011-9592-3}
}

Keywords

Secure routing protocols, Automated security verification, Security, Cryptography, Mobile ad-hoc networks, Wireless communication, Formal analysis, Process calculus

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for ad-hoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a fully automatic verification method for secure adhoc network routing protocols that helps increasing the con- fidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our method is based on a deductive proof technique and a backward reachability approach. The main novelty of this approach compared to the prior works is that beside providing expressive semantics and syntax for modelling and specifying secure routing protocols, it assumes an arbitrary topology, and a strong attacker model.

On the Effects of Registrar-level Intervention

H. Liu, K. Levchenko, M. Felegyhazi, C. Kreibich, G. Maier, G. M. Voelker, S. Savage

In Proceedings of LEET 2011, LEET 2011 (USENIX), Boston, MA, USA, March 29, 2011 .

Bibtex | Abstract

@inproceedings {
   author = {, , Mark Felegyhazi, , Gregor Maier, , },
   title = {On the Effects of Registrar-level Intervention},
   booktitle = {In Proceedings of LEET 2011},
   publisher = {LEET 2011 (USENIX)},
   address = {Boston, MA, USA},
   month = {March 29},
   year = {2011 }
}

Abstract

Virtually all Internet scams make use of domain name resolution as a critical part of their execution (e.g., resolving a spam-advertised URL to its Web site). Consequently, defenders have initiated a range of efforts to intervene within the DNS ecosystem to block such activity (e.g., by blacklisting “known bad” domain names at the client). Recently, there has been a push for domain registrars to take a more active role in this conflict, and it is this class of intervention that is the focus of our work. In particular, this paper characterizes the impact of two recent efforts to counter scammers’ use of domain registration: CNNIC’s blanket policy changes for the .cn ccTLD made in late 2009 and the late 2010 agreement between eNom and LegitScript to reactively take down “rogue” Internet pharmacy domains. Using a combination of historic WHOIS data and co-temporal spam feeds, we measure the impact of these interventions on both the registration and use of spam-advertised domains. We use these examples to illustrate the key challenges in making registrar-level intervention an effective tool.

Optimal Selection of Sink Nodes in Wireless Sensor Networks in Adversarial Environments

A. Laszka, L. Buttyán, D. Szeszlér

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), 2011, pp. 1-6, Lucca, Italy, June 20.

Bibtex | Abstract | PDF

@conference {
   author = {Aron Laszka, Levente BUTTYÁN, Dávid Szeszlér},
   title = {Optimal Selection of Sink Nodes in Wireless Sensor Networks in Adversarial Environments},
   booktitle = {IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN)},
   year = {2011},
   pages = {1-6},
   address = {Lucca, Italy},
   month = {June 20}
}

Abstract

In this paper, we address the problem of assigning the sink role to a subset of nodes in a wireless sensor network with a given topology such that the resulting network configuration is robust against denial-of-service type attacks such as node destruction, battery exhaustion and jamming. In order to measure robustness, we introduce new metrics based on a notion defined in [1]. We argue that our metrics are more appropriate to measure the robustness of network configurations than the widely known connectivity based metrics. We formalize the problem of selecting the sink nodes as an optimization problem aiming at minimizing the deployment budget while achieving a certain level of robustness. We propose an efficient greedy heuristic algorithm that approximates the optimal solution reasonably well. [1] W. H. Cunningham, “Optimal attack and reinforcement of a network,” J. ACM, vol. 32, no. 3, pp. 549–561, 1985.

Protecting against Physical Resource Monitoring

G. Ács, C. Castelluccia, W. Lecat

The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.

Bibtex

@inproceedings {
   author = {Gergely Ács, Claude Castelluccia, William Lecat},
   title = {Protecting against Physical Resource Monitoring},
   booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Schönherz - Simonyi Szakkollégium ., December 13, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Schönherz - Simonyi Szakkollégium .},
   month = {December 13},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Fókuszban a CrySyS Lab. , December 14, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Fókuszban a CrySyS Lab. },
   month = {December 14},
   year = {2011}
}

Abstract

StegoWeb: Towards the Ideal Private Web Content Publishing Tool

T. Besenyei, Á. M. Földes, G. Gy. Gulyás, S. Imre

In: Proceedings of The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011), ThinkMind, Nice, France, August, 2011, pp. 109-114.

Bibtex | Abstract

@inproceedings {
   author = {Tamás Besenyei, Ádám Máté Földes, Gábor György Gulyás, Sándor Imre},
   title = {StegoWeb: Towards the Ideal Private Web Content Publishing Tool},
   booktitle = {In: Proceedings of The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011)},
   publisher = {ThinkMind},
   address = {Nice, France},
   month = {August},
   year = {2011},
   pages = {109-114}
}

Abstract

Privacy breaches through profiling constitute a considerable threat to users of Web 2.0 services. While many concepts have been proposed to address this issue by allowing users to encrypt, obfuscate, or otherwise conceal information of their choice, all have certain limitations. In this paper, we survey the available solutions, and propose a taxonomy for classifying them based on a revised evaluation scheme that builds upon our previous work. Our main contribution is a model that harnesses steganographic techniques in order to hide sensitive data, and the description of a proof-of-concept implementation thereof that allows a user to hide profile data on a website without installing any sort of software aside from a conventional web browser.

User Tracking on the Web via Cross-Browser Fingerprinting

B. Károly, Á. M. Földes, G. Gy. Gulyás, S. Imre

Information Security Technology for Applications, 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers, Springer, Talinn, Estonia, 2011.

Bibtex | Abstract

@inproceedings {
   author = {Károly Boda, Ádám Máté Földes, Gábor György Gulyás, Sándor Imre},
   title = {User Tracking on the Web via Cross-Browser Fingerprinting},
   booktitle = {Information Security Technology for Applications, 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers},
   publisher = {Springer},
   address = {Talinn, Estonia},
   year = {2011}
}

Abstract

The techniques of tracking users through their web browsers have greatly evolved since the birth of the World Wide Web, posing an increasingly significant privacy risk. An important branch of these methods, called fingerprinting, is getting more and more attention, because it does not rely on client-side information storage, in contrast to cookie-like techniques. In this paper, we propose a new, browser-independent fingerprinting method. We have tested it on a data set of almost a thousand records, collected through a publicly accessible test website. We have shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.

VeRA - Version Number and Rank Authentication in RPL

A. Dvir, T. Holczer, L. Buttyán

7th IEEE International Workshop on Wireless and Sensor Networks Security, IEEE, Valencia, Spain, October 17-22, 2011, pp. 709 - 714.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Amit Dvir, Tamas Holczer, Levente BUTTYÁN},
   title = {VeRA - Version Number and Rank Authentication in RPL},
   booktitle = {7th IEEE International Workshop on Wireless and Sensor Networks Security},
   publisher = {IEEE},
   address = {Valencia, Spain},
   month = {October 17-22},
   year = {2011},
   pages = {709 - 714}
}

Abstract

Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of con-strained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes’ batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.

XCS based hidden firmware modification on embedded devices

B. Bencsáth, L. Buttyán, T. Paulik

Proceedings of the IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom), IEEE, Split-Hvar-Dubrovnik, September 15-17, 2011, pp. 1-6.

Bibtex

@inproceedings {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Tamás Paulik},
   title = {XCS based hidden firmware modification on embedded devices},
   booktitle = {Proceedings of the IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom)},
   publisher = {IEEE},
   address = {Split-Hvar-Dubrovnik},
   month = {September 15-17},
   year = {2011},
   pages = {1-6}
}

Abstract

Click Trajectories: End-to-End Analysis of the Spam Value Chain

K. Levchenko, G. M. Voelker, V. Paxson, N. Weaver, A. Pitsillidis, D. McCoy, H. Liu, C. Kreibich, C. Kanich, T. Halvorson, C. Grier, M. Felegyhazi, B. Enright, N. Chachra, S. Savage

in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011), IEEE, Oakland, CA, USA, May 22-25, 2011 , pp. 1-16.

Bibtex | Abstract

@inproceedings {
   author = {, , , , , , , , , , , Mark Felegyhazi, , , },
   title = {Click Trajectories: End-to-End Analysis of the Spam Value Chain},
   booktitle = {in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011)},
   publisher = {IEEE},
   address = {Oakland, CA, USA},
   month = {May 22-25},
   year = { 2011 },
   pages = {1-16}
}

Abstract

Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email— including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

2010

Competitive Cyber-Insurance and Internet Security

N. Shetty, G. Schwartz, M. Felegyhazi, J. Walrand

T. Moore, D. Pym, and C. Ioannidis, editors, Economics of Information Security and Privacy, Springer-Verlag, pages 229-247,, 2010. .

Bibtex | Abstract

@article {
   author = {, , Mark Felegyhazi, },
   title = {Competitive Cyber-Insurance and Internet Security},
   journal = {T. Moore, D. Pym, and C. Ioannidis, editors, Economics of Information Security and Privacy, Springer-Verlag},
   month = {pages 229-247,},
   year = {2010. }
}

Abstract

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

On the Potential of Proactive Domain Blacklisting,

M. Felegyhazi, C. Kreibich, V. Paxson

at LEET 2010, 2010., San Jose, USA , April 27.

Bibtex | Abstract

@conference {
   author = {Mark Felegyhazi, , },
   title = {On the Potential of Proactive Domain Blacklisting, },
   booktitle = {at LEET 2010},
   year = {2010.},
   address = {San Jose, USA },
   month = {April 27}
}

Abstract

In this paper we explore the potential of leveraging properties inherent to domain registrations and their appearance in DNS zone files to predict the malicious use of domains proactively, using only minimal observation of known-bad domains to drive our inference. Our analysis demonstrates that our inference procedure derives on average 3.5 to 15 new domains from a given known-bad domain. 93% of these inferred domains subsequently appear suspect (based on third-party assessments), and nearly 73% eventually appear on blacklists themselves. For these latter, proactively blocking based on our predictions provides a median headstart of about 2 days versus using a reactive blacklist, though this gain varies widely for different domains.

Application of Wireless Sensor Networks in Critical Infrastructure Protection -- Challenges and Design Options

L. Buttyán, D. Gessner, A. Hessler, P. Langendoerfer

IEEE Wireless Communications Magazine, vol. 17, no. 5, October, 2010, pp. 44 - 49.

Bibtex | Abstract

@article {
   author = {Levente BUTTYÁN, Dennis Gessner, Alban Hessler, Peter Langendoerfer},
   title = {Application of Wireless Sensor Networks in Critical Infrastructure Protection -- Challenges and Design Options},
   journal = {IEEE Wireless Communications Magazine},
   volume = {17},
   number = {5},
   month = {October},
   year = {2010},
   pages = {44 - 49}
}

Abstract

The protection of critical infrastructures provides an interesting application area for wireless sensor networks. Threats such as natural catastrophes, criminal or terrorist attacks against CIs are increasingly reported. The large-scale nature of CIs requires a scalable and low-cost technology for improving CI monitoring and surveillance. WSNs are a promising candidate to fulfill these requirements, but if the WSN becomes part of the CI in order to improve its reliability, then the dependability of the WSN itself needs to be significantly improved first. In this article we discuss the challenges and potential solutions to achieve dependability of WSNs taking into account accidental failures as well as intentional attacks. We inspect the whole system starting from individual sensor nodes via the protocol stack to the middleware layer above.

Barter Trade Improves Message Delivery in Opportunistic Networks

L. Buttyán, L. Dóra, M. Felegyhazi, I. Vajda

Elsevier Ad Hoc Networks, vol. 8, no. 1, January 10, 2010, pp. 1-14.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, László DÓRA, Mark Felegyhazi, István VAJDA},
   title = {Barter Trade Improves Message Delivery in Opportunistic Networks},
   journal = {Elsevier Ad Hoc Networks},
   volume = {8},
   number = {1},
   month = {January 10},
   year = {2010},
   pages = {1-14}
}

Abstract

In opportunistic networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. The results show that, in practical scenarios, the message delivery rate considerably increases, if the mobile nodes follow the Nash Equilibrium strategy in the proposed mechanism compared to the data dissemination protocol when no encouraging mechanism is present.

BlogCrypt: Private Content Publishing on the web

T. Paulik, Á. M. Földes, G. Gy. Gulyás

In: Proceedings of The Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010), IEEE, Venice, Italy, July, 2010.

Bibtex | Abstract

@inproceedings {
   author = {Tamás Paulik, Ádám Máté Földes, Gábor György Gulyás},
   title = {BlogCrypt: Private Content Publishing on the web},
   booktitle = {In: Proceedings of The Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010)},
   publisher = {IEEE},
   address = {Venice, Italy},
   month = {July},
   year = {2010}
}

Abstract

Voluntary disclosure of personal information is becoming more and more widespread with the advent of Web 2.0 services. Publishing such information constitutes new kinds of threats, such as further reinforcing already existing profiling techniques through correlation of perceived user activities to those publicly disclosed, but the most obvious of all is the intrinsic threat that malicious third parties collect and combine information we publish about ourselves. In this paper, we evaluate currently existing solutions that are destined for addressing this issue, then propose a model of our own for providing access control for a user over information she published and analyse our implementation thereof.

Cross-layer security and resilience in wireless mesh networks

I. Askoxylakis, B. Bencsáth, L. Buttyán, L. Dóra, V. Siris, A. Traganitis

N. Zorba, C. Skianis, and C. Verikoukis (eds), Cross Layer Designs in WLAN Systems, Troubador Publishing Ltd, Emerging Communication and Service Technologies Series, 2010.

Bibtex

@inbook {
   author = {Ioannis ASKOXYLAKIS, Boldizsár Bencsáth, Levente BUTTYÁN, László DÓRA, Vasilios SIRIS, A. Traganitis},
   editor = {N. Zorba, C. Skianis, and C. Verikoukis (eds)},
   title = {Cross-layer security and resilience in wireless mesh networks},
   publisher = {Cross Layer Designs in WLAN Systems, Troubador Publishing Ltd, Emerging Communication and Service Technologies Series},
   year = {2010}
}

Abstract

Decision and Game Theory for Security

T. Alpcan, L. Buttyán, J. Baras

vol. LNCS 6442, Springer, 2010.

Bibtex

@book {
   author = {Tansu Alpcan, Levente BUTTYÁN, John Baras},
   title = {Decision and Game Theory for Security},
   volume = {LNCS 6442},
   publisher = {Springer},
   year = {2010}
}

Abstract

Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks

L. Buttyán, L. Dóra, F. Martinelli, M. Petrocchi

Elsevier Computer Communications, vol. 33, April, 2010, pp. 907-922.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, László DÓRA, Fabio MARTINELLI, Marinella PETROCCHI},
   title = {Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks},
   journal = {Elsevier Computer Communications},
   volume = {33},
   month = {April},
   year = {2010},
   pages = {907-922}
}

Abstract

In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in a multi-operator environment. In this paper, we propose two certificate-based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We assume that the access point is always a constrained device, and we propose different mechanisms for mesh clients with different computational performance. For constrained devices, we propose a mechanism where weak keys are used for digital signatures to decrease the latency of the authentication. The authenticity of the weak keys are provided by short-term certificates issued by the owner of the key. The short-term certificate has the digital signature generated by the owner's long-term key. We prove formally that the use of our weak key mechanism on the mesh client side is as secure as the use of some stronger keys. We perform a detailed performance evaluation on our proof-of-concept implementation, and we also compare our solution to the current standard methods.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

L. Buttyán, T. V. Thong

Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC), IFIP, Budapest, Hungary, October 18-20, 2010, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   booktitle = {Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC)},
   publisher = {IFIP},
   address = {Budapest, Hungary},
   month = {October 18-20},
   year = {2010},
   pages = {1-6}
}

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for adhoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated.

Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks

L. Dóra, T. Holczer

In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010, Pisa, Italy, February 22-23, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {László DÓRA, Tamas Holczer},
   title = {Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks},
   booktitle = {In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010},
   address = {Pisa, Italy},
   month = {February 22-23},
   year = {2010}
}

Abstract

A delay-tolerant network is a mobile ad hoc network where the message dissemination is based on the store-carry-and-forward principle. This principle raises new aspects of the privacy problem. In particular, an attacker can build a user profile and trace the nodes based on this profile even if the message exchange protocol provides anonymity. In this paper, an attacker model is presented and some proposed attackers are implemented. We analyze the efficiency of both the attacks and the proposed defense mechanism, called Hide-and-Lie Strategy. We show that without any defense mechanism, the nodes are traceable, but with the Hide-and-Lie Strategy, the success probability of an attacker can be made equal to the success probability of the simple guessing. Furthermore, in some scenarios, the Hide-and-Lie Strategy increases the message delivery ratio. The number of downloaded messages and the maximal memory size required to apply the proposed privacy defense mechanism is also investigated.

Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks

G. Ács, L. Buttyán, L. Dóra

In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10), Montreal, Canada, June 14-17, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, László DÓRA},
   title = {Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks},
   booktitle = {In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10)},
   address = {Montreal, Canada},
   month = {June 14-17},
   year = {2010}
}

Abstract

In this paper, we address the problem of detecting misbehaving routers in wireless mesh networks and avoiding them when selecting routes. We assume that link-state routing is used, and we essentially propose a reputation system, where trusted gateway nodes compute Node Trust Values for the routers, which are fed back into the system and used in the route selection procedure. The computation of the Node Trust Values is based on packet counters maintained in association with each route and reported to the gateways by the routers in a regular manner. The feedback mechanism is based on limited scope flooding. The received Node Trust Values concerning a given router are aggregated, and the aggregate trust value of the router determines the probability with which that router is kept in the topology graph used for route computation. Hence, less trusted routers are excluded from the topology graph with higher probability, while the route selection still runs on a weighted graph (where the weights are determined by the announced link qualities), and it does not need to be changed. We evaluated the performance of our solution by means of simulations. The results show that our proposed mechanism can detect misbehaving routers reliably, and thanks to the feedback and the exclusion of the accused nodes from the route selection, we can decrease the number of packets dropped due to router misbehavior considerably. At the same time, our mechanism only slightly increases the average route length.

PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks

L. Buttyán, P. Schaffer

International Journal of Distributed Sensor Networks, vol. 2010, no. Article ID 679205, 2010.

Bibtex | Abstract

@article {
   author = {Levente BUTTYÁN, Peter Schaffer},
   title = {PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   volume = {2010},
   number = {Article ID 679205},
   year = {2010}
}

Abstract

We introduce PANEL a position-based aggregator node election protocol for wireless sensor networks. The novelty of PANEL with respect to other aggregator node election protocols is that it supports asynchronous sensor network applications where the sensor readings are fetched by the base stations after some delay. In particular, the motivation for the design of PANEL was to support reliable and persistent data storage applications, such as TinyPEDS; see the study by Girao et al. (2007). PANEL ensures load balancing, and it supports intra and intercluster routing allowing sensor-to-aggregator, aggregator-to-aggregator, base station-toaggregator, and aggregator to-base station communications. We also compare PANEL with HEED; see the study by Younis and Fahmy (2004) in the simulation environment provided by TOSSIM, and show that, on one hand, PANEL creates more cohesive clusters than HEED, and, on the other hand, that PANEL is more energy efficient than HEED.

Perfectly Anonymous Data Aggregation in Wireless Sensor Networks

L. Buttyán, T. Holczer

Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010), IEEE, San Francisco, November 8-12, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer},
   title = {Perfectly Anonymous Data Aggregation in Wireless Sensor Networks},
   booktitle = {Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010)},
   publisher = {IEEE},
   address = {San Francisco},
   month = {November 8-12},
   year = {2010}
}

Abstract

Clustering and data aggregation in wireless sensor networks improves scalability, and helps the efficient use of scarce resources. Yet, these mechanisms also introduce some security issues; in particular, aggregator nodes become attractive targets of physical destruction and jamming attacks. In order to mitigate this problem, we propose a new private aggregator node election protocol that hides the identity of the elected aggregator nodes both from external eavesdroppers and from compromised nodes participating in the protocol. We also propose a private data aggregation protocol and a corresponding private query protocol which allows the aggregators to collect sensor readings and respond to queries of the base station, respectively, without revealing any useful information about their identity to external eavesdroppers and to compromised nodes.

Pollution Attack Defense for Coding Based Sensor Storage

L. Buttyán, L. Czap, I. Vajda

Proceedings of the International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC), IEEE, California, USA, June 7-9, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, László CZAP, István VAJDA},
   title = {Pollution Attack Defense for Coding Based Sensor Storage},
   booktitle = {Proceedings of the International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC)},
   publisher = {IEEE},
   address = {California, USA},
   month = {June 7-9},
   year = {2010}
}

Abstract

We present a novel information theoretic approach to make network coding based storage secure against pollution attacks in sensor networks. The approach is based on a new decoding algorithm which makes it possible to find adversarial blocks using one more encoded block than strictly necessary for decoding. Our scheme fits well to the requirements of sensor networks, because it operates without adding either computational or communication overhead to source and storage nodes, only the collector node needs to perform some additional computation. Our approach does not apply cryptography, hence it works in environments where no pre-shared keys, secure channels or PKI are available, which is often the case in sensor networks.

Secure Network Coding in DTNs

L. Czap, I. Vajda

IEEE Communications Letters, 2010.

Bibtex | Abstract

@article {
   author = {László CZAP, István VAJDA},
   title = {Secure Network Coding in DTNs},
   journal = {IEEE Communications Letters},
   year = {2010}
}

Abstract

The application of network coding can significantly improve the performance of message delivery in delay tolerant networks, assuming all participants behave honestly. However, if some nodes of the network are compromised, the adversary can launch pollution attack and this way can destroy large amount of data with small effort. Current solutions against pollution attack require public key infrastructure, that is often not available in mobile ad-hoc networks. Our proposal allows packets to verify each other, hence an intermediate node can decide whether these packets can be encoded together without authenticating the source.

Security Analysis of Reliable Transport Layer Protocols for Wireless Sensor Networks

L. Buttyán, L. Csik

Proceedings fof the IEEE Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS), IEEE, Seattle, USA, March 21-25, 2010, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, László Csik},
   title = {Security Analysis of Reliable Transport Layer Protocols for Wireless Sensor Networks},
   booktitle = {Proceedings fof the IEEE Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS)},
   publisher = {IEEE},
   address = {Seattle, USA},
   month = {March 21-25},
   year = {2010},
   pages = {1-6}
}

Abstract

End-to-end reliability of communications is an important requirement in many applications of wireless sensor networks. For this reason, a number of reliable transport protocols specifically designed for wireless sensor networks have been proposed in the literature. Besides providing end-to-end reliability, some of those protocols also address the problems of fairness and congestion control, and they are all optimized for low energy consumption. However, in this paper, we show that most of those protocols completely neglect security issues. As a consequence, they ensure reliable communications and low energy consumption only in a benign environment, but they fail in a hostile environment, where an adversary can forge or replay control packets of the protocol. More specifically, our analysis shows that control packet injection and replay can cause permanent loss of data packets, and thus, such misdeeds make the hitherto reliable protocol unreliable. In addition, even if the protocol can recover from such an attack, the recovery overhead caused by forged or replayed control packets can be large, which gives an opportunity for energy depletion attacks.

Védekezés e-mail-címkinyerõ támadások ellen

B. Bencsáth, Géza Szabó, I. Vajda

Szemelvények az OTKA támogatásával készült alapkutatások újabb eredményeibõl 2, OTKA, 2010, pp. 69-71.

Bibtex

@inproceedings {
   author = {Boldizsár Bencsáth, Géza Szabó, István VAJDA},
   title = {Védekezés e-mail-címkinyerõ támadások ellen},
   booktitle = {Szemelvények az OTKA támogatásával készült alapkutatások újabb eredményeibõl 2},
   publisher = {OTKA},
   year = {2010},
   pages = {69-71}
}

Abstract

Optimal Security Investment with Penetration Testing

R. Böhme, M. Felegyhazi

GameSec 2010, 2010. , Berlin, Germany, Nov 22-23.

Bibtex | Abstract

@conference {
   author = {, Mark Felegyhazi},
   title = {Optimal Security Investment with Penetration Testing},
   booktitle = {GameSec 2010},
   year = { 2010. },
   address = {Berlin, Germany},
   month = {Nov 22-23}
}

Abstract

Penetration testing, the deliberate search for potential vulnerabilities in a system by using attack techniques, is a relevant tool of information security practitioners. This paper adds penetration testing to the realm of information security investment. Penetration testing is modeled as an information gathering option to reduce uncertainty in a discrete time, nite horizon, player-versus-nature, weakest-link security game. We prove that once started, it is optimal to continue penetration testing until a secure state is reached. Further analysis using a new metric for the return on penetration testing suggests that penetration testing almost always increases the per-dollar eciency of security investment.

2009

Competitive Cyber-Insurance and Internet Security,

N. Shetty, G. Schwartz, M. Felegyhazi, J. Walrand

in Proceedings of WEIS 2009, WEIS 2009, London, England,, June 24-25 , 2009..

Bibtex | Abstract

@inproceedings {
   author = {, , Mark Felegyhazi, },
   title = {Competitive Cyber-Insurance and Internet Security, },
   booktitle = {in Proceedings of WEIS 2009},
   publisher = {WEIS 2009},
   address = {London, England,},
   month = { June 24-25 },
   year = {2009.}
}

Abstract

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Security of Communication Networks (In Hungarian)

B. Bencsáth, L. Buttyán, I. Vajda

Híradástechnika, vol. LXIV, August, 2009..

Bibtex

@article {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, István VAJDA},
   title = {Security of Communication Networks (In Hungarian)},
   journal = {Híradástechnika},
   volume = {LXIV},
   month = {August},
   year = {2009.}
}

Abstract

An Authentication Scheme for QoS-aware Multi-operator maintained Wireless Mesh Networks

L. Buttyán, L. Dóra

In Proceedings of the First IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'09), IEEE, Kos, Greece, June 15, 2009.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, László DÓRA},
   title = {An Authentication Scheme for QoS-aware Multi-operator maintained Wireless Mesh Networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'09)},
   publisher = {IEEE},
   address = {Kos, Greece},
   month = {June 15},
   year = {2009}
}

Abstract

In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in multi-operator environment. Here, we propose two certificate based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We consider both powerful and constraint mesh clients and we propose certificate sets to decrease the authentication latency. We compare our proof-of-concept implementation to current widely used authentication methods like EAP-TLS, and we conclude that our proposed authentication scheme is considerably faster in all considered scenarios.

Consistency verification of stateful firewalls is not harder than the stateless case

L. Buttyán, G. Pék, T. V. Thong

Infocommunications Journal, vol. LXIV, no. 2009/2-3, March, 2009, pp. 1-8.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Gábor PÉK, Ta Vinh Thong},
   title = {Consistency verification of stateful firewalls is not harder than the stateless case},
   journal = {Infocommunications Journal},
   volume = {LXIV},
   number = {2009/2-3},
   month = {March},
   year = {2009},
   pages = {1-8}
}

Keywords

Stateful firewall, FIREMAN, verification, security, inconsistency

Abstract

Firewalls play an important role in the enforcement of access control policies in contemporary networks. However, firewalls are effective only if they are configured correctly such that their access control rules are consistent and the firewall indeed implements the intended access control policy. Unfortunately, due to the potentially large number of rules and their complex relationships with each other, the task of firewall configuration is notoriously error-prone, and in practice, firewalls are often misconfigured leaving security holes in the protection system. In this paper, we address the problem of consistency verification of stateful firewalls that keep track of already existing connections. For the first sight, the consistency verification of stateful firewalls appears to be harder than that of stateless firewalls. We show that, in fact, this is not the case: consistency verification of stateful firewalls can be reduced to the stateless case, and hence, they have the same complexity. We also report on our prototype implemetation of an automated consistency verification tool that can handle stateful firewalls.

CORA: Correlation-based Resilient Aggregation in Sensor Networks

L. Buttyán, P. Schaffer, I. Vajda

Elsevier Ad Hoc Networks, vol. 7, no. 6, 2009, pp. 1035-1050.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Peter Schaffer, István VAJDA},
   title = {CORA: Correlation-based Resilient Aggregation in Sensor Networks},
   journal = {Elsevier Ad Hoc Networks},
   volume = {7},
   number = {6},
   year = {2009},
   pages = {1035-1050}
}

Abstract

In this paper, we consider the problem of resilient data aggregation in sensor networks, namely, how to aggregate sensor readings collected by the base station when some of those sensor readings may be compromised. Note that an attacker can easily compromise the reading of a sensor by altering the environmental parameters measured by that sensor. We present a statistical framework that is designed to mitigate the effects of the attacker on the output of the aggregation function. The main novelty of our approach compared to most prior work on resilient data aggregation is that we take advantage of the naturally existing correlation between the readings produced by different sensors. In particular, we show how spatial correlation can be represented in the sensor network data model, and how it can be exploited to increase the resilience of data aggregation. The algorithms presented in this paper are flexible enough to be applied without any special assumption on the distribution of the sensor readings or on the strategy of the attacker. The effectiveness of the algorithms is evaluated analytically considering a typical attacker model with various parameters, and by means of simulation considering a sophisticated attacker.

Efficient MAC in Cognitive Radio Networks: A Game-Theoretic Approach

M. Felegyhazi, M. Cagalj, J. P. Hubaux

Transactions on Wireless Communications (TWC), , vol. 8, no. 4, April , 2009.

Bibtex | Abstract

@article {
   author = {Mark Felegyhazi, Mario Cagalj, Jean-Pierre Hubaux},
   title = {Efficient MAC in Cognitive Radio Networks: A Game-Theoretic Approach},
   journal = {Transactions on Wireless Communications (TWC), },
   volume = {8},
   number = {4},
   month = {April },
   year = {2009}
}

Abstract

In this paper, we study the problem of efficient medium access control (MAC) among cognitive radio devices that are equipped with multiple radios and thus are capable of transmitting simultaneously at different frequencies (channels). We assume that radios contend on each channel using the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol. We study two MAC problems: (i) the allocation of the available channels among radios, and (ii) the optimal usage of each allocated channel by the radios occupying it. Both problems are studied in a game-theoretic setting, where devices aim to selfishly maximize their share of the available bandwidth. As for the first problem, we show that the ”price of anarchy” is close to 1, that is, Nash equilibria imply nearly system optimal allocations of the available channels. For the second problem, we design a game such that it admits a unique Nash equilibrium that is is both fair and Pareto-optimal. Furthermore, we propose simple mechanisms that enable selfish cognitive radio devices not only to coordinate efficiently on the available channels but also to optimally use every single allocated channel.

Modeling Role-Based Privacy in Social Networking Services

G. Gy. Gulyás, R. Schulcz, S. Imre

In: Proceedings of The Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2009), IEEE, Athens, Greece, 2009, pp. 173-178.

Bibtex | Abstract

@inproceedings {
   author = {Gábor György Gulyás, Róbert Schulcz, Sándor Imre},
   title = {Modeling Role-Based Privacy in Social Networking Services},
   booktitle = {In: Proceedings of The Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2009)},
   publisher = {IEEE},
   address = {Athens, Greece},
   year = {2009},
   pages = {173-178}
}

Abstract

As social networking services are getting more and more common, the need for privacy enhancing options, sophisticated identity management and anonymity emerges. In this paper the authors propose using Role-Based Privacy as a response for these needs and introduce a novel model called Nexus-Identity Network that is capable of describing services extended with such functionality. The concerned principles of Role-Based Privacy are conferred in the paper and criteria are presented for anonymity. Conforming to the criteria the authors suggest storing the profiles of different identities in a tree hierarchy in a user-friendly manner. The analysis of anonymity shows that the network has a structure that can be easily interpreted similarly to graphs representing connections in regular social networks. The ease of profile management and network visualization are advantages of the Nexus-Identity Model which can make a social networking service privacy- and user-friendly as well.

New Approaches to Mitigate Network Denial-of-Service Problems

B. Bencsáth

BME Informatikai Tudományok doktori iskola, November, 2009.

Bibtex | PDF

@phdthesis {
   author = {Boldizsár Bencsáth},
   title = {New Approaches to Mitigate Network Denial-of-Service Problems},
   school = {BME Informatikai Tudományok doktori iskola},
   month = {November},
   year = {2009}
}

Abstract

On the security of communication network: now and tomorrow

B. Bencsáth, L. Buttyán, I. Vajda

Infocommunications Journal, vol. LXIV., no. no. 4., 2009, pp. pp. 3-7..

Bibtex

@article {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, István VAJDA},
   title = {On the security of communication network: now and tomorrow},
   journal = {Infocommunications Journal},
   volume = {LXIV.},
   number = {no. 4.},
   year = {2009},
   pages = {pp. 3-7.}
}

Abstract

Private Cluster Head Election in Wireless Sensor Networks

L. Buttyán, T. Holczer

Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09), IEEE, IEEE, Macau SAR, PRC, October 12 , 2009, pp. 1048-1053.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer},
   title = {Private Cluster Head Election in Wireless Sensor Networks},
   booktitle = {Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09)},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Macau SAR, PRC},
   month = {October 12 },
   year = {2009},
   pages = {1048-1053}
}

Abstract

Clustering is a useful mechanism in wireless sensor networks that helps to cope with scalability problems and, if combined with in-network data aggregation, may increase the energy efficiency of the network. At the same time, by assigning a special role to the cluster head nodes, clustering makes the network more vulnerable to attacks. In particular, disabling a cluster head by physical destruction or jamming may render the entire cluster inoperable temporarily until the problem is detected and a new cluster head is elected. Hence, the cluster head nodes may be attractive targets of attacks, and one would like to make it difficult for an adversary to identify them. The adversary can try to identify the cluster head nodes in various ways, including the observation of the cluster head election process itself and the analysis of the traffic patterns after the termination of the cluster head election. In this paper, we focus on the former problem, which we call the private cluster head election problem. This problem has been neglected so far, and as a consequence, existing cluster head election protocols leak too much information making the identification of the elected cluster head nodes easy even for a passive external observer. We propose the first private cluster head election protocol for wireless sensor networks that is designed to hide the identity of the elected cluster head nodes from an adversary that can observe the execution of the protocol.

Secure Vehicle Communication (SeVeCom)

T. Holczer, P. Ardelean, N. Asaj, S. Cosenza, M. Müter, A. Held, B. Wiedersheim, P. Papadimitratos, F. Kargl, D. D. Cock

Demonstration. Mobisys, June, 2009.

Bibtex | PDF

@misc {
   author = {Tamas Holczer, Petra Ardelean, Naim Asaj, Stefano Cosenza, Michael Müter, Albert Held, Björn Wiedersheim, Panagiotis Papadimitratos, Frank Kargl, Danny De Cock},
   title = {Secure Vehicle Communication (SeVeCom)},
   howpublished = {Demonstration. Mobisys},
   month = {June},
   year = {2009}
}

Keywords

vehicular ad hoc network, security, privacy

Abstract

Securing Multi-operator Based QoS-aware Mesh Networks: Requirements and Design Options

I. Askoxylakis, B. Bencsáth, L. Buttyán, L. Dóra, V. Siris, D. Szili, I. Vajda

Wireless Communications and Mobile Computing (Special Issue on QoS and Security in Wireless Networks), vol. 10, no. 5, 2009, pp. 622-646.

Bibtex | Abstract | PDF

@article {
   author = {Ioannis ASKOXYLAKIS, Boldizsár Bencsáth, Levente BUTTYÁN, László DÓRA, Vasilios SIRIS, Dávid SZILI, István VAJDA},
   title = {Securing Multi-operator Based QoS-aware Mesh Networks: Requirements and Design Options},
   journal = {Wireless Communications and Mobile Computing (Special Issue on QoS and Security in Wireless Networks)},
   volume = {10},
   number = {5},
   year = {2009},
   pages = {622-646}
}

Abstract

Wireless mesh networking allows network operators and service providers to offer nearly ubiquitous broadband access at a low cost to customers. In this paper, we focus on QoS-aware mesh networks operated by multiple operators in a cooperative manner. In particular, we identify the general security requirements of such networks and we give an overview on the available design options for a security architecture aiming at satisfying those requirements. More specifically, we consider the problems of mesh client authentication and access control, protection of wireless communications, securing the routing, key management, and intrusion and misbehavior detection and recovery. Our aim is to structure this rich problem domain and to prepare the grounds for the design of a practically usable security architecture.

SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs

L. Buttyán, T. Holczer, A. Weimerskirch, W. Whyte

Proceedings of the IEEE Vehicular Networking Conference, IEEE, IEEE, Tokyo, Japan, October 28-29, 2009, pp. 1-8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, Andre Weimerskirch, William Whyte},
   title = {SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs},
   booktitle = {Proceedings of the IEEE Vehicular Networking Conference},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Tokyo, Japan},
   month = {October 28-29},
   year = {2009},
   pages = {1-8}
}

Abstract

Untraceability of vehicles is an important requirement in future vehicle communications systems. Unfortunately, heartbeat messages used by many safety applications provide a constant stream of location data, and without any protection measures, they make tracking of vehicles easy even for a passive eavesdropper. One commonly known solution is to transmit heartbeats under pseudonyms that are changed regularly in order to obfuscate the trajectory of vehicles. However, this approach is effective only if some silent period is kept during the pseudonym change and several vehicles change their pseudonyms nearly at the same time and at the same location. Unlike previous works that proposed explicit synchronization between a group of vehicles and/or required pseudonym change in a designated physical area (i.e., a static mix zone), we propose a much simpler approach that does not need any explicit cooperation between vehicles and any infrastructure support. Our basic idea is that vehicles should not transmit heartbeat messages when their speed drops below a given threshold, say 30 km/h, and they should change pseudonym during each such silent period. This ensures that vehicles stopping at traffic lights or moving slowly in a traffic jam will all refrain from transmitting heartbeats and change their pseudonyms nearly at the same time and location. Thus, our scheme ensures both silent periods and synchronized pseudonym change in time and space, but it does so in an implicit way. We also argue that the risk of a fatal accident at a slow speed is low, and therefore, our scheme does not seriously impact safety-of- life. In addition, refraining from sending heartbeat messages when moving at low speed also relieves vehicles of the burden of verifying a potentially large amount of digital signatures, and thus, makes it possible to implement vehicle communications with less expensive equipments.

Universal Autonomous Robot Navigation Using Quasi Optimal Path Generation

A. Laszka, Varkonyi-Koczy, A.R., G. Pék, P. Varlaki

4th IEEE Int. Conf. on Autonomous Robots and Agents (ICARA' 2009), 2009, February.

Bibtex | Abstract

@conference {
   author = {Aron Laszka, Varkonyi-Koczy, A.R., Gábor PÉK, Varlaki Péter},
   title = {Universal Autonomous Robot Navigation Using Quasi Optimal Path Generation},
   booktitle = {4th IEEE Int. Conf. on Autonomous Robots and Agents (ICARA' 2009)},
   year = {2009},
   month = {February}
}

Abstract

Autonomous robot navigation is an important research field because these robots can solve problems where the human presence is impossible, dangerous, expensive, or uncomfortable. In this paper, a new hybrid autonomous navigation method is introduced. The algorithm is composed of visibility graph based global navigation and simple potential field based local navigation parts. It applies a new automated graph generation method which may become necessary if, because of the observed new obstacles, a new path should be generated. The quasi optimal route is found by applying the well known A* algorithm on the graph. The presented technique offers a quasi optimal universal navigation technique which can successfully be used in all, known, unknown, and dynamically changing environments.

2008

Revocation Games in Ephemeral Networks

M. Raya, M. H. Manshaei, M. Felegyhazi, J. P. Hubaux

in Proceedings of ACM CCS , ACM, Alexandria, VA, USA, Oct. 27-31, 2008. .

Bibtex | Abstract

@inproceedings {
   author = {Maxim Raya, , Mark Felegyhazi, Jean-Pierre Hubaux},
   title = {Revocation Games in Ephemeral Networks},
   booktitle = {in Proceedings of ACM CCS },
   publisher = {ACM},
   address = {Alexandria, VA, USA},
   month = {Oct. 27-31},
   year = {2008. }
}

Abstract

A frequently proposed solution to node misbehavior in mo- bile ad hoc networks is to use reputation systems. But in ephemeral networks - a new breed of mobile networks where contact times between nodes are short and neighbors change frequently - reputations are hard to build. In this case, local revocation is a faster and more e±cient alterna- tive. In this paper, we de¯ne a game-theoretic model to analyze the various local revocation strategies. We establish and prove the conditions leading to subgame-perfect equilib- ria. We also derive the optimal parameters for voting-based schemes. Then we design a protocol based on our analy- sis and the practical aspects that cannot be captured in the model. With realistic simulations on ephemeral networks we compare the performance and economic costs of the diŸerent techniques.

An Improved Hybrid Navigation Method

G. Pék, A. Laszka, Varkonyi-Koczy, A.R.

7th Int. Conf. On Global Research and Education in Intelligent Systems (Inter-Akademia' 2008), 2008, September.

Bibtex | Abstract

@conference {
   author = {Gábor PÉK, Aron Laszka, Varkonyi-Koczy, A.R.},
   title = {An Improved Hybrid Navigation Method},
   booktitle = {7th Int. Conf. On Global Research and Education in Intelligent Systems (Inter-Akademia' 2008)},
   year = {2008},
   month = {September}
}

Abstract

Autonomous robot navigation is an important research field because these robots can solve problems where the human presence is impossible, dangerous, expensive, or uncomfortable. In this paper, a new hybrid autonomous navigation method is introduced. The algorithm is composed of visibility graph based global navigation and simple potential field based local navigation parts. It applies a new automated graph generation method which may become necessary if, because of the observed new obstacles, a new path should be generated. The quasi optimal route is found by applying the well known A* algorithm on the graph. The presented technique offers a quasi optimal universal navigation technique which can successfully be used in all, known, unknown, and dynamically changing environments.

Comprehensive Analysis of Web Privacy and Anonymous Web Browsers: Are Next Generation Services Based on Collaborative Filtering?

G. Gy. Gulyás, R. Schulcz, S. Imre

In: Joint SPACE and TIME Workshops, held by The Joint iTrust and PST Conferences on Privacy, Trust Management and Security, ?, Norway, Trondheim, 2008.

Bibtex | Abstract

@inproceedings {
   author = {Gábor György Gulyás, Róbert Schulcz, Sándor Imre},
   title = {Comprehensive Analysis of Web Privacy and Anonymous Web Browsers: Are Next Generation Services Based on Collaborative Filtering?},
   booktitle = {In: Joint SPACE and TIME Workshops, held by The Joint iTrust and PST Conferences on Privacy, Trust Management and Security},
   publisher = {?},
   address = {Norway, Trondheim},
   year = {2008}
}

Abstract

Abstract. In general, networking privacy enhancing technologies are better on larger user bases- such criteria that can be enhanced by combining them with community based services. In this paper we present main web privacy issues and today’s complex preventive solutions, anonymous web browsers, in several aspects including a comprehensive taxonomy as a result of our inquiry. Also, we suggest a next generation anonymous browser scheme based on collaborative filtering concerning issues on semantic web. Finally we analyze the benefits and drawbacks of such services, also examining the possible investors and raised moral considerations.

Introduction to the world of botnets (in Hungarian)

B. Bencsáth, Géza Szabó, A. Szentgyörgyi

Híradástechnika (Pollák-Virág award), vol. LXIII, no. 11, November, 2008, pp. 10-15.

Bibtex | PDF

@article {
   author = {Boldizsár Bencsáth, Géza Szabó, Attila Szentgyörgyi},
   title = {Introduction to the world of botnets (in Hungarian)},
   journal = {Híradástechnika (Pollák-Virág award)},
   volume = {LXIII},
   number = {11},
   month = {November},
   year = {2008},
   pages = {10-15}
}

Abstract

Optimal Pricing Strategy for Wireless Social Community Networks

A. Mazloumian, M. H. Manshaei, M. Felegyhazi, J. P. Hubaux

in Proceedings of the Economics of Networks, Systems, and Computation (NetEcon 2008), NetEcon, Seattle, August 22, 2008.

Bibtex | Abstract

@inproceedings {
   author = {, , Mark Felegyhazi, Jean-Pierre Hubaux},
   title = {Optimal Pricing Strategy for Wireless Social Community Networks},
   booktitle = {in Proceedings of the Economics of Networks, Systems, and Computation (NetEcon 2008)},
   publisher = {NetEcon},
   address = {Seattle},
   month = {August 22},
   year = {2008}
}

Abstract

Wireless social community operators rely on subscribers who constitute a community of users. The pricing strategy of the provided wireless access is an open problem for this new generation of wireless access providers. In this paper, using both analytical and simulation approaches, we study the problem comprised of modeling user subscription and mobility behavior and of coverage evolution with the objective of finding optimal subscription fees. We compute optimal prices with both static and semi-dynamic pricing. Coping with an incomplete knowledge about users, we calculate the best static price and prove that optimal fair pricing is the optimal semidynamic pricing. Moreover, we have developed a simulator to verify optimal prices of social community operators with complete and incomplete knowledge. Our results show that the optimal fair pricing strategy significantly improves the cumulative payoff of social community operators.

PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks

L. Buttyán, P. Schaffer

International Journal of Distributed Sensor Networks, September, 2008.

Bibtex | Abstract

@article {
   author = {Levente BUTTYÁN, Peter Schaffer},
   title = {PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   month = {September},
   year = {2008}
}

Abstract

In this paper, we introduce PANEL, a position-based aggregator node election protocol for wireless sensor networks. The novelty of PANEL with respect to other aggregator node election protocols is that it supports asynchronous sensor network applications where the sensor readings are fetched by the base stations after some delay. In particular, the motivation for the design of PANEL was to support reliable and persistent data storage applications, such as TinyPEDS. PANEL ensures load balancing, and it supports intra- and inter-cluster routing allowing sensor to aggregator, aggregator to aggregator, base station to aggregator, and aggregator to base station communications. We also compare PANEL with HEED in the simulation environment provided by TOSSIM, and show that, on the one hand, PANEL creates more cohesive clusters than HEED, and, on the other hand, that PANEL is more energy efficient than HEED.

Secure vehicular communication systems: design and architecture

P. Papadimitratos, A. Kung, F. Kargl, Z. Ma, M. Raya, J. Freudiger, E. Schoch, T. Holczer, L. Buttyán, J. P. Hubaux

IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 100-109.

Bibtex | Abstract | PDF

@article {
   author = {Panagiotis Papadimitratos, Antonio Kung, Frank Kargl, Zhendong Ma, Maxim Raya, Julien Freudiger, Elmar Schoch, Tamas Holczer, Levente BUTTYÁN, Jean-Pierre Hubaux},
   title = {Secure vehicular communication systems: design and architecture},
   journal = {IEEE Communications Magazine},
   volume = {46},
   number = {11},
   month = {November},
   year = {2008},
   pages = {100-109}
}

Abstract

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.

Secure vehicular communication systems: implementation, performance, and research challenges

F. Kargl, A. Kung, A. Held, G. Calandriello, T. V. Thong, B. Wiedersheim, E. Schoch, M. Müter, L. Buttyán, P. Papadimitratos, J. P. Hubaux

IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 110-118.

Bibtex | Abstract | PDF

@article {
   author = {Frank Kargl, Antonio Kung, Albert Held, Giorgo Calandriello, Ta Vinh Thong, Björn Wiedersheim, Elmar Schoch, Michael Müter, Levente BUTTYÁN, Panagiotis Papadimitratos, Jean-Pierre Hubaux},
   title = {Secure vehicular communication systems: implementation, performance, and research challenges},
   journal = {IEEE Communications Magazine},
   volume = {46},
   number = {11},
   month = {November},
   year = {2008},
   pages = {110-118}
}

Abstract

Vehicular communication systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. we discuss the design of a VC security system that has emerged as a result of the European SeVe-Com project. In this second article we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems.

Securing Coding Based Distributed Storage in Wireless Sensor Networks

L. Buttyán, L. Czap, I. Vajda

IEEE Workshop on Wireless and Sensor Network Security (WSNS), Atlanta, Georgia, USA, September 29-October 2, 2008.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, László CZAP, István VAJDA},
   title = {Securing Coding Based Distributed Storage in Wireless Sensor Networks},
   booktitle = {IEEE Workshop on Wireless and Sensor Network Security (WSNS)},
   address = {Atlanta, Georgia, USA},
   month = {September 29-October 2},
   year = {2008}
}

Abstract

We address the problem of pollution attacks in coding based distributed storage systems proposed for wireless sensor networks. In a pollution attack, the adversary maliciously alters some of the stored encoded packets, which results in the incorrect decoding of a large part of the original data upon retrieval. We propose algorithms to detect and recover from such attacks. In contrast to existing approaches to solve this problem, our approach is not based on adding cryptographic checksums or signatures to the encoded packets. We believe that our proposed algorithms are suitable in practical systems.

Security and Cooperation in Wireless Networks

L. Buttyán, J. P. Hubaux

Cambridge University Press, 2008.

Bibtex

@book {
   author = {Levente BUTTYÁN, Jean-Pierre Hubaux},
   title = {Security and Cooperation in Wireless Networks},
   publisher = {Cambridge University Press},
   year = {2008}
}

Abstract

Security API analysis with the spi-calculus

L. Buttyán, T. V. Thong

Hiradástechnika, vol. LXIII, January, 2008, pp. 16-21.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Security API analysis with the spi-calculus},
   journal = {Hiradástechnika},
   volume = {LXIII},
   month = {January},
   year = {2008},
   pages = {16-21}
}

Keywords

Security API, Spi-calculus, Verification

Abstract

API level vulnerabilities of hardware security modules represent a serious threat, thus, discovering and patching security holes in APIs are important. In this paper, we argue and illustrate that the application of formal verification methods is a promising approach for API analysis. In particular, we propose an API verification method based on process algebra. The proposed method seems to be extremely wellsuited for API analysis as it allows for the straightforward modelling of the API, the precise definition of the security requirements, and the rigorous verification of the security properties offered by the API.

2007

An User Authentication Scheme for Fast Handover Between WiFi Access Points

A. Bohák, L. Buttyán, L. Dóra

In Proceedings of the Third Annual International Wireless Internet Conference, ACM, Austin, Texas, USA, October 22-23, 2007, pp. 1-6, (invited paper).

Bibtex | Abstract | PDF

@inproceedings {
   author = {András BOHÁK, Levente BUTTYÁN, László DÓRA},
   title = {An User Authentication Scheme for Fast Handover Between WiFi Access Points},
   booktitle = {In Proceedings of the Third Annual International Wireless Internet Conference},
   publisher = {ACM},
   address = {Austin, Texas, USA},
   month = {October 22-23},
   year = {2007},
   pages = {1-6},
   note = {(invited paper)}
}

Abstract

In this paper, we propose an authentication scheme that is designed to reduce the authentication delay during a WiFi handover process. We observe that the largest part of the delay is due to the remote communications between the access point and the AAA server that authorizes the access to the network. In order to eliminate remote communications, our scheme uses pre-authorization, and it pre-distributes authentication information to the access points that are the potential targets of a future handover. This ensures that only local communications (between the mobile station and the access point) take place during the handover itself. We describe the design of our scheme, as well as report on a proof-of-concept implementation. Our validation results show that our scheme breaks the dependency of the authentication delay on the round-trip time between the access point and the AAA server. This makes our scheme applicable in real time applications such as telephony and video streaming for WiFi users.

Architecture for Secure and Private Vehicular Communications

P. Papadimitratos, L. Buttyán, J. P. Hubaux, F. Kargl, A. Kung, M. Raya

Proceedings of the International Conference on ITS Telecommunications (ITST), -, Sophia Antipolis, France, June 6-8, , 2007, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Panagiotis Papadimitratos, Levente BUTTYÁN, Jean-Pierre Hubaux, Frank Kargl, Antonio Kung, Maxim Raya},
   title = {Architecture for Secure and Private Vehicular Communications},
   booktitle = {Proceedings of the International Conference on ITS Telecommunications (ITST)},
   publisher = {-},
   address = {Sophia Antipolis, France},
   month = {June 6-8, },
   year = {2007},
   pages = {1-6}
}

Abstract

The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities and cryptographic keys, the security of communications, and the integration of privacy enhancing technologies. Our design approach aims at a system that relies on well-understood components which can be upgraded to provide enhanced security and privacy protection in the future. This effort is undertaken by SeVeCom (http://www.sevecom.org), a transversal project providing security and privacy enhancing mechanisms compatible with the VC technologies currently under development by all EU funded projects.

Barter-based cooperation in delay-tolerant personal wireless networks

L. Buttyán, L. Dóra, M. Felegyhazi, I. Vajda

In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications, IEEE Computer Society Press, Helsinki, Finland, June 18 , 2007, pp. 1-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, László DÓRA, Mark Felegyhazi, István VAJDA},
   title = {Barter-based cooperation in delay-tolerant personal wireless networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications},
   publisher = {IEEE Computer Society Press},
   address = {Helsinki, Finland},
   month = {June 18 },
   year = {2007},
   pages = {1-6}
}

Abstract

In this paper, we consider the application of delay-tolerant networks to personal wireless communications. In these networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. In addition, the results show that the individually most beneficial behavior leads to the social optimum of the system.

Biztonsági API analízis a spi-kalkulussal

L. Buttyán, T. V. Thong

Hiradástechnika, vol. LXII/8, August, 2007, pp. 43-49.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Biztonsági API analízis a spi-kalkulussal},
   journal = {Hiradástechnika},
   volume = {LXII/8},
   month = {August},
   year = {2007},
   pages = {43-49}
}

Keywords

Biztonsági API, Formális ellenõrzés, Spi-kalkulus

Abstract

Az API szintû támadások komoly veszélyt jelentenek a hardver biztonsági modulokra nézve, ezért fontos követelmény az API-ban rejlõ biztonsági lyukak felfedezése és foltozása. Az API analízis egyik igéretes iránya a formális verifikációs módszerek alkalmazása. Cikkünkben ezt az irányt követjük, s egy processz-algebra alapú API verifikációs módszert javaslunk, mely különösen alkalmasnak látszik a biztonsági API-k mûködésének formális leírására, a biztonsági követelmények precíz definiálására, és a megfogalmazott követelmények teljesítésének ellenõrzésére. Munkánk motiválása céljából ismertetünk nénány konkrét API szintû támadást is egy a gyakorlatban elterjedten használt hardver biztonsági modul ellen. Bevezetés

CORA: Correlation-based Resilient Aggregation in Sensor Networks

P. Schaffer, I. Vajda

In Proceedings of the 10th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), ACM Press, Chania, Crete, Greece, October 22 - 26, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Peter Schaffer, István VAJDA},
   title = {CORA: Correlation-based Resilient Aggregation in Sensor Networks},
   booktitle = {In Proceedings of the 10th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)},
   publisher = {ACM Press},
   address = {Chania, Crete, Greece},
   month = {October 22 - 26},
   year = {2007}
}

Abstract

In this paper we consider the problem of resilient data aggregation, namely, when aggregation has to be performed on a compromised sample. We present a statistical framework that is designed to mitigate the effects of an attacker who is able to alter the values of the measured parameters of the environment around some of the sensor nodes. Our proposed framework takes advantage of the naturally existing correlation between the sample elements, which is very rarely considered in other sensor network related papers. The algorithms presented are to be applied without assumption on the sensor network’s sampling distribution or on the behaviour of the attacker. The effectiveness of the algorithms is formally evaluated.

Efficient Directory Harvest Attacks and Countermeasures

B. Bencsáth, I. Vajda

International Journal of Network Security, vol. 5, no. 3, 2007, pp. 264-273.

Bibtex

@article {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Efficient Directory Harvest Attacks and Countermeasures},
   journal = {International Journal of Network Security},
   volume = {5},
   number = {3},
   year = {2007},
   pages = {264-273}
}

Abstract

Empirical Analysis of Denial of Service Attack Against SMTP Servers

B. Bencsáth, M. A. Rónai

Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems, IEEE, Orlando, Florida, USA, May 21-25 , 2007, pp. 72-79.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, Miklós Aurél RÓNAI},
   title = {Empirical Analysis of Denial of Service Attack Against SMTP Servers},
   booktitle = {Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE},
   address = {Orlando, Florida, USA},
   month = {May 21-25 },
   year = {2007},
   pages = {72-79}
}

Abstract

Group-Based Private Authentication

G. Avoine, L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007), IEEE, Helsinki, Finland, Jun 18 , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gildas Avoine, Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Group-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007)},
   publisher = {IEEE},
   address = {Helsinki, Finland},
   month = {Jun 18 },
   year = {2007}
}

Abstract

We propose a novel authentication scheme that ensures privacy of the provers. Our scheme is based on symmetric-key cryptography, and therefore, it is well-suited to resource constrained applications in large scale environments. A typical example for such an application is an RFID system, where the provers are low-cost RFID tags, and the number of the tags can potentially be very large. We analyze the proposed scheme and show that it is superior to the well-known key-tree based approach for private authentication both in terms of privacy and efficiency.

On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer, Cambridge, UK, July 2-3, , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs},
   booktitle = {In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007)},
   publisher = {Springer},
   address = {Cambridge, UK},
   month = {July 2-3, },
   year = {2007}
}

Abstract

The promise of vehicular communications is to make road traffic safer and more efficient. However, besides the expected benefits, vehicular communications also introduce some privacy risk by making it easier to track the physical location of vehicles. One approach to solve this problem is that the vehicles use pseudonyms that they change with some frequency. In this paper, we study the effectiveness of this approach.We define a model based on the concept of the mix zone, characterize the tracking strategy of the adversary in this model, and introduce a metric to quantify the level of privacy enjoyed by the vehicles. We also report on the results of an extensive simulation where we used our model to determine the level of privacy achieved in realistic scenarios. In particular, in our simulation, we used a rather complex road map, generated traffic with realistic parameters, and varied the strength of the adversary by varying the number of her monitoring points. Our simulation results provide detailed information about the relationship between the strength of the adversary and the level of privacy achieved by changing pseudonyms.

PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks

L. Buttyán, P. Schaffer

In Proceedings of the 4th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS), IEEE Press, Pisa, Italy, October 8-11, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Peter Schaffer},
   title = {PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks},
   booktitle = {In Proceedings of the 4th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS)},
   publisher = {IEEE Press},
   address = {Pisa, Italy},
   month = {October 8-11},
   year = {2007}
}

Abstract

In this paper, we introduce PANEL, a position-based aggregator node election protocol for wireless sensor networks. The novelty of PANEL with respect to other aggregator node election protocols is that it supports asynchronous sensor network applications where the sensor readings are fetched by the base stations after some delay. In particular, the motivation for the design of PANEL was to support reliable and persistent data storage applications, such as TinyPEDS. PANEL ensures load balancing, and it supports intra- and inter-cluster routing allowing sensor to aggregator, aggregator to aggregator, base station to aggregator, and aggregator to base station communications. We also present simulation results showing that PANEL is very energy efficient.

Secure Routing in Wireless Sensor Networks

G. Ács, L. Buttyán

in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press, 2007.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács, Levente BUTTYÁN},
   title = {Secure Routing in Wireless Sensor Networks},
   publisher = {in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press},
   year = {2007}
}

Abstract

In this chapter, we study how sensor network routing protocols can be secured. First, we describe the adversary model, the objectives of attacks against routing, as well as the different attack methods that may be used in wireless sensor networks. All these are illustrated by example attacks on well-known sensor network routing protocols. Then, we describe various countermeasures that can be used in sensor networks to secure the routing protocols. These include link layer security measures, secure neighbor discovery techniques, authenticated broadcast algorithms, and multi-path routing techniques. Finally, we illustrate the application of some of these countermeasures by presenting and explaining the operation of some secured sensor network routing protocols.

Security and Privacy in Ad Hoc and Sensor Networks

L. Buttyán, V. Gligor, D. Westhoff

vol. LNCS 4357, Springer, 2007.

Bibtex

@book {
   author = {Levente BUTTYÁN, Virgil Gligor, Dirk Westhoff},
   title = {Security and Privacy in Ad Hoc and Sensor Networks},
   volume = {LNCS 4357},
   publisher = {Springer},
   year = {2007}
}

Abstract

The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
   editor = {October 8-11},
   booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
   organization = {IEEE Press},
   address = {Pisa, Italy},
   year = {2007}
}

Abstract

In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.

2006

A taxonomy of routing protocols for wireless sensor networks

G. Ács, L. Buttyán

Híradástechnika, December, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN},
   title = {A taxonomy of routing protocols for wireless sensor networks},
   journal = {Híradástechnika},
   month = {December},
   year = {2006}
}

Abstract

Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.

How to accept an electronic signature?

I. Zs. Berta

Híradástechnika, 2006, vol. LXI, 2006, in Hungarian.

Bibtex | Abstract

@article {
   author = {István Zsolt BERTA},
   title = {How to accept an electronic signature?},
   journal = {Híradástechnika, 2006, vol. LXI},
   year = {2006},
   note = {in Hungarian}
}

Abstract

The mathematical principles of electronic signatures have been known for several decades. Since then, electronic signatures have been incorporated into the Hungarian legal system: they have become legally equivalent with handwritten ones. Although we can now rely on both their mathematical and on their legal foundations, this technology has began to spread but in the last few years. The practical application of this new technology highlighted certain problems. Many of these also appear in case of handwritten signatures, but have lesser significance in that case.

Az elektronikus aláírás elméleti alapjai régóta ismertek. E matematikai, kriptográfiai szempontból bevált technológia már a hazai jogrendszerbe is beépült, és ezzel az elektronikus aláírás a kézzel írott aláírással egyenértékûvé vált. Az elektronikus aláírás használatához mind a matematikai, mind a jogi alapok rendelkezésre állnak, de e technológia mégis csak az elmúlt években kezdett elterjedni hazánkban. A gyakorlati alkalmazás során számos probléma merült fel ezen új technológiával kapcsolatban. Ezek nagy része megjelenik a kézzel írott aláírások esetében is, de e problémák ott sokkal kisebb jelentõséggel bírnak.

Internet Denial of Service attacks in game theoretical model (in hungarian)

B. Bencsáth, I. Vajda

Alkalmazott Matematikai Lapok 23, 2006, pp. 335-348..

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Internet Denial of Service attacks in game theoretical model (in hungarian)},
   journal = {Alkalmazott Matematikai Lapok 23},
   year = {2006},
   pages = {335-348.}
}

Keywords

DoS

Abstract

Cikkünk kriptográai protokollok szolgáltatás-megtagadásos (Denial of Service  DoS) támadások elleni védelmér®l szól. A DoS támadások modellezésére a folyamatot stratégiai játékként értelmezzük. Ebben a modellben a támadó maximalizálni kívánja a kiszolgáló elhasznált kapacitásait, míg a kiszolgáló minimalizálni próbálja az elpazarolt er®forrásokat, és megpróbálja továbbra is kiszolgálni a legitim klienseket. A játékelméleti szemléletmódot részleteiben mutatjuk be, és felhasználjuk azt a kliens oldali rejtvény technika (client-side puzzle) optimalizálására. A cikkben analizáljuk azt az esetet is, amikor a szerver optimális kevert stratégiát választ a védekezéshez.

Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
   month = {October},
   year = {2006}
}

Abstract

The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.

Optimal Key-Trees for Tree-Based Private Authentication

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), June, 2006, Springer.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Optimal Key-Trees for Tree-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET)},
   month = {June},
   year = {2006},
   note = {Springer}
}

Abstract

Key-tree based private authentication has been proposed by Molnar and Wagner as a neat way to efficiently solve the problem of privacy preserving authentication based on symmetric key cryptography. However, in the key-tree based approach, the level of privacy provided by the system to its members may decrease considerably if some members are compromised. In this paper, we analyze this problem, and show that careful design of the tree can help to minimize this loss of privacy. First, we introduce a benchmark metric for measuring the resistance of the system to a single compromised member. This metric is based on the well-known concept of anonymity sets. Then, we show how the parameters of the key-tree should be chosen in order to maximize the system's resistance to single member compromise under some constraints on the authentication delay. In the general case, when any member can be compromised, we give a lower bound on the level of privacy provided by the system. We also present some simulation results that show that this lower bound is quite sharp. The results of this paper can be directly used by system designers to construct optimal key-trees in practice; indeed, we consider this as the main contribution of our work.

Protection against DHA attack with central filtering (in hungarian)

Géza Szabó, B. Bencsáth

Híradástechnika, vol. LXI, 05, 2006, pp. pp. 2-9.

Bibtex

@article {
   author = {Géza Szabó, Boldizsár Bencsáth},
   title = {Protection against DHA attack with central filtering (in hungarian)},
   journal = {Híradástechnika},
   volume = {LXI},
   month = {05},
   year = {2006},
   pages = {pp. 2-9}
}

Abstract

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {5},
   number = {11},
   year = {2006}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.

Providing Location Privacy in Automated Fare Collection Systems

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece, June, 2006.

Bibtex | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Providing Location Privacy in Automated Fare Collection Systems},
   booktitle = {In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece},
   month = {June},
   year = {2006}
}

Abstract

RANBAR: RANSAC-Based Resilient Aggregation in Sensor Networks

L. Buttyán, P. Schaffer, I. Vajda

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), ACM Press, Alexandria, VA, USA, October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Peter Schaffer, István VAJDA},
   title = {RANBAR: RANSAC-Based Resilient Aggregation in Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN)},
   publisher = {ACM Press},
   address = {Alexandria, VA, USA},
   month = {October},
   year = {2006}
}

Abstract

We present a novel outlier elimination technique designed for sensor networks. This technique is called RANBAR and it is based on the RANSAC (RANdom SAmple Consensus) paradigm, which is well-known in computer vision and in automated cartography. The RANSAC paradigm gives us a hint on how to instantiate a model if there are a lot of compromised data elements. However, the paradigm does not specify an algorithm and it uses a guess for the number of compromised elements, which is not known in general in real life environments. We developed the RANBAR algo- rithm following this paradigm and we eliminated the need for the guess. Our RANBAR algorithm is therefore capable to handle a high percent of outlier measurement data by leaning on only one preassumption, namely that the sample is i.i.d. in the unattacked case. We implemented the algo- rithm in a simulation environment and we used it to filter out outlier elements from a sample before an aggregation procedure. The aggregation function that we used was the average. We show that the algorithm guarantees a small dis- tortion on the output of the aggregator even if almost half of the sample is compromised. Compared to other resilient aggregation algorithms, like the trimmed average and the median, our RANBAR algorithm results in smaller distor- tion, especially for high attack strengths.

Resilient Aggregation with Attack Detection in Sensor Networks

L. Buttyán, P. Schaffer, I. Vajda

Second IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS), IEEE Computer Society Press, Pisa, Italy, March, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Peter Schaffer, István VAJDA},
   title = {Resilient Aggregation with Attack Detection in Sensor Networks},
   booktitle = {Second IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS)},
   publisher = {IEEE Computer Society Press},
   address = {Pisa, Italy},
   month = {March},
   year = {2006}
}

Abstract

In this paper, we propose a new model of resilient data aggregation in sensor networks, where the aggregator analyzes the received sensor readings and tries to detect unexpected deviations before the aggregation function is called. In this model, the adversary does not only want to cause maximal distortion in the output of the aggregation function, but it also wants to remain undetected. The advantage of this approach is that in order to remain undetected, the adversary cannot distort the output arbitrarily, but rather the distortion is usually upper bounded, even for aggregation functions that were considered to be insecure earlier (e.g., the average). We illustrate this through an example in this paper.

Resilient Aggregation: Statistical Approaches

L. Buttyán, P. Schaffer, I. Vajda

Chapter 10, in N.P.Mahalik (ed.): Sensor Networks and Configuration, Springer, 2006.

Bibtex | Abstract | PDF

@inbook {
   author = {Levente BUTTYÁN, Peter Schaffer, István VAJDA},
   title = {Resilient Aggregation: Statistical Approaches},
   chapter = {Chapter 10},
   publisher = {in N.P.Mahalik (ed.): Sensor Networks and Configuration, Springer},
   year = {2006}
}

Abstract

In typical sensor network applications, the sensors are left unattended for a long period of time. In addition, due to cost reasons, sensor nodes are usually not tamper resistant. Consequently, sensors can be easily captured and compromised by an adversary. Once compromised, a sensor can send authentique messages to other nodes and to the base station, but those messages may contain arbitrary data created by the adversray (e.g., bogus measurments). A similar effect can be achieved by manipulating the physical environment of uncompromised sensors so that they measure false values. Bogus data introduced by the adversary may considerably distort the output of the aggregation function at the base station, and may lead to wrong decisions. The goal of resilient aggregation is to perform the aggregation correctly despite the possibility of the above mentioned attacks. In this paper, we give an overview of the state-of-the-art in resilient aggregation in sensor networks, and briefly summarize the relevant techniques in the field of mathematical statistics. In addition, we introduce a particular approach for resilient aggregation in more details. This approach is based on RANSAC (RAndom SAmple Consensus), which we adopted for our purposes. We also present some initial simulation results showing that our RANSAC based approach can tolerate a high percentage of compromised nodes.

SEVECOM - Secure Vehicle Communication

T. Leinmueller, L. Buttyán, J. P. Hubaux, F. Kargl, P. Papadimitratos, M. Raya, E. Schoch

IST Mobile Summit, ??, June, 2006.

Bibtex | Abstract

@inproceedings {
   author = {Tim Leinmueller, Levente BUTTYÁN, Jean-Pierre Hubaux, Frank Kargl, Panagiotis Papadimitratos, Maxim Raya, Elmar Schoch},
   title = {SEVECOM - Secure Vehicle Communication},
   booktitle = {IST Mobile Summit},
   publisher = {??},
   month = {June},
   year = {2006}
}

Abstract

Vehicle to Vehicle communication (V2V) and Vehicle to Infrastructure communication (V2I) promise to improve road safety and optimize road traffic through cooperative systems applications. A prerequisite for the successful deployment of vehicular communications is to make them secure. The specific operational environment (moving vehicles, sporadic connectivity, etc. ) makes the problem very novel and challenging. Because of the challenges, a research and development road map is needed. We consider SEVECOM [1] to be the first phase of a longer term undertaking. In this first phase, we aim to define a consistent and future-proof solution to the problem of V2V/V2I security. SEVECOM will focus on communications specific to road traffic. This includes messages related to traffic information, anonymous safety-related messages, and liability related messages.

Statistical analysis of the results of the DHA protection system (in hungarian)

Géza Szabó, B. Bencsáth

Proceedings of Networkshop 2006 conference, NIIF, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Géza Szabó, Boldizsár Bencsáth},
   title = {Statistical analysis of the results of the DHA protection system (in hungarian)},
   booktitle = {Proceedings of Networkshop 2006 conference},
   publisher = {NIIF},
   year = {2006}
}

Abstract

Obtaining the e-mail addresses which are handled by the mail servers is the Directory Harvest Attack. The root of the problem in DHA is in the SMTP protocol itself: the e-mail servers, if they got the mail to a proper address, would not respond, simply accept it. If the server got a mail to a non-existent address, then it would give a response either immediately or later whether the post office box exists or not. This process gives information about the e-mail addresses which are upkept by the server. The attackers use this information, sending huge amount of messages to the e-mail server. The addresses from which do not arrive response (so the server accepts the e-mail without negative signal) are gathered to a list. These addresses should belong to valid user accounts, so it is worthy to send uninvited mails to it. In our presentation we would like to introduce our research, development, and show the results gained from the running of the implemented system. The implemented protection is component based developments, which are strongly coherent and use each other software elements to a high extent. Last year we presented a possible implementation plan. We have continued this work, implemented the system and run it for a long period to collect data from attackers. We would like to analyse the data collected by our system. We present which typical DHA attackers exist and whether it is possible to distinguish them unambiguously from each other based on just the attacker statistics. We compare the distribution of attackers by country in Europe. We review the Hungarian DHA situation based on internet access. With modern statistical methods we examine the question whether we can get answer for that why is DHA happening.

Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban

G. Ács, L. Buttyán

Híradástecnika, November, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN},
   title = {Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban},
   journal = {Híradástecnika},
   month = {November},
   year = {2006}
}

Abstract

A szenzorhálózatok változatos alkalmazásai különbözõ követelményeket támasztanak az útvonalválasztó protokollokkal szemben. A különbözõ követelményeknek köszönhetõen igen sok javasolt protokoll található az irodalomban. Ebben a cikkben rendszerezzük ezeket a vonalválasztó protokollokat, és minden családból bemutatunk egy prominens képviselõt. A cikk újdonsága a rendszerezéshez használt szempontrendszer, mely a protokollok eddigieknél részletesebb taxonómiáját eredményezi.

WiFi biztonság - A jó, a rossz, és a csúf

L. Buttyán, L. Dóra

Híradástechnika, May, 2006.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, László DÓRA},
   title = {WiFi biztonság - A jó, a rossz, és a csúf},
   journal = {Híradástechnika},
   month = {May},
   year = {2006}
}

Abstract

Jelen cikkben ismeretterjesztõ jellegû áttekintést adunk a WiFi biztonsághoz kapcsolódó szabványokról, a WEP-rõl és a 802.11i-rõl.

2005

A framework for the revocation of unintended digital signatures initiated by malicious terminals

I. Zs. Berta, L. Buttyán, I. Vajda

IEEE Transactions on Secure and Dependable Computing, vol. (Vol. 2, No. 3), July-September, 2005, pp. 268-272, http://csdl2.computer.org/....

Bibtex | Abstract

@article {
   author = {István Zsolt BERTA, Levente BUTTYÁN, István VAJDA},
   title = {A framework for the revocation of unintended digital signatures initiated by malicious terminals},
   journal = {IEEE Transactions on Secure and Dependable Computing},
   volume = {(Vol. 2, No. 3)},
   month = {July-September},
   year = {2005},
   pages = {268-272},
   note = {http://csdl2.computer.org/...}
}

Abstract

Human users need trusted computers when they want to generate digital signatures. In many applications, in particular, if the users are mobile, they need to carry their trusted computers with themselves. Smart cards are easy to use, easy to carry, and relatively difficult to tamper with, but they do not have a user interface; therefore, the user still needs a terminal for authorizing the card to produce digital signatures. If the terminal is malicious, it can mislead the user and obtain a digital signature on an arbitrary document. In order to mitigate this problem, we propose a solution based on conditional signatures. More specifically, we propose a framework for the controlled revocation of unintended digital signatures. We also propose a solution with a special emphasis on privacy issues.

Ad hoc útvonalválasztó protokollok bizonyított biztonsága

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, March, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
   journal = {Híradástechnika},
   month = {March},
   year = {2005}
}

Keywords

ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigma

Abstract

Ebben a cikkben egy olyan formális módszert mutatunk be, amivel a vezeték nélküli ad hoc hálózatok számára javasolt, igény szerinti, forrás alapú útvonalválasztó protokollokat (on-demand source routing) lehet biztonsági szempontból elemezni. A módszer alapját a szimulációs paradigma adja, mely egy jól ismert, általános eljárás kriptográfiai protokollok biztonságának bizonyítására. A cikkben bemutatjuk a szimulációs paradigma adaptációját ad hoc útvonalválasztó protokollokra. Formálisan megfogalmazzuk, hogy mit értünk biztonságos útvonalválasztás alatt, melyhez felhasználjuk a statisztikai megkülönböztethetetlenség fogalmát. A módszer gyakorlati alkalmazását egy példán keresztül szemléltetjük, melyben röviden ismertetjük az endairA útvonalválasztó protokoll mûködését, és bebizonyítjuk, hogy a protokoll biztonságos az általunk definiált modellben.

Components to improve the protection against spam and viruses

B. Bencsáth, Géza Szabó

HSN LAB Workshop, Jun, 2005.

Bibtex | Abstract

@inproceedings {
   author = {Boldizsár Bencsáth, Géza Szabó},
   title = {Components to improve the protection against spam and viruses},
   booktitle = {HSN LAB Workshop},
   month = {Jun},
   year = {2005}
}

Keywords

virus dos rbl centralized protection

Abstract

In our presentation we would like to show our research plans, and achievments in the field of virus and spam protection. The planned protection methods are component based developments, close-knit methods, which use each other software components to a great extent. One of the most important methods out of the protection against SPAM is to avoid getting the e-mail addresses maintained by us on to a SPAM list. Among other methods, the attackers use the directory harvest attack (DHA), therefore I would like to show a protection method against it, which works on the recognition and centralised forbidding of the attackers. The novel in our solution is that, in other anti-SPAM methods the emphasis is not put on prevention, they just filter the incoming unsolicited mails. In contrast to this, we suggest a system consists of components, which can be built in our existent working system and prevents the directory harvest attacks. Our system can also be connected with spam-recognition softwares. The solution makes savings possible by mails, coming from known DHA attackers, are not subjected to resource consuming content filtering methods, just simply forbidden. Our system combined with other methods can improve their efficiency as well. The other important component, which can improve our system efficiency is the component developed in the VIRUSFLAGS project, which gives a solution to the problem in connection with the arriving of a virus infected mail from an falsified sender. In this case there is no point in sending a virus alert to the falsified sender, because this is just misleading. But if the virus (for example a Word macro virus) did not falsify the sender, our machine deletes the letter, but the sender is not notified, then legal problems may occur: if our business neither accepted the resignation of a contradiction, because it is infected with a macro virus, nor notified anyone, would cause a legal problem. The virus scanners may know this information, but taking into consideration the system and component theory, a system component can be more efficient which deals with only this question whether a virus falsifies the sender or not. As an add-in of the VIRUSFLAGS current software components, it make it possible to do statistical data collection about the spread of different viruses, which has the same importance level, if it was not more important. We have prototypes about the presented systems, but the utilization and reuse of the results on the modell is in progress.

Cooperative Packet Forwarding in Multi-Domain Sensor Networks

M. Felegyhazi, J. P. Hubaux, L. Buttyán

Proceedings of the First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005), March, 2005.

Bibtex

@inproceedings {
   author = {Mark Felegyhazi, , Levente BUTTYÁN},
   title = {Cooperative Packet Forwarding in Multi-Domain Sensor Networks},
   booktitle = {Proceedings of the First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005)},
   month = {March},
   year = {2005}
}

Abstract

Efficient Directory Harvest Attacks

B. Bencsáth, I. Vajda

William McQuay and Waleed W. Smari, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, IEEE, IEEE Computer Society, July, 2005, pp. 62- 68.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Efficient Directory Harvest Attacks},
   editor = {William McQuay and Waleed W. Smari},
   booktitle = {Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE, IEEE Computer Society},
   month = {July},
   year = {2005},
   pages = {62- 68}
}

Keywords

DHA, SPAM, e-mail attack, DoS

Abstract

In this paper the E-mail Directory Harvest Attacks (DHA) are investigated. We elaborated a method for optimizing the wordlist size used by the attacker in a resource limited environment. We analyzed the results and proved that our method is optimal. We also present an efficient countermeasure against DHA.

Mitigating the attacks of malicious terminals

I. Zs. Berta

BME, 2005, http://www.crysys.hu/~isti/phd.

Bibtex | Abstract | PDF

@phdthesis {
   author = {István Zsolt BERTA},
   title = {Mitigating the attacks of malicious terminals},
   school = {BME},
   year = {2005},
   note = {http://www.crysys.hu/~isti/phd}
}

Abstract

Smart cards, having no user interface, are unable to communicate with the user directly. Communication is only possible with the aid of a terminal, which leads to several security problems. For example, if the terminal is untrusted (which is a very typical scenario), it may perform a man-in-the middle attack. I have created a formal model for dealing with untrusted terminals, and developed mathematical proofs on the limitations of a user in an untrusted terminal environment. Unfortunately, these limitations are too severe, so the attacks of malicious terminals cannot be fully eliminated. Thus, I elaborated solutions to mitigate the problem: I have developed a protocol that takes advantage of the biometric abilities of the user and thus allows sending authentic messages from untrusted terminals. I have also developed a framework for the user to review signatures made in untrusted environment, and to revoke unintended signatures.

Mobility Helps Peer-to-Peer Security

S. Capkun, J. P. Hubaux, L. Buttyán

IEEE Transactions on Mobile Computing, to appear, 2005.

Bibtex

@article {
   author = {, , Levente BUTTYÁN},
   title = {Mobility Helps Peer-to-Peer Security},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks

M. Felegyhazi, J. P. Hubaux, L. Buttyán

IEEE Transactions on Mobile Computing, to appear, 2005.

Bibtex

@article {
   author = {Mark Felegyhazi, , Levente BUTTYÁN},
   title = {Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Node Cooperation in Hybrid Ad hoc Networks

N. B. Salem, L. Buttyán, J. P. Hubaux, M. Jakobsson

IEEE Transactions on Mobile Computing, to appear, 2005.

Bibtex

@article {
   author = {N. Ben Salem, Levente BUTTYÁN, , Markus Jakobsson},
   title = {Node Cooperation in Hybrid Ad hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Possible protection methods against DHA attacks by the attackers recognition and centralized ban (in hungarian)

Géza Szabó, Gábor Szabó

Networkshop 2005 Konferencia, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Géza Szabó, Gábor Szabó},
   title = {Possible protection methods against DHA attacks by the attackers recognition and centralized ban (in hungarian)},
   booktitle = {Networkshop 2005 Konferencia},
   year = {2005}
}

Abstract

Introduction: In result of growing number of uninvited mails,viruses spreading in mails and other malwares people tend to think it twice who they give their e-mails to. They have another think whether they should take the risk to use their e-mail on an online forum, or even to leave it on their own web page or calling card. Cause of the reasons above, the users usually keep an other one-time e-mail address, often at some free service provider, which in case of flooding of uninvited mails, it can be leaved to its own devices. The root of the problem in DHA is in the SMTP protocoll itself: the e-mail servers, if they got the mail to a proper address, would not respond, simply accept it. If the server got a mail to a non-existent address, then it would give a response either immediately or later whether the post office box exists or not. This process gives information about the e-mail addresses which are upkept by the server. The attackers use this information, sending huge amount of messages to the email server. The addresses from which do not arrive response (so the server accepts the e-mail without negative signal) are gathered to a list. These addresses should belong to valid user accounts, so it is worthy to send uninvited mails to it. Beside of getting out of our address, the other problem may the DoS like attack of the mail server. For the sake of gathering the e-mails, the attacker (or even more than one) sends huge amount of misaddressed e-mails, which can result in the overloading of computing and network capacity of the server. There are two main types of DHA attack: the first one is a “brute force” like method, when all the possible character combinations are tried out as e-mail address; the second, a much more sophisticated: typical occurent e-mail addresses are generated from first, second, and nick names, offten occurent words, and well-known e-mail IDs. One way of the protection against DHA attacks can be the simply complicated-choosen e-mail addresses. Although our collegues may be hardly able to remember it, and the other side of the coin is that this method can do nothing against brute force like attacks. Other solution can be if we configure the server to accept every e-mails and do not feedback to anyone, and so the misaddressed e-mails are simply ignored. This solution has several backdraws: the mail senders does not know that an address does not exist, so the server may be flooded by uninvited mails. It is also important, that even the legitim user is not informed about misaddressed e-mails. So because of all of these reasons, the ban of feedback is not suggested. The most applicable would be the refinement of SMTP protocoll, but what can we do by the time this not happens? Our suggested solution: We suggest a system built up by components, which infiltrates besides our current system and halts these types of attacks. This system consists of a syslog analyzator, a spam detector, and a virus searching portion. The results are summerised in a centralized registration list, so we keep the list of those computers which are involved in the DHA attack. With the help of the centralized registration list, all member of the system using our components gain information even from each others problems, so the attacker can be banned not only from one place but it can not do any harm for the others as well. The syslog analyzing system looks up in the e-mail server notifications that where the misadressed emails are coming from (which IP address), and makes a detailed report to the central database. In favour of the low number of misaddressed mails, we introduce a method that the discrete missaddressed e-mails can be divided from the real attackers. Our system can be connected to spam-recognizing softwares. The solution makes it possible to save resources by not analysing the e-mails coming from known DHA attacking servers with other resourceintensive content filtering methods but we ban them. Our system even raises these softwares efficiency combined with them.

Provable Security for Ad Hoc Routing Protocols

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, June, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provable Security for Ad Hoc Routing Protocols},
   journal = {Híradástechnika},
   month = {June},
   year = {2005}
}

Keywords

ad hoc networks, on-demand ad hoc source routing, secure ad hoc routing, provable security, simulation paradigm

Abstract

In this article we present a new formal framework that can be used for analyzing the ecurity of on-demand source routing protocols proposed for wireless mobile ad hoc networks. Our approach is based on the simulation paradigm which is a well-known and general procedure to prove the security of cryptographic protocols. We give the formal definition of secure ad hoc routing in a precise and rigorous manner using the concept of statistical indistinguishability. We present an ad hoc source routing protocol, called endairA, and we illustrate the usage of our approach by proving that this protocol is secure in our model.

Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks},
   booktitle = {In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005},
   year = {2005}
}

Abstract

In this paper, we propose a framework for the security analysis of on-demand, distance vector routing protocols for ad hoc networks, such as AODV, SAODV, and ARAN. The proposed approach is an adaptation of the simulation paradigm that is used extensively for the analysis of cryptographic algorithms and protocols, and it provides a rigorous method for proving that a given routing protocol is secure. We demonstrate the approach by representing known and new attacks on SAODV in our framework, and by proving that ARAN is secure in our model.

Spontaneous Cooperation in Multi-domain Sensor Networks

L. Buttyán, T. Holczer, P. Schaffer

In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS), Springer, Visegrád, Hungary, July, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, Peter Schaffer},
   title = {Spontaneous Cooperation in Multi-domain Sensor Networks},
   booktitle = {In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS)},
   publisher = {Springer},
   address = {Visegrád, Hungary},
   month = {July},
   year = {2005}
}

Abstract

Sensor networks are large scale networks consisting of several nodes and some base stations. The nodes are monitoring the environment and send their measurement data towards the base stations possibly via multiple hops. Since the nodes are often battery powered, an important design criterion for sensor networks is the maximization of their lifetime. In this paper, we consider multi-domain sensor networks, by which we mean a set of sensor networks that co-exist at the same physical location but run by different authorities. In this setting, the lifetime of all networks can be increased if the nodes cooperate and also forward packets originating from foreign domains. There is a risk, however, that a selfish network takes advantage of the cooperativeness of the other networks and exploits them. We study this problem in a game theoretic setting, and show that, in most cases, there is a Nash equilibrium in the system, in which at least one of the strategies is cooperative, even without introducing any external incentives (e.g., payments).

Standards for Product Security Assessment

I. Zs. Berta, L. Buttyán, I. Vajda

Chapter 53, in IT Security Handbook, edited by Hossein Bidgoli, John Wiley and Sons, 2005, (to appear).

Bibtex

@inbook {
   author = {István Zsolt BERTA, Levente BUTTYÁN, István VAJDA},
   title = {Standards for Product Security Assessment},
   chapter = {Chapter 53},
   publisher = {in IT Security Handbook, edited by Hossein Bidgoli, John Wiley and Sons},
   year = {2005},
   note = {(to appear)}
}

Abstract

Statistical Wormhole Detection in Sensor Networks

I. Vajda, L. Buttyán, L. Dóra

Refik Molva, Gene Tsudik, Dirk Westhoff, Lecture Notes in Computer Science, Springer-Verlag GmbH, 2005, pp. Volume 3813/ 2005, pp. 128 - 141, Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA, Levente BUTTYÁN, László DÓRA},
   title = {Statistical Wormhole Detection in Sensor Networks},
   editor = {Refik Molva, Gene Tsudik, Dirk Westhoff},
   booktitle = {Lecture Notes in Computer Science},
   publisher = {Springer-Verlag GmbH},
   year = {2005},
   pages = {Volume 3813/ 2005, pp. 128 - 141},
   note = {Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005}
}

Keywords

Sensor network, wormhole detection, chi-square

Abstract

n this paper, we propose two mechanisms for wormhole detection in wireless sensor networks. The proposed mechanisms are based on hypothesis testing and they provide probabilistic results. The first mechanism, called the Neighbor Number Test (NNT), detects the increase in the number of the neighbors of the sensors, which is due to the new links created by the wormhole in the network. The second mechanism, called the All Distances Test (ADT), detects the decrease of the lengths of the shortest paths between all pairs of sensors, which is due to the shortcut links created by the wormhole in the network. Both mechanisms assume that the sensors send their neighbor list to the base station, and it is the base station that runs the algorithms on the network graph that is reconstructed from the received neighborhood information. We describe these mechanisms and investigate their performance by means of simulation.

The applied Spam-filtering methods and the Sender ID in Hungary (in hungarian)

Gábor Szabó, Géza Szabó

Proceedings of Networkshop 2005 conference, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gábor Szabó, Géza Szabó},
   title = {The applied Spam-filtering methods and the Sender ID in Hungary (in hungarian)},
   booktitle = {Proceedings of Networkshop 2005 conference},
   year = {2005}
}

Abstract

Nowadays we could hear a lot of advantages and disadvantages of Microsoft’s Sender ID Framework. This industrial standard combines the Microsoft’s Caller ID for E-mail, the Sender Policy Framework and the Submitter Optimisation specification. Instead of describing the specification or the problems of the method, I want to make an overview of the incidence of Sender ID and the other methods in Hungary. Analysing the Hungarian position of Sender ID and making a comparison to the related specifications (Sender Policy Framework, SpamAssassin, etc.) I want to come to a conclusion whether the Sender ID could be viable in Hungary.

2004

A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol

L. Buttyán, J. P. Hubaux, S. Capkun

Journal on Computer Security, vol. 12, no. 3-4, 2004, pp. 551-587.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, , },
   title = {A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol},
   journal = {Journal on Computer Security},
   volume = {12},
   number = {3-4},
   year = {2004},
   pages = {551-587}
}

Abstract

We propose a formal model of rational exchange and exchange protocols in general, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game that is played by the protocol parties and the network that they use to communicate with each other. Within this model, we give a formal definition for rational exchange and various other properties of exchange protocols, including fairness. In particular, rational exchange is defined in terms of a Nash equilibrium in the protocol game. We also study the relationship between rational and fair exchange, and prove that fairness implies rationality, but not vice versa. Finally, we illustrate the usage of our formal model for the analysis of existing rational exchange protocols by analyzing a protocol proposed by Syverson. We show that the protocol is rational only under the assumption that the network is reliable.

Az informatikai hálózati infrastruktúra biztonsági kockázatai és kontrolljai

B. Bencsáth, T. Tuzson, B. Tóth, T. Tiszai, G. Szappanos, E. Rigó, Sz. Pásztor, M. Pásztor, P. Papp, P. Orvos, P. Mátó, B. Martos, L. Kún, Z. Kincses, T. Horváth, M. Juhász, B. K. Erdélyi, A. Bogár, G. Vid

IHM - MTA-SZTAKI, 2004.

Bibtex | Abstract | PDF

@techreport {
   author = {Boldizsár Bencsáth, Tibor TUZSON, Beatrix TÓTH, Tamás TISZAI, Gábor SZAPPANOS, Ernõ RIGÓ, Szilárd PÁSZTOR, Miklós PÁSZTOR, Pál PAPP, Péter ORVOS, Péter MÁTÓ, Balázs MARTOS, László KÚN, Zoltán KINCSES, Tamás HORVÁTH, Miklós JUHÁSZ, Bálint Károly ERDÉLYI, Attila BOGÁR, Gábor VID},
   title = {Az informatikai hálózati infrastruktúra biztonsági kockázatai és kontrolljai},
   institution = {IHM - MTA-SZTAKI},
   year = {2004}
}

Abstract

http://www.cert.hu/ismert/00tanulmany/MTAsec_w1_TOC.pdf

Az internetes vírus- és spamvédelem rendszerszemléletben

B. Bencsáth

HISEC 2004 konferencia, 10., 2004, Budapest, in Hungarian.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth},
   title = {Az internetes vírus- és spamvédelem rendszerszemléletben},
   booktitle = {HISEC 2004 konferencia},
   month = {10.},
   year = {2004},
   note = {Budapest, in Hungarian}
}

Abstract

Az internetes virus- és spamvédelem rendszerszemléletben Az elmúlt idõszak bebizonyította, hogy a régóta ismert vírusok és kéretlen reklámlevelek olyan súlyos problémát jelentenek az Internet szereplõinek, amit nem lehet figyelmen kívül hagyni. A cégek többsége jelenleg is használ vírusvédelmi és kéretlen levelek szûrésére alkalmas eszközöket. A vírusok és férgek ennek ellenére gyakorta megelõzik, kicselezik a védelmet és bejutnak a cégek hálózatába. A kéretlen levelek elleni védelem pedig gyakorta hibázik és kiforratlannak tekinthetõ. A problémák megoldására számos kereskedelmi és ingyenesen elérhetõ szoftvertermék létezik. Hiába a megannyi szoftver, a vírusok és reklámlevelek mennyisége arányaiban és abszolút értékben is folyamatosan növekedett az elmúlt idõszakban. A növekedés oka az eszközök hatékonytalansága. A hatékonytalanság nem annak a következménye, hogy a termékek rosszak. A probléma oka az, hogy az egyes termékek, ötletek, megoldások nincsenek megfelelõ rendszere szervezve, hiányoznak a kulcs-komponensek, elfogadott jogi és etikai alapelvek, sztenderdek. A ma telepített vírusvédelmi rendszerek többsége egyszerû mintaillesztéses keresésen és heurisztikus analízisen alapul. Noha ez elfogadható lehet a végponton, az Internet szempontjából összetettebb rendszerekre van szükség. A megoldandó feladatok: az egyedi rendszerek hatékonyságának növelése, összegzett, átfogó adatok kinyerése és a kinyert adatok alapján mûködõ, elosztott Internet-szintû védelem. A megoldáshoz számos apró komponens szükségeltetik, elõadásomban ilyen ötleteket is ismertetni kívánok. Az ötletek olyan apró komponensek, mint a karanténozás segítése a járványterjedés megfigyelésével, a hálózati forgalom alapján történõ járványvizsgálatok, a vírusvédelmi rendszerek valósidejû minõségellenõrzése stb. A kéretlen reklámlevelek elleni védelem többnyire már ma is épít rendszerszemlétre: A megoldások jelentõs része nem egy algoritmust tartalmaz, hanem több metódus használatának szinergiáját használja ki. Nem mondhatjuk azonban, hogy a rendszerszemlélet teljes körû lenne: az egyedi megoldások jelentõs része támadható, és makró szinten a megoldások nem mondhatók hatékonynak a kéretlen reklámok elleni védekezésben. Elõadásomban be kívánok mutatni néhány ötletet, amellyel a védelem hatékonysága növelhetõ (külön kitérve a hazai szigorú törvényekbõl adódó lehetõségek kiaknázására), továbbá be kívánom mutatni azokat a tényezõket, amelyek miatt a védelem jelenleg makró szinten hatástalan. Elõadásom célja összegezve az, hogy bemutassa a rendszerszemlélet elengedhetetlenségét a védelmi módszerek között a jelenlegi komponensek kapcsolatai és további ötletek (és kísérleti rendszerek) bemutatása segítségével.

---
The system approach in the field of virus and spam protection The biggest infection events show that the most dangerous viruses propagate via the Internet email systems. The problem of Internet viruses and spam email messages is no longer dismissible. Multi-layer virus and spam protection reduces the number of infections but still does not eliminate the problem itself. Infected computers send out thousands of infected messages to other hosts, a large part of the Internet traffic is generated by malicious code. A wide range of commercial and free software is available to solve these problems, but along the introduction of these software components, the number of infected hosts and messages is still growing year by year. The reason of the growth is the inefficiency of our software components. This does not mean that the software used against these problems is wrong. The problem is, that the various ideas, tools, software and network components do not build up a whole system. Elaborated key-components, widely accepted standards and legal system and collaborative tools are still missing. As for improvement we do not need new statistical engine to protect a host, but we need a distributed, Internet-fashioned system with collaborative parties to evaluate the situation, to rapidly respond to unknown viruses and other threats. We propose small software components to gain information about the propagation of malicious code, to build up a efficient Internet-wide quarantine system, to monitor and check our protection systems, and to identify or inform owners about problems with their hosts. Many of theses software tools are available but unusable as collaborative tools. The small components cannot work together; we cannot build up a whole, efficient system from these components. The goal of my speech is to present how necessary is a system approach in the field of virus and spam protection. I also present of achievements (plans and prototypes) to develop software components to use in a wide-area protection system.

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case

M. Felegyhazi, J. P. Hubaux, L. Buttyán

Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004), March, 2004.

Bibtex

@inproceedings {
   author = {Mark Felegyhazi, , Levente BUTTYÁN},
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case},
   booktitle = {Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004)},
   month = {March},
   year = {2004}
}

Abstract

HUNEID - Hungarian Electronic ID smart card specifications

I. Zs. Berta, I. Vajda, L. Buttyán, B. Bencsáth, T. Veiland

Ministry of Informatics and Telecommunications (www.ihm.hu), http://www.itktb.hu/engine.aspx?page=showcontent&content=ias, 2004.

Bibtex

@techreport {
   author = {István Zsolt BERTA, István VAJDA, Levente BUTTYÁN, Boldizsár Bencsáth, Tamás Veiland},
   title = {HUNEID - Hungarian Electronic ID smart card specifications},
   institution = {Ministry of Informatics and Telecommunications (www.ihm.hu)},
   address = {http://www.itktb.hu/engine.aspx?page=showcontent&content=ias},
   year = {2004}
}

Abstract

Incentives for Cooperation in Multi-hop Wireless Networks

L. Buttyán, T. Holczer, P. Schaffer

Híradástechnika, vol. LIX, no. 3, March, 2004, pp. 30--34, (in Hungarian).

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Tamas Holczer, Peter Schaffer},
   title = {Incentives for Cooperation in Multi-hop Wireless Networks},
   journal = {Híradástechnika},
   volume = {LIX},
   number = {3},
   month = {March},
   year = {2004},
   pages = {30--34},
   note = {(in Hungarian)}
}

Abstract

Cikkünkben bevezetjük a kooperációra való ösztönzés problémáját, ami tipikus problémaként jelentkezik a többugrásos vezetéknélküli hálózatokban. Röviden áttekintjük a nem-kooperatív viselkedési fajtákat, és a kooperációra ösztönzõ mechanizmusok típusait. Végül összefoglaljuk két általunk javasolt ösztönzõ mechanizmus fõbb elemeit, ötleteit.

Kriptográfia és alkalmazásai

L. Buttyán, I. Vajda

Typotex Kiadó, 2004, Budapest, 445p.

Bibtex

@book {
   author = {Levente BUTTYÁN, István VAJDA},
   title = {Kriptográfia és alkalmazásai},
   publisher = {Typotex Kiadó},
   year = {2004},
   note = {Budapest, 445p}
}

Abstract

Limitations of humans when using malicious terminals

I. Zs. Berta, I. Vajda

Tatra Mountains Mathematical Publications, vol. 29, 2004, pp. 1-16.

Bibtex | Abstract | PDF

@article {
   author = {István Zsolt BERTA, István VAJDA},
   title = {Limitations of humans when using malicious terminals},
   journal = {Tatra Mountains Mathematical Publications},
   volume = {29},
   year = {2004},
   pages = {1-16}
}

Abstract

Limitations of humans when using malicious terminals

István Zsolt BERTA, István VAJDA

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal a potential attacker.

According to our model, the user is able to encrypt or authenticate messages with very small degree of security, so these messages can be broken by the terminal with significant probability. Since the cryptographic abilities of the user are more than limited, and no solution is known for the problem, our assumption seems to be realistic.

In this model, we prove, that if the user lacks the ability to encrypt (and decrypt) messages in one step, the remote partner is unable to help the user in constructing a secret channel. We also present our conjecture, that the case is similar in case of authenticity: If the user is unable to calculate a MAC that cannot be broken by the terminal with high probability, then the remote partner is unable to help the user in constructing an authenticated channel.

Mitigating the Untrusted Terminal Problem Using Conditional Signatures

I. Zs. Berta, L. Buttyán, I. Vajda

Proceedings of International Conference on Information Technology ITCC 2004, IEEE, Las Vegas, NV, USA, April, 2004.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István Zsolt BERTA, Levente BUTTYÁN, István VAJDA},
   title = {Mitigating the Untrusted Terminal Problem Using Conditional Signatures},
   booktitle = {Proceedings of International Conference on Information Technology ITCC 2004},
   publisher = {IEEE},
   address = { Las Vegas, NV, USA},
   month = {April},
   year = {2004}
}

Abstract

We study the problem of how a user at an untrusted terminal can generate digital signatures with the help of a smart card. This problem may arise in many practical applications; an example would be a user generating an electronic check at a merchant's terminal in a shop. The danger is that after receiving the PIN code of the card from the user, the terminal can obtain a signature from the card on an arbitrarily chosen document, that is different from the one displayed on the screen and confirmed by the user. We propose a solution to this problem which is based on a new concept called conditional signature. This leads to a new paradigm where digital signatures are not considered as non-repudiable proofs, at least until a short deadline.

Modelling Location Reveal Attacks in Mobile Systems

L. Zombik, L. Buttyán

Periodica Polytechnica, vol. 48, no. 1-2, 2004, pp. 85-100.

Bibtex

@article {
   author = {Laszlo Zombik, Levente BUTTYÁN},
   title = {Modelling Location Reveal Attacks in Mobile Systems},
   journal = { Periodica Polytechnica},
   volume = {48},
   number = {1-2},
   year = {2004},
   pages = {85-100}
}

Abstract

Privacy Protecting Protocols for Revokable Digital Signatures

I. Zs. Berta, L. Buttyán, I. Vajda

Proceedings of Cardis 2004, Toulouse, France (to appear), Kluwer, 2004.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István Zsolt BERTA, Levente BUTTYÁN, István VAJDA},
   title = {Privacy Protecting Protocols for Revokable Digital Signatures},
   booktitle = {Proceedings of Cardis 2004, Toulouse, France (to appear)},
   publisher = {Kluwer},
   year = {2004}
}

Abstract

Consider an application where a human user has to digitally sign a message. It is usually assumed that she has a trusted computer at her disposal, however, this assumption does not hold in several practical cases, especially if the user is mobile. Smart cards have been proposed to solve this problem, but they do not have a user interface, therefore the user still needs a (potentially untrusted) terminal to authorize the card to produce digital signatures. In order to mitigate this problem, we proposed a solution based on conditional signatures to provide a framework for the repudiation of unintended signatures. Our previous solution relies on a trusted third party who is able to link the issuer of the signature with the intended recipient, which may lead to severe privacy problems. In this paper we extend our framework and propose protocols that allow the user to retain her privacy with respect to this trusted third party.

Protection Against DDoS Attacks Based On Traffic Level Measurements

B. Bencsáth, I. Vajda

Waleed W. Smari, William McQuay, 2004 International Symposium on Collaborative Technologies and Systems, The Society for Modeling and Simulation International, San Diego, CA, USA, January, 2004, pp. 22-28., Simulation series vol 36. no. 1., ISBN 1-56555-272-5.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Protection Against DDoS Attacks Based On Traffic Level Measurements},
   editor = {Waleed W. Smari, William McQuay},
   booktitle = {2004 International Symposium on Collaborative Technologies and Systems},
   publisher = {The Society for Modeling and Simulation International},
   address = {San Diego, CA, USA},
   month = {January},
   year = {2004},
   pages = {22-28.},
   note = {Simulation series vol 36. no. 1., ISBN 1-56555-272-5}
}

Keywords

DDoS attacks, traffic analysis, network protection

Abstract

A method for protecting an Internet server against a bandwidth-consuming DDoS attack is proposed and analyzed. Incoming traffic is monitored continuously and ``dangerous'' traffic intensity rises are detected. Such an event activates a traffic filtering rule which pushes down the incoming aggregate traffic to an acceptable level by discarding excess packets according to the measured relative traffic levels of active sources. Compared to other studies, our method has a structurally stronger base: legitimate traffic to the server is not necessarily hindered because of the attack or the traffic suppression. The method is supported by an analysis and a simulation as well.

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

http://eprint.iacr.org/ under report number 2004/159., March, 2004.

Bibtex | Abstract

@techreport {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   institution = {http://eprint.iacr.org/ under report number 2004/159.},
   month = {March},
   year = {2004}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers, and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols have mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined, and routing protocols for mobile ad hoc networks can be analyzed rigorously. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the usage of our framework by proving that it is secure in our model.

Sending authentic messages from malicious terminals

I. Zs. Berta, B. Bencsáth

Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004.

Bibtex | Abstract

@inproceedings {
   author = {István Zsolt BERTA, Boldizsár Bencsáth},
   title = {Sending authentic messages from malicious terminals},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the user’s messages. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal. This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. In the first part of our lecture, we review various solutions and protocols from literature that can aid the user in an untrusted terminal environment. In the second part of the lecture, we propose a solution, that can be implemented with smart cards that exist today, and does not need the user to perform cryptographic operations. Although the smart card cannot decide if the message came from the user or from a malicious software running on the terminal, but can still aid the user in authenticating the message. This is possible if the user sends a so-called biometric message. A biometric message could be a video or voice message. Such a message is very hard to manipulate, it may even require human interaction. In order to prevent the attack, the smart card should ensure, that the attacker has no possibility, no time to perform such a complicated attack. The smart card can be used as a secure time that can guarantee that the message was sent in a certain time frame. This way, the time the attacker has to manipulate the message can be severely limited so even simple algorithmic authenticators can provide strong security.

The problems and connections of network virus protection and the protection against denial of service attacks

B. Bencsáth

Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth},
   title = {The problems and connections of network virus protection and the protection against denial of service attacks},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Keywords

virus, denial of service attack, e-mail

Abstract

First I will provide some introduction into the problems and solutions in both the network virus protection and the protection against Distributed Denial of Service (DDoS). I will show the usual and most workable methods in the area of virus protection: client-side virus protection, mail server / relay server protection (with the priority of open source tools) (e.g. linux, amavis, mailscanner, clamav, unix virus scanners, „mail gateway” protection software), content-filtering tools (filtering web traffic), extended file access control systems (RSBAC malware scan module). I will also introduce the problem area of DDoS protection: Different types of DDoS attacks (protocol fault („magic packet”), network bandwidth overflow, server resource consumption). I will also show the most usable techniques for the protection (error correction, firewalls, anomaly detection (SYN flood protection etc.), protection based on network analysis) and will provide some data about the recent major attacks (Ebay, SCO, anti-spam rbl providers, zombie networks). After the introduction I will show the possible DDoS problems of the network virus protection: The resource consumption of the virus protection, the possibility of flooding, the dangers of virus reports and e-mail alerts. After defining the problems I’ll show our proposed solutions: A virus protection system combined with the technique of network analysis to protect the system against DoS attacks. The incoming mails will be examined by the network analysis engine and therefore it makes possible to filter out DDoS attacks against the virus protection system. Our proposed solution might be useful against unknown (not detectable) viruses and in the area early epidemic protection. To support our method I’ll show the details of the structure of our pilot implementation.

Towards Provable Security for Ad Hoc Routing Protocols

L. Buttyán, I. Vajda

Proceedings of the 2nd ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2004), ACM, October, 2004.

Bibtex

@inproceedings {
   author = {Levente BUTTYÁN, István VAJDA},
   title = {Towards Provable Security for Ad Hoc Routing Protocols},
   booktitle = {Proceedings of the 2nd ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2004)},
   publisher = {ACM},
   month = {October},
   year = {2004}
}

Abstract

Trap E-mail Address for Combating E-mail Viruses

B. Bencsáth, I. Vajda

Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks, University of Split, October, 2004, pp. 220-224.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Trap E-mail Address for Combating E-mail Viruses},
   booktitle = {Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks},
   publisher = {University of Split},
   month = {October},
   year = {2004},
   pages = {220-224}
}

Abstract

Why are not digital signatures spreading as quickly as it was expected?

I. Zs. Berta

MBA dissertation, Buckinghamshire Chilterns University College, Buckinghamshire Business School, Számalk Open Business School, 2004.

Bibtex | PDF

@mastersthesis {
   author = {István Zsolt BERTA},
   title = {Why are not digital signatures spreading as quickly as it was expected?},
   school = {MBA dissertation, Buckinghamshire Chilterns University College, Buckinghamshire Business School, Számalk Open Business School},
   year = {2004}
}

Abstract

2003

A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks

N. B. Salem, L. Buttyán, J. P. Hubaux, M. Jakobsson

4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003), June, 2003.

Bibtex | Abstract

@inproceedings {
   author = {N. Ben Salem, Levente BUTTYÁN, , Markus Jakobsson},
   title = {A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks},
   booktitle = {4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003)},
   month = {June},
   year = {2003}
}

Abstract

In multi-hop cellular networks, data packets have to be relayed hop by hop from a given mobile station to a base station and vice-versa. This means that the mobile stations must accept to forward information for the benefit of other stations. In this paper, we propose an incentive mechanism that is based on a charging/rewarding scheme and that makes collaboration rational for selfish nodes. We base our solution on symmetric cryptography to cope with the limited resources of the mobile stations. We provide a set of protocols and study their robustness with respect to various attacks. By leveraging on the relative stability of the routes, our solution leads to a very moderate overhead.

A game based analysis of the client puzzle approach to defend against DoS attacks

B. Bencsáth, L. Buttyán, I. Vajda

Proceedings of SoftCOM 2003 11. International conference on software, telecommunications and computer networks, Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split, 2003, pp. 763-767.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, István VAJDA},
   title = {A game based analysis of the client puzzle approach to defend against DoS attacks},
   booktitle = {Proceedings of SoftCOM 2003 11. International conference on software, telecommunications and computer networks},
   publisher = {Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split},
   year = {2003},
   pages = {763-767}
}

Abstract

DoS attacks are aimed at the loss of or the reduction in availability, which is one of the most important general security requirements in computer networks. A promising approach proposed to alleviate the problem of DoS attacks is to use client puzzles. In this paper, we study this approach using the apparatus of game theory. In our analysis, we derive the optimal strategy for the attacked server (e.g., a web server on the Internet) in all conceivable cases. We also present two new client puzzles as examples.

A Micropayment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks

M. Jakobsson, J. P. Hubaux, L. Buttyán

Proceedings of Financial Crypto 2003, La Guadeloupe, January, 2003.

Bibtex | Abstract

@inproceedings {
   author = {Markus Jakobsson, , Levente BUTTYÁN},
   title = {A Micropayment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks},
   booktitle = {Proceedings of Financial Crypto 2003},
   address = {La Guadeloupe},
   month = {January},
   year = {2003}
}

Abstract

We propose a micro-payment scheme for multi-hop cellular networks that encourages collaboration in packet forwarding by letting users benefit from relaying others` packets. At the same time as proposing mechanisms for detecting and rewarding collaboration, we introduce appropriate mechanisms for detecting and punishing various forms of abuse. We show that the resulting scheme -- which is exceptionally light-weight -- makes collaboration rational and cheating undesirable.

Documents from Malicious Terminals

I. Zs. Berta, I. Vajda

SPIE's Microtechnologies for the New Millenium 2003, Bioengineered and Bioinspired Systems, Grand Canaria, Spain, 2003.

Bibtex | Abstract | PDF

@misc {
   author = {István Zsolt BERTA, István VAJDA},
   title = {Documents from Malicious Terminals},
   howpublished = {SPIE's Microtechnologies for the New Millenium 2003, Bioengineered and Bioinspired Systems, Grand Canaria, Spain},
   year = {2003}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed for communication. Cryptographic algorithms running on the terminal may provide authent icity for the user's messages.

In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal a potential attacker.

Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. However, the ir lack of user interface enables man-in-the middle attack from the terminal.

The authors assume, that user is a human being with limited memory and computational power, and also makes mis takes in his calculations. They demnostrate, that only exceptional useres are able to authenticate messages without a trusted device.

Several biometric media encapsulate the content of the message and the identity of the sender, such as speech, video and handwriting. The authors suggest, that such media is far more difficult to counterfeit than plaintext. Thus, the user must rely on his other resources, like biometric ones.

In the protocol proposed by the authors, the user sends messages in a biometric format, strengthened by simple algorithmic authenticators. The smart card functions as a secure time gate ensuring, that the attacker has extremely little time to counterfeit both the biometric and the algorithmic protection on the message.

The authors claim, that with the proper calibration of the biometric method and the time gate of the smart card, their protocol is strong enough for practical use.

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case

M. Felegyhazi, L. Buttyán, J. P. Hubaux

8th International Conference on Personal Wireless Communications (PWC 2003), September, 2003.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Mark Felegyhazi, Levente BUTTYÁN, },
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case},
   booktitle = {8th International Conference on Personal Wireless Communications (PWC 2003)},
   month = {September},
   year = {2003}
}

Abstract

In multi-hop wireless networks, every node is expected to forward packets for the benefit of other nodes. Yet, if each node is its own authority, then it may selfishly deny packet forwarding in order to save its own resources. Some researchers have proposed to introduce an incentive mechanism in the network that motivates the nodes to cooperate. In this paper, we address the question of whether such an incentive mechanism is necessary or cooperation between the nodes exists in the absence of it. We define a model in a game theoretic framework and identify the conditions under which cooperative strategies can form an equilibrium. As the problem is somewhat involved, we deliberately restrict ourselves to a static configuration.

From Fault-Tolerance to Security and Back

F. Gaertner, L. Buttyán, K. Kursawe

IEEE Distributed Systems Online, vol. 4, no. 9, 2003.

Bibtex

@article {
   author = {Felix Gaertner, Levente BUTTYÁN, Klaus Kursawe},
   title = {From Fault-Tolerance to Security and Back},
   journal = { IEEE Distributed Systems Online},
   volume = {4},
   number = {9},
   year = {2003}
}

Abstract

Hardware and Software Security I

I. Zs. Berta, I. Berta

Elektrotechnika, vol. 2003/10, 2003, pp. 4.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA, István Berta},
   title = {Hardware and Software Security I},
   journal = {Elektrotechnika},
   volume = {2003/10},
   year = {2003},
   pages = {4}
}

Abstract

Hardware and Software Security II

I. Zs. Berta, I. Berta

Elektrotechnika, vol. 2003/11, 2003, pp. 4.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA, István Berta},
   title = {Hardware and Software Security II},
   journal = {Elektrotechnika},
   volume = {2003/11},
   year = {2003},
   pages = {4}
}

Abstract

Lightweight Authentication Protocols for Low-Cost RFID Tags

I. Vajda, L. Buttyán

2nd Workshop on Security in Ubiquitous Computing, in conjunction with Ubicomp 2003, October, 2003.

Bibtex | Abstract

@inproceedings {
   author = {István VAJDA, Levente BUTTYÁN},
   title = {Lightweight Authentication Protocols for Low-Cost RFID Tags},
   booktitle = {2nd Workshop on Security in Ubiquitous Computing, in conjunction with Ubicomp 2003},
   month = {October},
   year = {2003}
}

Abstract

Providing security in low-cost RFID tags is a challenging task because tags are highly resource constrained and cannot support strong cryptography. Special lightweight algorithms and protocols need to be designed that take into account the limitations of the tags. In this paper, we propose a set of extremely lightweight tag authentication protocols. We also provide an analysis of the proposed protocols.

Limitations of users when using malicious terminals

I. Vajda, I. Zs. Berta

Third Central European Conference on Cryptography (Tatracrypt'03), 2003.

Bibtex

@misc {
   author = {István VAJDA, István Zsolt BERTA},
   title = {Limitations of users when using malicious terminals},
   howpublished = {Third Central European Conference on Cryptography (Tatracrypt'03)},
   year = {2003}
}

Abstract

Mobility Helps Security in Ad Hoc Networks

S. Capkun, J. P. Hubaux, L. Buttyán

4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003), June, 2003.

Bibtex | Abstract

@inproceedings {
   author = {, , Levente BUTTYÁN},
   title = {Mobility Helps Security in Ad Hoc Networks},
   booktitle = {4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003)},
   month = {June},
   year = {2003}
}

Abstract

Contrary to the common belief that mobility makes security more difficult to achieve, we show that node mobility can, in fact, be useful to provide security in ad hoc networks. We propose a technique in which security associations between nodes are established, when they are in the vicinity of each other, by exchanging appropriate cryptographic material. We show that this technique is generic, by explaining its application to fully self-organized ad hoc networks and to ad hoc networks placed under an (off-line) authority. We also propose an extension of this basic mechanism, in which a security association can be established with the help of a “friend”. We show that our mechanism can work in any network configuration and that the time necessary to set up the security associations is strongly influenced by several factors, including the size of the deployment area, the mobility patterns, and the number of friends; we provide a detailed investigation of this influence.

Report on a Working Session on Security in Wireless Ad Hoc Networks

L. Buttyán, J. P. Hubaux

ACM Mobile Computing and Communications Review (MC2R), vol. 7, no. 1, March, 2003.

Bibtex | PDF

@article {
   author = {Levente BUTTYÁN, },
   title = {Report on a Working Session on Security in Wireless Ad Hoc Networks},
   journal = {ACM Mobile Computing and Communications Review (MC2R)},
   volume = {7},
   number = {1},
   month = {March},
   year = {2003}
}

Keywords

ad hoc networks, security, authentication, routing, intrusion detection, cooperation

Abstract

SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks

S. Capkun, L. Buttyán, J. P. Hubaux

Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003), ACM, October, 2003.

Bibtex | Abstract

@inproceedings {
   author = {, Levente BUTTYÁN, },
   title = {SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks},
   booktitle = {Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003)},
   publisher = {ACM},
   month = {October},
   year = {2003}
}

Keywords

ad hoc networks, security, hash chains, hash trees, secure routing, wormhole detection, topology control

Abstract

In this paper we present SECTOR, a set of mechanisms for the secure verification of the time of encounters between nodes in multi-hop wireless networks. This information can be used notably to prevent wormhole attacks (without requiring any clock synchronization), to secure routing protocols based on last encounters (with only loose clock synchronization), and to control the topology of the network. SECTOR is based primarily on distance-bounding techniques, on one-way hash chains and on Merkle hash trees. We analyze the communication, computation and storage complexity of the proposed mechanisms and we show that, due to their ef- ficiency and simplicity, they are compliant with the limited resources of most mobile devices.

Self-Organized Public-Key Management for Mobile Ad Hoc Networks

S. Capkun, L. Buttyán, J. P. Hubaux

IEEE Transactions on Mobile Computing, vol. 2, no. 1, January-March, 2003.

Bibtex | Abstract

@article {
   author = {, Levente BUTTYÁN, },
   title = {Self-Organized Public-Key Management for Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {2},
   number = {1},
   month = {January-March},
   year = {2003}
}

Keywords

ad hoc networks, security, key management, PGP

Abstract

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and to node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories are not well-suited for securing ad hoc networks. In this paper, we propose a fully self-organized public-key management system that allows users to generate their publicprivate key pairs, to issue certificates, and to perform authentication regardless of the network partitions and without any centralized services. Furthermore, our approach does not require any trusted authority, not even in the system initialization phase.

Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks

L. Buttyán, J. P. Hubaux

ACM/Kluwer Mobile Networks and Applications, vol. 8, no. 5, October, 2003.

Bibtex | PDF

@article {
   author = {Levente BUTTYÁN, },
   title = {Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks},
   journal = {ACM/Kluwer Mobile Networks and Applications},
   volume = {8},
   number = {5},
   month = {October},
   year = {2003}
}

Abstract

2002

A Formal Analysis of Syverson`s Rational Exchange Protocol

L. Buttyán, S. Capkun, J. P. Hubaux

Proceedings of IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June, 2002.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, , },
   title = {A Formal Analysis of Syverson`s Rational Exchange Protocol},
   booktitle = {Proceedings of IEEE Computer Security Foundations Workshop},
   address = {Cape Breton, Nova Scotia, Canada},
   month = {June},
   year = {2002}
}

Keywords

rational exchange, game theory, Nash equilibrium

Abstract

In this paper, we provide a formal analysis of a rational exchange protocol proposed by Syverson. A rational exchange protocol guarantees that misbehavior cannot generate benefits, and is therefore discouraged. The analysis is performed using our formal model, which is based on game theory. In this model, rational exchange is defined in terms of a Nash equilibrium.

A game theoretical approach to optimizing of protection against DoS attacks

B. Bencsáth, I. Vajda

presented on the Second Central European Conference on Cryptography (Hajducrypt), Július, 2002, (no proceedings).

Bibtex

@misc {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {A game theoretical approach to optimizing of protection against DoS attacks},
   howpublished = {presented on the Second Central European Conference on Cryptography (Hajducrypt)},
   month = {Július},
   year = {2002},
   note = {(no proceedings)}
}

Abstract

CVE-2002-0399

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399, 2002.

Bibtex | Abstract

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-2002-0399},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399},
   year = {2002}
}

Abstract

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

Eliminating Man-in-the-Middle attacks of Malicious Terminals

L. Buttyán, I. Zs. Berta, I. Vajda

Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest, 2002.

Bibtex | Abstract

@misc {
   author = {Levente BUTTYÁN, István Zsolt BERTA, István VAJDA},
   title = {Eliminating Man-in-the-Middle attacks of Malicious Terminals},
   howpublished = {Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest},
   year = {2002}
}

Abstract

Communication with a remote partner is considered over an insecure network, where the user can gain access only to a terminal, which cannot be trusted: an attacker is assumed to be able to fully control the terminal, so the user must consider the terminal as a potential attacker. Surprisingly many terminals belong to this class.

Assuming such an environment the problem of sending authentic messages is considered. Various cryptographic algorithms exist for algorithmic protection, however to run such highly complex algorithms, the user must rely on the computational power of an insecure terminal. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic power, their lack of user interface (i.e. lack of direct access to its input/output channels) enables man-in-the middle attack from the terminal. Therefore involving a smart card cannot eliminate the basic problem, because any protocol between the user and the smart card would rely - once again - on the insecure terminal. It might seem obvious that the user should give all security goals up as hopeless.

We have come to the conclusion that the user is unable to send authentic messages to the card, so in case of untrusted terminals the signature of the card does not prove that the message originates from the user. This is why the authenticity of plaintext messages from insecure terminals cannot be guaranteed.

However the user as a human being has additional resources that can be exploited to increase the security level of the system. The user is an excellent 'biometric device'. Biometric data (e.g. speech, video, handwriting) carry the information content (plaintext) together with the identity of the sender, which is far more difficult to counterfeit than plaintext content. Moreover the human user has limited but trusted algorithmic capabilities too, having some secure memory and computational power.

Apart from encapsulating the identity of the user and the content of the message, biometric messages (or multimedia messages) also have structure. If the structure is violated, the message has obviously been tampered with.

The manipulation of biometric messages requires considerably more time and resources than that of plaintext ones. If the chosen biometric method is properly calibrated, the attacker may not only need massive computational power, but human interaction or biometric laboratories could be required to successfully counterfeit a biometric message. Thus, not only a large percentage of attackers have been excluded, but even the most advanced ones may require significantly more time to create a counterfeited biometric message than a plaintext one.

A protocol has been developed in our laboratory that combines the biometric powers of the user and cryptographic powers of the smart card to dramatically limit the time the attacker has to manipulate a message. In this case, the smart card acts as a secure time gate. The protocol verifies that only a small amount of time has passed between the recording of the biometric message and card signing it. Naturally, after the message passes through the smart card, attackers have no chance to manipulate.

The protocol also uses the smart card to securely introduce the user to the remote partner, so the latter would already be familiar with the biometric features of the user. Thus, the smart card not only ensures authenticity, but also enables communication without having to exchange biometric identities in advance.

Having investigated the problem of secure communication via insecure terminals, we propose a solution that enables the everyday user to send authentic messages. Combined usage of biometry and smart cards can increase security to a level suitable for several practical applications.

Empiric examination of random number generators of smart cards

B. Bencsáth, I. Zs. Berta

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, BME, 2002.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István Zsolt BERTA},
   title = {Empiric examination of random number generators of smart cards},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {BME},
   year = {2002}
}

Abstract

Evaluating Elliptic Curve Cryptography on PC and Smart Card

I. Zs. Berta, Z. Á. Mann

Periodica Polytechnica, Electrical Engineering, vol. 46/1-2, 2002, pp. 47-75.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA, Zoltán Ádám Mann},
   title = {Evaluating Elliptic Curve Cryptography on PC and Smart Card},
   journal = {Periodica Polytechnica, Electrical Engineering},
   volume = {46/1-2},
   year = {2002},
   pages = {47-75}
}

Abstract

Extraction of random bits for cryptographic purposes

I. Vajda

Tatra Mountains Mathematical Publications, vol. 25, 2002, pp. 91-107.

Bibtex

@article {
   author = {István VAJDA},
   title = {Extraction of random bits for cryptographic purposes},
   journal = {Tatra Mountains Mathematical Publications},
   volume = {25},
   year = {2002},
   pages = {91-107}
}

Abstract

Formal Verification of JavaCard Application Security Properties

I. Verók

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, Budapest University of Technology and Economics, 2002.

Bibtex | PDF

@inproceedings {
   author = {István VERÓK},
   title = {Formal Verification of JavaCard Application Security Properties},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {Budapest University of Technology and Economics},
   year = {2002}
}

Abstract

Hardware and Software Security

I. Zs. Berta, I. Berta

Magyar Elektrotechnikai Egyesület XLIX. vándorgyülés, Sopron, 2002.

Bibtex

@misc {
   author = {István Zsolt BERTA, István Berta},
   title = {Hardware and Software Security},
   howpublished = {Magyar Elektrotechnikai Egyesület XLIX. vándorgyülés, Sopron},
   year = {2002}
}

Abstract

Message Authentication using Smart Card and Biometry

I. Zs. Berta, I. Vajda

Second Central European Conference on Cryptography (HajduCrypt) 2002, Debrecen, Hungary, 2002.

Bibtex | Abstract

@misc {
   author = {István Zsolt BERTA, István VAJDA},
   title = {Message Authentication using Smart Card and Biometry},
   howpublished = {Second Central European Conference on Cryptography (HajduCrypt) 2002, Debrecen, Hungary},
   year = {2002}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the users messages.

In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker.

Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal.

This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. The authors show various algorithms from literature and history that do solve the problem of authentic messaging from untrusted terminals. Unfortunately, most of these are impractical for commercial use.

The authors highlight that while the human being is a very poor computer, it is an excellent biometric device. Several biometric media encapsulate the content of the message and the identity of the sender, such as speech, video and handwriting. The authors suggest, that such media is far more difficult to counterfeit than plaintext. The authors analyze this additional protection provided by biometry.

In the protocol proposed by the authors, the user sends messages in a biometric format, and strengthens biometry with simple algorithmic authenticators. The smart card functions in this protocol as a secure time gate ensuring, that the attacker has extremely little time to counterfeit both the biometric and the algorithmic protection on the message.

The authors claim, that with the proper calibration of the biometric method and the time gate of the smart card, their protocol is strong enough for practical use.

Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph

L. Buttyán, S. Capkun, J. P. Hubaux

Proceedings of The ACM New Security Paradigms Workshop 2002, Norfolk, Virginia Beach, USA, September, 2002, pp. 8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, , },
   title = {Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph},
   booktitle = {Proceedings of The ACM New Security Paradigms Workshop 2002},
   address = {Norfolk, Virginia Beach, USA},
   month = {September},
   year = {2002},
   pages = {8}
}

Keywords

PGP, small worlds, public-key management, self-organization

Abstract

We propose a new approach to securing self-organized mobile ad hoc networks. In this approach, security is achieved in a fully self-organized manner

The problem of sending authentic messages from insecure terminals

I. Zs. Berta

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, BME, 2002.

Bibtex

@inproceedings {
   author = {István Zsolt BERTA},
   title = {The problem of sending authentic messages from insecure terminals},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {BME},
   year = {2002}
}

Abstract

2001

A Mobile Agent Bidirectional One-to-Many Communications Framework

I. Verók

BME, 2001.

Bibtex

@mastersthesis {
   author = {István VERÓK},
   title = {A Mobile Agent Bidirectional One-to-Many Communications Framework},
   school = {BME},
   year = {2001}
}

Abstract

A Payment Scheme for Broadcast Multimedia Streams

N. B. Salem, L. Buttyán

Proceedings of 6th IEEE Symposium on Computers and Communications, Hammamet, Tunisia, July, 2001.

Bibtex | Abstract

@inproceedings {
   author = {N. Ben Salem, Levente BUTTYÁN},
   title = {A Payment Scheme for Broadcast Multimedia Streams},
   booktitle = {Proceedings of 6th IEEE Symposium on Computers and Communications},
   address = {Hammamet, Tunisia},
   month = {July},
   year = {2001}
}

Keywords

electronic payment scheme, micropayment, user privacy, fairness, multimedia

Abstract

Streaming multimedia data on the Internet is developing as a mainstream technology, which attracts many users by providing a new and convenient form of access to online multimedia information. While its strong business potential is obvious, many problems related to charging, copyright protection, and privacy can delay or even hinder its extensive deployment. In this paper, we are concerned with the charging problem, and propose an electronic payment scheme to use for purchasing broadcast multimedia streams. Our design respects the pay-per-use principle, makes cheating uninteresting for both the user and the service provider, resists against forgery and over-spending, protects sensitive payment information and user privacy, and allows the identification of misbehaving users.

Building Blocks for Secure Services: Authenticated Key Transport and Rational Exchange Protocols

L. Buttyán

Swiss Federal Institute of Technology (EPFL), December, 2001.

Bibtex | Abstract | PDF

@phdthesis {
   author = {Levente BUTTYÁN},
   title = {Building Blocks for Secure Services: Authenticated Key Transport and Rational Exchange Protocols},
   school = {Swiss Federal Institute of Technology (EPFL)},
   month = {December},
   year = {2001}
}

Keywords

authentication logic, protocol synthesis, game theory, formal verification, ad hoc networks, cooperation, nuglets

Abstract

This thesis is concerned with two security mechanisms: authenticated key transport and rational exchange protocols. These mechanisms are potential building blocks in the security architecture of a range of different services. Authenticated key transport protocols are used to build secure channels between entities, which protect their communications against eavesdropping and alteration by an outside attacker. In contrast, rational exchange protocols can be used to protect the entities involved in an exchange transaction from each other. This is important, because often the entities do not trust each other, and both fear that the other will gain an advantage by misbehaving. Rational exchange protocols alleviate this problem by ensuring that a misbehaving party cannot gain any advantages. This means that misbehavior becomes uninteresting and it should happen only rarely. The thesis is focused on the construction of formal models for authenticated key transport and rational exchange protocols. In the first part of the thesis, we propose a formal model for key transport protocols, which is based on a logic of belief. Building on this model, we also propose an original systematic protocol construction approach. The main idea is that we reverse some implications that can be derived from the axioms of the logic, and turn them into synthesis rules. The synthesis rules can be used to construct a protocol and to derive a set of assumptions starting from a set of goals. The main advantage is that the resulting protocol is guaranteed to be correct in the sense that all the specified goals can be derived from the protocol and the assumptions using the underlying logic. Another important advantage is that all the assumptions upon which the correctness of the protocol depends are made explicit. The protocol obtained in the synthesis process is an abstract protocol, in which idealized messages that contain logical formulae are sent on channels with various access properties. The abstract protocol can then be implemented in several ways by replacing the idealized messages and the channels with appropriate bit strings and cryptographic primitives, respectively. We illustrate the usage of the logic and the synthesis rules through an example: We analyze an authenticated key transport protocol proposed in the literature, identify several weaknesses, show how these can be exploited by various attacks, and finally, we redesign the protocol using the proposed systematic approach. We obtain a protocol that resists against the presented attacks, and in addition, it is simpler than the original one. In the second part of the thesis, we propose an original formal model for exchange protocols, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game played by the protocol parties and the network that they use to communicate with each other. We give formal definitions for various properties of exchange protocols in this model, including rationality and fairness. Most importantly, rationality is defined in terms of a Nash equilibrium in the protocol game. The model and the formal definitions allow us to rigorously study the relationship between rational exchange and fair exchange, and to prove that fairness implies rationality (given that the protocol satisfies some further usual properties), but the reverse is not true in general. We illustrate how the formal model can be used for rigorous verification of existing protocols by analyzing two exchange protocols, and formally proving that they satisfy the definition of rational exchange. We also present an original application of rational exchange: We show how the concept of rationality can be used to improve a family of micropayment schemes with respect to fairness without substantial loss in efficiency. Finally, in the third part of the thesis, we extend the concept of rational exchange, and describe how similar ideas can be used to stimulate the nodes of a self-organizing ad hoc network for cooperation. More precisely, we propose an original approach to stimulate the nodes for packet forwarding. Like in rational exchange protocols, our design does not guarantee that a node cannot deny packet forwarding, but it ensures that it cannot gain any advantages by doing so. We analyze the proposed solution analytically and by means of simulation.

Cahoots: A Mobile Agent Bidirectional One-to-Many Communications Framework

I. Verók

Budapest University of Technology and Economics, 2001.

Bibtex | PDF

@mastersthesis {
   author = {István VERÓK},
   title = {Cahoots: A Mobile Agent Bidirectional One-to-Many Communications Framework},
   school = {Budapest University of Technology and Economics},
   year = {2001}
}

Abstract

Collecting randomness from the net

B. Bencsáth, I. Vajda

Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security 2001, Kluwer, May, 2001, pp. 105-111.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Collecting randomness from the net},
   booktitle = {Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security 2001},
   publisher = {Kluwer},
   month = {May},
   year = {2001},
   pages = {105-111}
}

Keywords

generation of random values, tests of randomness, good source of random data, private and authentic communication

Abstract

Random data in their work is collected from network time delay measurements and its quality is checked by statistical tests, and a special enhancement, the system of collector-servers is proposed and analyzed

Cryptographic application of programmable smart cards

I. Zs. Berta, Z. Á. Mann

Proceedings of NetWorkshop'2001, 2001.

Bibtex | PDF

@inproceedings {
   author = {István Zsolt BERTA, Zoltán Ádám Mann},
   title = {Cryptographic application of programmable smart cards},
   booktitle = {Proceedings of NetWorkshop'2001},
   year = {2001}
}

Abstract

Efficient Multi-Party Challenge-Response Protocols for Entity Authentication

L. Buttyán, A. Nagy, I. Vajda

Periodica Polytechnica, vol. 45, no. 1, April, 2001, pp. 43-64.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, , István VAJDA},
   title = {Efficient Multi-Party Challenge-Response Protocols for Entity Authentication},
   journal = {Periodica Polytechnica},
   volume = {45},
   number = {1},
   month = {April},
   year = {2001},
   pages = {43-64}
}

Keywords

challenge-response protocols, protocol graph, entity authentication, reflection attack

Abstract

In this paper, we address the problem of multi-party entity authen- tication. We prove that the lower bound on the number of messages of multi-party challenge-response protocols is 2n-1, where n is the num- ber of the participants of the protocol, and propose two protocols that achieve this lower bound. Our protocols are, thus, eÆcient in the sense that they use the minimum number of messages required to solve the multi-party entity authentication problem based on challenge-response principles.

Method for transmitting payment information between a terminal and a third equipment

L. Buttyán, E. Wiedmer, E. Lauper

May, 2001, International Patent Application.

Bibtex

@misc {
   author = {Levente BUTTYÁN, , },
   title = {Method for transmitting payment information between a terminal and a third equipment},
   month = {May},
   year = {2001},
   note = {International Patent Application}
}

Keywords

electronic payment, smart card, authenticated session key establishment

Abstract

Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks

L. Buttyán, J. P. Hubaux

no. DSC/2001/001, EPFL-DI-ICA, January, 2001.

Bibtex | Abstract

@techreport {
   author = {Levente BUTTYÁN, },
   title = {Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks},
   number = {DSC/2001/001},
   institution = {EPFL-DI-ICA},
   month = {January},
   year = {2001}
}

Keywords

mobile ad hoc networks, routing, cooperation, service availability

Abstract

In mobile ad hoc networks, it is usually assumed that all the nodes belong to the same authority

On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez

M. Hegedüs

BME, 2001.

Bibtex

@mastersthesis {
   author = {Márton HEGEDÜS},
   title = {On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez},
   school = {BME},
   year = {2001}
}

Abstract

On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez

M. Perényi

BME, 2001.

Bibtex

@mastersthesis {
   author = {Márton PERÉNYI},
   title = {On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez},
   school = {BME},
   year = {2001}
}

Abstract

Programozható chipkártya biztonsági alkalmazásai

I. Berta

BME, 2001.

Bibtex

@mastersthesis {
   author = {István Berta},
   title = {Programozható chipkártya biztonsági alkalmazásai},
   school = {BME},
   year = {2001}
}

Abstract

Rational Exchange -- A Formal Model Based on Game Theory

L. Buttyán, J. P. Hubaux

Proceedings of 2nd International Workshop on Electronic Commerce (WELCOM 2001), Heidelberg, Germany, November, 2001.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, },
   title = {Rational Exchange -- A Formal Model Based on Game Theory},
   booktitle = {Proceedings of 2nd International Workshop on Electronic Commerce (WELCOM 2001)},
   address = {Heidelberg, Germany},
   month = {November},
   year = {2001}
}

Keywords

electronic commerce, rational exchnage, fair exchange, formal model, game theory

Abstract

We introduce game theory as a formal framework in which exchange protocols can be modeled and their properties can be studied. We use this framework to give a formal definition for rational exchange relating it to the concept of Nash equilibrium in games. In addition, we study the relationship between rational exchange and fair exchange. We prove that fair exchange implies rational exchange, but the reverse is not true. The practical consequence of this is that rational exchange protocols may provide interesting solutions to the exchange problem by representing a trade-off between complexity and what they achieve. They could be particularly useful in mobile e-commerce applications.

Security of programmable smart cards

I. Zs. Berta

Budapest University of Technology and Economics, 2001.

Bibtex | Abstract | PDF

@mastersthesis {
   author = {István Zsolt BERTA},
   title = {Security of programmable smart cards},
   school = {Budapest University of Technology and Economics},
   year = {2001}
}

Abstract

Programmable smart cards are small security-oriented microcomputers. Although they have been present in the market for many years now, their exact area of application is still subject to research.

The author gives a detailed background about these cards in this paper. A card is not only discussed by itself, but together with its environment: the terminal, the network resources and the user.

A brief overview of today's programmable cards is given, but focus is laid on the Java Card specification, which is one of the most popular smart card programming environments. Various features of the Java Card are discussed, especially those in connection with security, the main power of smart cards.

In this paper three applications for programmable smart cards are presented. The first application is an elliptic curve cryptography engine for a Java smart card. In this case the programmable smart card is used as a prototype to test new algorithms in smart card environment.

The second application uses the smart card to store the profile of a user of a heterogeneous system. The card plays an important role in user authentication, but in this system not only the user is authenticated. The smart card also checks the identity of the terminal and protects the user's interests by denying certain information toward the insecure (or possibly malicious) terminal. In this application the programmable smart card is used as a platform for a security oriented software. The algorithm it runs is so complex that implementations other than software are totally out of the question.

The third application is not a pioneer by any means. It does not break into new areas of cryptography for smart cards, and does not explore unknown areas of complex smart card applications either. It is a simple, but very useful program, that gives extra security in SSH challenge and response authentication. The cardlet for this low-resource machine was developed in the Java Card language, and thus it was integrated into the world of high level programming languages.

Self-Organization in Mobile Ad-Hoc Networks: the Approach of Terminodes

L. Blazevic, L. Buttyán, S. Capkun, S. Giordano, J. P. Hubaux, J. Y. Le Boudec

IEEE Communications Magazine, vol. 39, no. 6, June, 2001.

Bibtex | Abstract

@article {
   author = {, Levente BUTTYÁN, , , , },
   title = {Self-Organization in Mobile Ad-Hoc Networks: the Approach of Terminodes},
   journal = {IEEE Communications Magazine},
   volume = {39},
   number = {6},
   month = {June},
   year = {2001}
}

Keywords

self-organized network, MANET,self-organized routing, GPS-free positioning, incentive to cooperation, security

Abstract

The Terminodes project is designing a wide area, mobile ad-hoc network, which is meant to be used in a public environment, in our approach, the network is run by users themselves. We give a global description of the building blocks used by the basic operation of the network, they all rely on various concepts of self-organization. Routing uses a combination of geography-based information and local, MANET-like protocols. Terminode positioning is obtained either by GPS, or by a relative positioning method. Mobility management uses self-organized virtual regions. Terminodes employ a form of virtual money called ``nuglets

Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks

L. Buttyán, J. P. Hubaux

no. DSC/2001/046, EPFL-DI-ICA, August, 2001.

Bibtex | Abstract

@techreport {
   author = {Levente BUTTYÁN, },
   title = {Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks},
   number = {DSC/2001/046},
   institution = {EPFL-DI-ICA},
   month = {August},
   year = {2001}
}

Keywords

terminodes

Abstract

In military and rescue applications of mobile ad hoc net tworks, all the nodes belong to the same authority; therefore, they are motivated to cooperate in order to support the basic functions of the network. In this paper, we consider the case when each node is its own authority and tries to maximize the benefits it gets from the network. More precisely, we assume that the nodes are not willing to forward packets for the benefit of other nodes. This problem may arise in civilian applications of mobile ad hoc networks. In order to stimulate the nodes for packet forwarding,we propose a simple mechanism based on a counter in each node. We study the behavior of the proposed mechanism analytically and by means of simulations, and detail the way in which it could be protected against misuse.

The Quest for Security in Mobile Ad Hoc Networks

J. P. Hubaux, L. Buttyán, S. Capkun

Proceedings of ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC), Long Beach, CA, USA, October, 2001.

Bibtex | Abstract

@inproceedings {
   author = {, Levente BUTTYÁN, },
   title = {The Quest for Security in Mobile Ad Hoc Networks},
   booktitle = {Proceedings of ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC)},
   address = {Long Beach, CA, USA},
   month = {October},
   year = {2001}
}

Keywords

security, public-key infrastructure, PKI, self-organization, mobile ad hoc networking

Abstract

So far, research on mobile ad hoc networks has been focused primarily on routing issues. Security, on the other hand, has been given a lower priority. This paper provides an overview of security problems for mobile ad hoc networks, distinguishing the threats on basic mechanisms and on security mechanisms. It then describes our solution to protect the security mechanisms. The original features of this solution include that (i) it is fully decentralized and (ii) all nodes are assigned equivalent roles.

2000

A Decentralized Marketplace Composed of Mobile Intelligent Agents

I. Verók

Scientific student circles (TDK), 2000.

Bibtex | PDF

@misc {
   author = {István VERÓK},
   title = {A Decentralized Marketplace Composed of Mobile Intelligent Agents},
   howpublished = {Scientific student circles (TDK)},
   year = {2000}
}

Abstract

A Pessimistic Approach to Trust in Mobile Agent Platforms

U. Wilhelm, S. Staamann, L. Buttyán

IEEE Internet Computing, vol. 4, no. 5, September, 2000, pp. 40-48.

Bibtex | PDF

@article {
   author = {, , Levente BUTTYÁN},
   title = {A Pessimistic Approach to Trust in Mobile Agent Platforms},
   journal = {IEEE Internet Computing},
   volume = {4},
   number = {5},
   month = {September},
   year = {2000},
   pages = {40-48}
}

Keywords

mobile agents, trust, tamper resistant hardware

Abstract

Analysis of public key cryptography based on elliptic curves in smart card and PC environment

I. Zs. Berta, Z. Á. Mann

Scientific student circles (TDK) 2000, Budapest University of Technology and Economics, 2000.

Bibtex

@misc {
   author = {István Zsolt BERTA, Zoltán Ádám Mann},
   title = {Analysis of public key cryptography based on elliptic curves in smart card and PC environment},
   howpublished = {Scientific student circles (TDK) 2000, Budapest University of Technology and Economics},
   year = {2000}
}

Abstract

Biztonságos anonim hálózati kommunikációs rendszer

S. Tihanyi

BME, 2000.

Bibtex

@mastersthesis {
   author = {Sándor TIHANYI},
   title = {Biztonságos anonim hálózati kommunikációs rendszer},
   school = {BME},
   year = {2000}
}

Abstract

Design and Analysis of a Bluetooth Network Optimization Algorithm

Students' Scientific Conference, TU Budapest, October, 2000, in Hungarian.

Bibtex | Abstract | PDF

@misc {
   author = {},
   title = {Design and Analysis of a Bluetooth Network Optimization Algorithm},
   howpublished = {Students' Scientific Conference, TU Budapest},
   month = {October},
   year = {2000},
   note = {in Hungarian}
}

Abstract

A Bluetooth hálózat optimalizálására egy forgalommérések alapján müködõ algoritmust terveztünk. Ezzel olyan problémára nyújtottunk megoldást, amelyhez az irodalomban eddig nem volt ismert megoldás. Az algoritmus egyszerü szabályok segítségével - kapcsolat felépítése és bontása illetve master-slave szerepcsere - lokális információk alapján egy elõnyösebb hálózati topológiát hoz létre. Az algoritmus megvalósítására protokollt terveztünk, amely tulajdonságait szimulációs környezetben vizsgáltuk. A Bluetooth technológia vizsgálatára egy ad hoc modult alkottunk meg a PLASMA hálózat szimulátorban. A szimuláció során megmutattuk, hogy a paraméterek beállításától függõen az algoritmus alkalmazkodik a forgalmi viszonyok változásához.

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán, J. P. Hubaux

Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC), Boston, MA, USA, August, 2000.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   booktitle = {Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC)},
   address = {Boston, MA, USA},
   month = {August},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode nuggets, beans

Abstract

In this paper, we address the problem of service availability in mobile ad-hoc WANs. We present a secure mechanism to stimulate end users to keep their devices turned on, to refrain from overloading the network, and to thwart tampering aimed at converting the device into a ``selfish`` one. Our solution is based on the application of a tamper resistant security module in each device and cryptographic protection of messages.

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán, J. P. Hubaux

no. DSC/2000/025, EPFL-DI-ICA, May, 2000.

Bibtex | Abstract | PDF

@techreport {
   author = {Levente BUTTYÁN, },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   number = {DSC/2000/025},
   institution = {EPFL-DI-ICA},
   month = {May},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode beans

Abstract

In this paper, we address the problem of service availability in mobile ad-hoc WANs. We present a secure mechanism to stimulate end users to keep their devices turned on, to refrain from overloading the network, and to thwart tampering aimed at converting the device into a ``selfish`` one. Our solution is based on the application of a tamper resistant security module in each device and cryptographic protection of messages.

Exact decoding error probability for slow frequency hopping

L. Györfi, Á. Jordán, I. Vajda

European Transactions on Telecommunication, vol. 11, no. 2, March/April, 2000, pp. 183-190.

Bibtex

@article {
   author = {, , István VAJDA},
   title = {Exact decoding error probability for slow frequency hopping},
   journal = {European Transactions on Telecommunication},
   volume = {11},
   number = {2},
   month = {March/April},
   year = {2000},
   pages = {183-190}
}

Abstract

Extensions to an Authentication Technique Proposed for the Global Mobility Network

L. Buttyán, C. Gbaguidi, S. Staamann, U. Wilhelm

IEEE Transactions on Communications, vol. 48, no. 3, March, 2000.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, , , },
   title = {Extensions to an Authentication Technique Proposed for the Global Mobility Network},
   journal = {IEEE Transactions on Communications},
   volume = {48},
   number = {3},
   month = {March},
   year = {2000}
}

Keywords

authentication protocol, global mobility network

Abstract

We present three attacks against the authentication protocol that has been proposed for the so called global mobility network in \cite{kn:Suz97}. We show that the attacks are feasible and propose corrections that make the protocol more robust and resistant against the presented attacks. Our aim is to highlight some basic design principles for cryptographic protocols, the adherence to which would have prevented these attacks.

Handover Analysis in a Wireless Mobile IP Network

12. Távközlési és Informatikai Hálózatok Szeminárium és Kiállítás, 2000, Sopron, Hungary, October 4-6, in Hungarian.

Bibtex | Abstract | PDF

@conference {
   author = {},
   title = {Handover Analysis in a Wireless Mobile IP Network},
   booktitle = {12. Távközlési és Informatikai Hálózatok Szeminárium és Kiállítás},
   year = {2000},
   address = {Sopron, Hungary},
   month = {October 4-6},
   note = {in Hungarian}
}

Abstract

Cikkünkben egy vezeték nélküli Mobile IP hálózaton mértük a bázisállomás-váltások hatását az alkalmazásokra. Elsösorban arra voltunk kiváncsiak, hogy a mobil számítógép mozgása milyen hatással van a folyamatban levö TCP adatkapcsolatokra. Ennek megállapításához egy kísérleti hálózatban periódikusan mozgatott számítógép adatkapcsolatait figyeltük meg, illetve mértük az elérhetö átviteli sebességet. Három különbözö algoritmust vizsgáltunk, melyek a bázisállomás-váltás döntési szakaszának idejét befolyásolják. Az idözítéses, a mohó és a felszólító algoritmusok egyaránt a bázisállomások által periódikusan kibocsátott beacon üzeneteket használják fel, de különböznek egymástól abban, hogy a mobil számítógép mikor dönt a bázisállomás-váltásról. Méréseinkkel kimutattuk, hogy az alkalmazásokra gyakorolt zavaró hatás az idözítéses algoritmus esetén a legnagyobb, és a felszólító algoritmus esetén a legkisebb. Ezt az eredményt a gyakorlatban a megfelelö algoritmus kiválasztásakor figyelembe kell venni. Megfigyeltük továbbá, hogy a leggyorsabb algoritmus használata esetén már a mobilitást kezelö programok belsö késleltetése is számottevö. Ez az észrevételünk felhívja a figyelmet ezen programok optimalizálásának fontosságára.

Home-made methods for enhancing network security (in Hungarian)

B. Bencsáth, S. Tihanyi

Magyar Távközlés, vol. X, no. 4, 2000, pp. 22-27..

Bibtex | PDF

@article {
   author = {Boldizsár Bencsáth, Sándor TIHANYI},
   title = {Home-made methods for enhancing network security (in Hungarian)},
   journal = {Magyar Távközlés},
   volume = {X},
   number = {4},
   year = {2000},
   pages = {22-27.}
}

Abstract

Információ- és kódelmélet

L. Györfi, S. Gyõri, I. Vajda

Typotex Kiadó, 2000, 376 p..

Bibtex

@book {
   author = {, Sándor GYÕRI, István VAJDA},
   title = {Információ- és kódelmélet},
   publisher = {Typotex Kiadó},
   year = {2000},
   note = {376 p.}
}

Abstract

Intelligens ügynök az elektronikus kereskedelemban

B. Korossy Khayll

BME, 2000.

Bibtex

@mastersthesis {
   author = {Balázs KOROSSY KHAYLL},
   title = {Intelligens ügynök az elektronikus kereskedelemban},
   school = {BME},
   year = {2000}
}

Abstract

Method for securing communications between a terminal and an additional user equipment

L. Buttyán, E. Wiedmer, E. Lauper

September, 2000, International Patent Application.

Bibtex

@misc {
   author = {Levente BUTTYÁN, , },
   title = {Method for securing communications between a terminal and an additional user equipment},
   month = {September},
   year = {2000},
   note = {International Patent Application}
}

Keywords

authenticated session key establishment, user authentication, smart card

Abstract

Nyilvános kulcsú kriptográfiai megoldás elektronikus banki szolgáltatásra

T. Németh

BME, 2000.

Bibtex

@mastersthesis {
   author = {Tibor NÉMETH},
   title = {Nyilvános kulcsú kriptográfiai megoldás elektronikus banki szolgáltatásra},
   school = {BME},
   year = {2000}
}

Abstract

Programmable smart cards and their security

I. Zs. Berta, Z. Á. Mann

Magyar Távközlés, 4, 2000.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA, Zoltán Ádám Mann},
   title = {Programmable smart cards and their security},
   journal = {Magyar Távközlés},
   month = {4},
   year = {2000}
}

Abstract

Removing the financial incentive to cheat in micropayment schemes

L. Buttyán

IEE Electronics Letters, vol. 36, no. 2, January, 2000, pp. 132-133.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN},
   title = {Removing the financial incentive to cheat in micropayment schemes},
   journal = {IEE Electronics Letters},
   volume = {36},
   number = {2},
   month = {January},
   year = {2000},
   pages = {132-133}
}

Keywords

fairness, micropayment,

Abstract

Micropayment schemes usually do not provide fairness, which means that either the payer or the payee, or both, can cheat the other and gain a financial advantage by misbehaving in the protocols. We propose an extension to a family of micropayment schemes that removes the financial incentive to cheat. Our extension does not provide true fairness, but it makes misbehaving practically futile for both the payer and the payee. We achieve this without any substantial loss in efficiency, in most practical cases.

Simple, free encrypted tunnels using linux

B. Bencsáth

Presented on Networkshop 2000, Gödöllõ, Hungary, 2000, http://nws.iif.hu/NwScd/docs/nevjegy/nj74.htm.

Bibtex

@misc {
   author = {Boldizsár Bencsáth},
   title = {Simple, free encrypted tunnels using linux},
   howpublished = { Presented on Networkshop 2000, Gödöllõ, Hungary},
   year = {2000},
   note = {http://nws.iif.hu/NwScd/docs/nevjegy/nj74.htm}
}

Abstract

Smart Card technológiát alkalmazó Internetes fizetési rendszer

BME, 2000.

Bibtex

@mastersthesis {
   author = {},
   title = {Smart Card technológiát alkalmazó Internetes fizetési rendszer},
   school = {BME},
   year = {2000}
}

Abstract

Smart Cards - Present and Future

I. Zs. Berta, Z. Á. Mann

Híradástechnika, Journal on C5, 12, 2000.

Bibtex | PDF

@article {
   author = {István Zsolt BERTA, Zoltán Ádám Mann},
   title = {Smart Cards - Present and Future},
   journal = {Híradástechnika, Journal on C5},
   month = {12},
   year = {2000}
}

Abstract

Tanulmány a napvilágra került Elender jelszavakról

I. Vajda, B. Bencsáth, A. Bognár

Apr., 2000.

Bibtex | Abstract

@techreport {
   author = {István VAJDA, Boldizsár Bencsáth, Attila BOGNÁR},
   title = {Tanulmány a napvilágra került Elender jelszavakról},
   month = {Apr.},
   year = {2000}
}

Abstract

http://ebizlab.hit.bme.hu/pub/lrpasswd.html

Toward Mobile Ad-Hoc WANs: Terminodes

J. P. Hubaux, J. Y. Le Boudec, S. Giordano, M. Hamdi, L. Blazevic, L. Buttyán, M. Vojnovic

no. DSC/2000/006, EPFL-DI-ICA, February, 2000.

Bibtex | Abstract | PDF

@techreport {
   author = {, , , , , Levente BUTTYÁN, },
   title = {Toward Mobile Ad-Hoc WANs: Terminodes},
   number = {DSC/2000/006},
   institution = {EPFL-DI-ICA},
   month = {February},
   year = {2000}
}

Keywords

wireless mobile ad-hoc network, wide area network, terminodes, mobility management, virtual home region, geodesic packet forwarding, beans, security

Abstract

Terminodes are personal devices that provide the functions of both the terminals and the nodes of the network. A network of terminodes is an autonomous, fully self-organized, wireless network, independent of any infrastructure. It must be able to scale up to millions of units, without any fixed backbone nor server. In this paper we present the main challenges and discuss the main technical directions.

Traffic Dependent Bluetooth Scatternet Optimization Procedure

Gy. Miklós, M. Felegyhazi

US patent, May, 2000, Nr: 09/666529.

Bibtex

@misc {
   author = {György Miklós, Mark Felegyhazi},
   title = {Traffic Dependent Bluetooth Scatternet Optimization Procedure},
   howpublished = {US patent},
   month = {May},
   year = {2000},
   note = {Nr: 09/666529}
}

Abstract

Virtuális magánhálózatok kiépítése és auditálása

B. Bencsáth

BME, 2000.

Bibtex

@mastersthesis {
   author = {Boldizsár Bencsáth},
   title = {Virtuális magánhálózatok kiépítése és auditálása},
   school = {BME},
   year = {2000}
}

Abstract

1999

Accountable Anonymous Access to Services in Mobile Communication Systems

L. Buttyán, J. P. Hubaux

Proceedings of 18th IEEE Symposium on Reliable Distributed Systems, Workshop on Electronic Commerce, Lausanne, Switzerland, October, 1999, pp. 384-389.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, },
   title = {Accountable Anonymous Access to Services in Mobile Communication Systems},
   booktitle = {Proceedings of 18th IEEE Symposium on Reliable Distributed Systems, Workshop on Electronic Commerce},
   address = {Lausanne, Switzerland},
   month = {October},
   year = {1999},
   pages = {384-389}
}

Keywords

electronic commerce, anonymity, accountability, ticket based service access, customer care agency

Abstract

We introduce a model that allows anonymous yet accountable access to services in mobile communication systems. This model is based on the introduction of a new business role, called the customer care agency, and a ticket based mechanism for service access. We introduce the general idea of ticket based service access, and present a categorisation of ticket types and ticket acquisition models. We analyse the role of customer care agencies and emphasise their advantages.

Accountable Anonymous Service Usage in Mobile Communication Systems

L. Buttyán, J. P. Hubaux

no. SSC/99/16, EPFL-DI-ICA, May, 1999.

Bibtex | Abstract

@techreport {
   author = {Levente BUTTYÁN, },
   title = {Accountable Anonymous Service Usage in Mobile Communication Systems},
   number = {SSC/99/16},
   institution = {EPFL-DI-ICA},
   month = {May},
   year = {1999}
}

Keywords

ticket based service access, customer care, mobile computing, anonymity, accountability

Abstract

We introduce a model that allows of anonymous yet accountable service usage in mobile communication systems. This model is based on the introduction of a new business role, called the customer care agency, and a ticket based mechanism for service access. We motivate the introduction of customer care agencies by analyzing their role and emphasizing their advantages. We introduce the general idea of ticket based service access, present a categorization of ticket types and ticket acquisition models, and identify some possible attacks against ticket based systems. We illustrate how agencies and tickets work together by presenting a ticket based protocol between users, customer care agencies, and service providers. The protocol achieves authentication of the service provider to the user, establishment of a shared session key between the user and the service provider, and correct and undeniable charging. In addition, it provides revokable anonymity for users, which means that the identity of misbehaving users can be revealed.

An Experimental Analysis of Mobile IP in a Wireless Environment

M. Felegyhazi, Cs. Szabó, V. Tímár

Students' Scientific Conference, TU Budapest, October, 1999, in Hungarian.

Bibtex | Abstract | PDF

@misc {
   author = {Mark Felegyhazi, Csanád Szabó, Veronika Tímár},
   title = {An Experimental Analysis of Mobile IP in a Wireless Environment},
   howpublished = {Students' Scientific Conference, TU Budapest},
   month = {October},
   year = {1999},
   note = {in Hungarian}
}

Abstract

Dolgozatunkban egy vezeték nélküli hálózaton mértük a Mobile IP szabvány egyes teljesítményjellemzõit. Elsõsorban arra voltunk kiváncsiak, hogy a handoverek milyen hatással vannak a TCP-t használó alkalmazásokra. Az eredményekbõl azt a következtetést vonhatjuk le, hogy a Mobile IP fõleg a lassú handover vagyis a hordozhatóság kezelésére alkalmas, mert belsõ késleltetései nagyok. Gyakori handoverek esetén a Mobile IP-t használó TCP alkalmazások átviteli sebessége a nagy csomagvesztés miatt rohamosan csökken. A jövõben várható a cellák méretének csökkenése. Átmérõjük egészen néhány tíz méterig lecsökkenhet [HAA98]. Vegyünk egy példát, ahol a cellák 30 méter átmérõjûek és a felhasználó 1 m/s sebességgel halad, közben laptopjával kapcsolódik az Internetre. Ekkor percenként két handover történik. Az átviteli sebesség kétharmadára csökken ahhoz képest, mintha egyhelyben állna, azaz megállapíthatjuk, hogy a Mobile IP-t nem a gyakori handover kezelésére tervezték. Már léteznek javaslatok a szabvány kiegészítésére gyors cellaváltás esetén [RAM99], [MAL99], [MCA99]. A jövõben ezekkel fogunk foglalkozni.

Closed User Groups in Internet Service Centres

L. Buttyán, S. Staamann, A. Coignet, E. Ruggiano, U. Wilhelm, M. Zweiacker

Proceedings of DAIS`99, Helsinki, June, 1999.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, , , , , },
   title = {Closed User Groups in Internet Service Centres},
   booktitle = {Proceedings of DAIS`99},
   address = {Helsinki},
   month = {June},
   year = {1999}
}

Keywords

Access Control, Authorisation, Closed Users Groups, Middleware, CORBA, Security

Abstract

The paper presents a model for end-user directed access control to services in Internet service centres that, beside the classical Internet services (e.g., e-mail), offer a multitude of new services (e.g., on-line conferencing and auctioning) over the Internet. The model is based on the concept of closed user groups. The main idea is that at creation time each service instance and its components are assigned to a user group previously formed by a subset of the end-users, and access control is performed for access attempts through checking the group assignment of the accessed resource against the group memberships of the authenticated accessing end-user. Access control is directed by the end-users through the management of group memberships. We describe the concept of closed user groups, the management of group memberships, the enforcement of access control, and the realisation with off-the-shelf software for a middleware based service environment, which is haracterised by the use of CORBA, Java, and WWW technology.

CVE-1999-1496

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496, 1999.

Bibtex | Abstract

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-1999-1496},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496},
   year = {1999}
}

Abstract

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

Formal methods in the design of cryptographic protocols (state of the art)

L. Buttyán

no. SSC/1999/38, EPFL-DI-ICA, November, 1999.

Bibtex | Abstract

@techreport {
   author = {Levente BUTTYÁN},
   title = {Formal methods in the design of cryptographic protocols (state of the art)},
   number = {SSC/1999/38},
   institution = {EPFL-DI-ICA},
   month = {November},
   year = {1999}
}

Keywords

cryptographic protocols, formal methods, verification, specification

Abstract

This paper is a state of the art review of the use of formal methods in the design of cryptographic rotocols.

Internetes értékpapír-megbízásokat kezelõ rendszer

D. Labanc

1999.

Bibtex

@mastersthesis {
   author = {Dániel LABANC},
   title = {Internetes értékpapír-megbízásokat kezelõ rendszer},
   year = {1999}
}

Abstract

Introducing Trusted Third Parties to the Mobile Agent Paradigm

U. Wilhelm, S. Staamann, L. Buttyán

in J. Vitek, C. Jensen: Proceedings of Secure Internet Programming: Security Issues for Mobile and Distributed Objects, Springer-Verlag (LNCS 1603), 1999.

Bibtex | Abstract

@inbook {
   author = {, , Levente BUTTYÁN},
   title = {Introducing Trusted Third Parties to the Mobile Agent Paradigm},
   publisher = {in J. Vitek, C. Jensen: Proceedings of Secure Internet Programming: Security Issues for Mobile and Distributed Objects, Springer-Verlag (LNCS 1603)},
   year = {1999}
}

Keywords

Protecting Mobile Agents, Trust, Tamper Proof Environment

Abstract

Systems that support mobile agents are increasingly being used on the global Internet. An important application that is considered for these agents is electronic commerce, where agents roam the World Wide Web in search of goods for their owners. In these applications, an agent moves along some itinerary in order to search for the best offer for the good sought by the user. The problem with this approach is that malicious providers on the agent`s itinerary can damage the agent, tamper with the agent so that the agent itself becomes malicious, or forward the agent to any arbitrary provider that might not be on the agent`s itinerary. In this presentation we will primarily address the question how an agent can safely follow some pre-defined itinerary. We will identify the problem of trust as a major issue in this context and describe a trusted and tamper-proof hardware that can be used to enforce a policy. Based on this policy, we will show how the agent can take advantage of it in order to achieve the desired goal.

Multilateral Security in Middleware Based Telecommunications Architectures

S. Staamann, U. Wilhelm, L. Buttyán

in G. Mueller, K. Rannenberg, Proceedings of Multilateral Security in Communications, Addison-Wesley, 1999.

Bibtex | Abstract

@inbook {
   author = {, , Levente BUTTYÁN},
   title = {Multilateral Security in Middleware Based Telecommunications Architectures},
   publisher = {in G. Mueller, K. Rannenberg, Proceedings of Multilateral Security in Communications, Addison-Wesley},
   year = {1999}
}

Keywords

multilateral security, middleware, CORBA, telecommunications, TINA

Abstract

The concept of middleware based architectures for telecommunication services in the broadband, multimedia, and information era is emerging. One representative example is the Telecommunications Information Networking Architecture (TINA), which is characterised by a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce TINA, analyse it with regard to security and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.

Possibilities of authenticity using intelligent smart card

I. Zs. Berta, Z. Á. Mann

Scientific student circles (TDK) 1999, Budapest University of Technology and Economics, 1999.

Bibtex | Abstract | PDF

@misc {
   author = {István Zsolt BERTA, Zoltán Ádám Mann},
   title = {Possibilities of authenticity using intelligent smart card},
   howpublished = {Scientific student circles (TDK) 1999, Budapest University of Technology and Economics},
   year = {1999}
}

Abstract

Az intelligens (alkalmazások futtatására képes) smartcardok óriási lehetõségeket nyitottak meg az elektronikus biztonságtechnikai alkalmazások elõtt. Habár a technikai lehetõség régóta megvan programok smartcardokon való futtatására, ezek alkalmazása mindmáig nem terjedt el.

Célunk ezen lehetõségek feltérképezése s kiaknázása volt. A hitelesség biztosításának módszereit néztük végig, s valósítottuk meg a 1999. május óta béta verzióban létezõ Microsoft Smart Card for Windows eszközön. Dolgozatunkkal demonstrálni szeretnénk, hogy ez a kártya milyen lehetõségeket nyújt e terület fõbb ágain, úgymint:

  • Üzenethitelesítés,
  • Hozzáférésvédelem (dinamikus jelszavak segítségével),
  • Rejtjelezés,
  • Digitális aláírás,
  • Kulcsgondozás, kulcsok tárolása és generálása.

    A fentiek bemutatására példaalkalmazásokat készítünk a kártyához tartozó Visual Basic alapú fejlesztõkörnyezet segítségével. Beszámolunk azirányú tapasztalatainkról, hogy kis (32 kilobyte EEPROM, 1 kilobyte SRAM) erõforráskészlettel rendelkezõ eszközön mennyiben lehet kihasználni a magas szintû nyelv és programozási környezet által biztosított lehetõségeket. Felmérjük a kártya képességeit, korlátait, s ezen korlátok ismeretében próbáljuk értékelni, hogy a jelen technológia milyen alkalmazásokat tesz lehetõvé, s milyen változások, fejlõdési irányok várhatóak a jövõben.

  • Problem areas of the security aspects of network operating systems

    B. Bencsáth, S. Tihanyi

    Scientific student groups (TDK) 1999, 1999.

    Bibtex | PDF

    @misc {
       author = {Boldizsár Bencsáth, Sándor TIHANYI},
       title = {Problem areas of the security aspects of network operating systems},
       howpublished = {Scientific student groups (TDK) 1999},
       year = {1999}
    }

    Abstract

    SmartCardos mobiltelefonokkal megvalósított biztonságos elektronikus fizetõeszköz

    I. Kiss

    BME, 1999.

    Bibtex

    @mastersthesis {
       author = {István KISS},
       title = {SmartCardos mobiltelefonokkal megvalósított biztonságos elektronikus fizetõeszköz},
       school = {BME},
       year = {1999}
    }

    Abstract

    Toward a Formal Model of Fair Exchange - a Game Theoretic Approach

    L. Buttyán, J. P. Hubaux

    no. SSC/1999/39, EPFL-DI-ICA, December, 1999.

    Bibtex | Abstract | PDF

    @techreport {
       author = {Levente BUTTYÁN, },
       title = {Toward a Formal Model of Fair Exchange - a Game Theoretic Approach},
       number = {SSC/1999/39},
       institution = {EPFL-DI-ICA},
       month = {December},
       year = {1999}
    }

    Keywords

    fair exchane protocol, formal model, game theory, electronic commerce

    Abstract

    A fair exchange protocol is a protocol, in which two (or more) mutually suspicious parties exchange their digital items in a way that neither party can gain an advantage over the other by misbehaving. Many fair exchange protocols have been proposed in the academic literature, but they provide rather different types of fairness. The formal comparison of these proposals remained difficult, mainly, because of the lack of a common formal framework, in which each can be modelled and formal fairness definitions can be given. In this paper, we propose to use game theory for this purpose. We show how to represent fair exchange protocols with game trees and give three definitions of fairness using standard game theoretic notions. We are not aware of any other work that uses the apparatus of game theory for modelling fair exchange protocols.

    1998

    A Note on an Authentication Technique Based on Distributed Security Management for the Global Mobility Network

    C. Gbaguidi, S. Staamann, U. Wilhelm, L. Buttyán

    no. SSC/98/18, EPFL-DI-ICA, April, 1998.

    Bibtex | Abstract

    @techreport {
       author = {, , , Levente BUTTYÁN},
       title = {A Note on an Authentication Technique Based on Distributed Security Management for the Global Mobility Network},
       number = {SSC/98/18},
       institution = {EPFL-DI-ICA},
       month = {April},
       year = {1998}
    }

    Keywords

    authentication protocol, belief logic, verification

    Abstract

    In this paper, we analyse the authentication protocol that has been proposed for the so called global mobility network in the October 1997 issue of the IEEE Journal on Selected Areas in Communications. Using a simple logic of authentication, we show that the protocol has flaws, and we present three different attacks that exploit these. We correct the protocol using a simple design tool that we have developed.

    A Simple Logic for Authentication Protocol Design

    L. Buttyán, S. Staamann, U. Wilhelm

    Proceedings of IEEE Computer Security Foundations Workshop, Rockport, MA, USA, June, 1998, pp. 153-162.

    Bibtex | Abstract

    @inproceedings {
       author = {Levente BUTTYÁN, , },
       title = {A Simple Logic for Authentication Protocol Design},
       booktitle = {Proceedings of IEEE Computer Security Foundations Workshop},
       address = {Rockport, MA, USA},
       month = {June},
       year = {1998},
       pages = {153-162}
    }

    Keywords

    authentication protocol, belief logic, logic based design

    Abstract

    In this paper, we describe a simple logic. The logic uses the notion of channels that are generalisations of communication links with various security properties. The abstract nature of channels enables us to treat the protocol at a higher abstraction level than do most of the known logics for authentication, and thus, we can address the higher level functional properties of the system, without having to be concerned with the problems of the actual implementation. The major advantage of the proposed logic is its suitability for the design of authentication protocols. We give a set of synthetic rules that can be used by protocol designers to construct a protocol in a systematic way.

    Analysis of Protocol Sequences for Slow Frequency Hopping

    L. Györfi, I. Vajda

    Wireless Networks, vol. 4, 1998, pp. 411-418.

    Bibtex

    @article {
       author = {, István VAJDA},
       title = {Analysis of Protocol Sequences for Slow Frequency Hopping},
       journal = {Wireless Networks},
       volume = {4},
       year = {1998},
       pages = {411-418}
    }

    Abstract

    Analysis of Protocol Sequences for Slow Frequency Hopping

    S. Csibi, L. Györfi, I. Vajda

    Proceedings of the 1998 International Zürich Seminar on Broadband Communication (IEEE Catalog No.98TH8277), 1998, pp. 237-242.

    Bibtex

    @inproceedings {
       author = {, , István VAJDA},
       title = {Analysis of Protocol Sequences for Slow Frequency Hopping},
       booktitle = {Proceedings of the 1998 International Zürich Seminar on Broadband Communication (IEEE Catalog No.98TH8277)},
       year = {1998},
       pages = {237-242}
    }

    Abstract

    CrySTINA: Security in the Telecommunications Information Networking Architecture

    S. Staamann, U. Wilhelm, L. Buttyán

    no. SSC/98/4, EPFL-DI-ICA, January, 1998.

    Bibtex | Abstract

    @techreport {
       author = {, , Levente BUTTYÁN},
       title = {CrySTINA: Security in the Telecommunications Information Networking Architecture},
       number = {SSC/98/4},
       institution = {EPFL-DI-ICA},
       month = {January},
       year = {1998}
    }

    Keywords

    security, CORBA, TINA, DPE, interoperability

    Abstract

    TINA specifies an open architecture for telecommunication services in the broadband, multimedia, and information era. Its characteristics most relevant for security are a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce the TINA-C architecture, analyse it with regard to security and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.

    Internetes telebanki szolgáltatás és a szerver oldali adatbiztonsága

    Á. Csernitzky

    BME, 1998.

    Bibtex

    @mastersthesis {
       author = {Ádám Csernitzky},
       title = {Internetes telebanki szolgáltatás és a szerver oldali adatbiztonsága},
       school = {BME},
       year = {1998}
    }

    Abstract

    On the distribution of Hamming correlation of cyclically permutable subsets of RS codes

    Á. Jordán, I. Vajda

    Proceedings of the II. International Workshop on Optimal Codes'98, Sazopol,Bulgaria, June 9-15, 1998, pp. 144-150.

    Bibtex

    @inproceedings {
       author = {, István VAJDA},
       title = {On the distribution of Hamming correlation of cyclically permutable subsets of RS codes},
       booktitle = {Proceedings of the II. International Workshop on Optimal Codes'98},
       address = {Sazopol,Bulgaria},
       month = {June 9-15},
       year = {1998},
       pages = {144-150}
    }

    Abstract

    On the Hamming correlation distribution of SFH signature sequence sets

    Á. Jordán, I. Vajda

    roceedings of the IEEE ISSSTA '98 (IEEE Fifth International Symposium on Spread Sectrum Techniques & Applications), Sun City, South Africa, September 2-4, 1998, pp. 676-680.

    Bibtex

    @inproceedings {
       author = {, István VAJDA},
       title = {On the Hamming correlation distribution of SFH signature sequence sets},
       booktitle = {roceedings of the IEEE ISSSTA '98 (IEEE Fifth International Symposium on Spread Sectrum Techniques & Applications)},
       address = {Sun City, South Africa},
       month = {September 2-4},
       year = {1998},
       pages = {676-680}
    }

    Abstract

    On the Problem of Trust in Mobile Agent Systems

    U. Wilhelm, S. Staamann, L. Buttyán

    Proceedings of Internet Society`s Symposium on Network and Distributed System Security, San Diego, CA, USA, March, 1998.

    Bibtex | Abstract

    @inproceedings {
       author = {, , Levente BUTTYÁN},
       title = {On the Problem of Trust in Mobile Agent Systems},
       booktitle = {Proceedings of Internet Society`s Symposium on Network and Distributed System Security},
       address = {San Diego, CA, USA},
       month = {March},
       year = {1998}
    }

    Keywords

    trust, mobile agent, tamper proof environment

    Abstract

    Systems that support mobile agents are increasingly being used on the global Internet. Security concerns dealing with the protection of the execution environment from malicious agents are extensively being tackled. We concentrate on the reverse problem, namely how a mobile agent can be protected from malicious behaviour of the execution environment, which is largely ignored. We will identify the problem of trust as the major issue in this context and describe a trusted and tamper-proof hardware that can be used to divide this problem among several principals, each of which has to be trusted with a special task. We show that the presented approach can be used to mitigate an important problem in the design of open systems.

    Protecting the Itinerary of Mobile Agents

    U. Wilhelm, S. Staamann, L. Buttyán

    Proceedings of ECOOP Workshop on Mobile Object Systems: Secure Internet Mobile Communications, Brussels, Belgium, June, 1998.

    Bibtex | Abstract

    @inproceedings {
       author = {, , Levente BUTTYÁN},
       title = {Protecting the Itinerary of Mobile Agents},
       booktitle = {Proceedings of ECOOP Workshop on Mobile Object Systems: Secure Internet Mobile Communications},
       address = {Brussels, Belgium},
       month = {June},
       year = {1998}
    }

    Keywords

    mobile agent protection

    Abstract

    Systems that support mobile agents are increasingly being used on the global Internet. An important application that is considered for these agents is electronic commerce, where agents roam the World Wide Web in search of goods for their owners. In these applications, an agent moves along some itinerary in order to search for the best offer for the good sought by the user. The problem with this approach is that malicious providers on the agent`s itinerary can damage the agent, tamper with the agent so that the agent itself becomes malicious, or forward the agent to any arbitrary provider that might not be on the agent`s itinerary. In this presentation we will primarily address the question how an agent can safely follow some pre-defined itinerary. We will identify the problem of trust as a major issue in this context and describe a trusted and tamper-proof hardware that can be used to enforce a policy. Based on this policy, we will show how the agent can take advantage of it in order to achieve the desired goal.

    Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach

    S. Staamann, U. Wilhelm, L. Buttyán

    no. SSC/98/4, EPFL-DI-ICA, January, 1998.

    Bibtex | Abstract

    @techreport {
       author = {, , Levente BUTTYÁN},
       title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
       number = {SSC/98/4},
       institution = {EPFL-DI-ICA},
       month = {January},
       year = {1998}
    }

    Keywords

    security, TINA

    Abstract

    The article presents the first results of the CrySTINA project. We analyze and structure the security problem domain in the TINA-C architecture and present our approach to provide the necessary security functionality in the form of self-contained application-independent security services and security mechanisms as part of the DPE functionality. The DPE is assumed to be basically provided by CORBA products. Therefore, we introduce the CORBA security specification and investigate if and how the identified TINA security services can be implemented using the CORBA security functionality.

    Security in TINA

    S. Staamann, U. Wilhelm, L. Buttyán

    Proceedings of IFIP-SEC`98, Wienna-Budapest, August, 1998.

    Bibtex | Abstract

    @inproceedings {
       author = {, , Levente BUTTYÁN},
       title = {Security in TINA},
       booktitle = {Proceedings of IFIP-SEC`98},
       address = {Wienna-Budapest},
       month = {August},
       year = {1998}
    }

    Keywords

    security, CORBA, DPE, TINA, interoperability

    Abstract

    TINA is a specification of an open architecture for telecommunication services in the broadband, multimedia, and information era. Its characteristics most relevant for security are a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce the TINA-C architecture, analyse it with regard to security, and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.

    1997

    A hitelkártyás vásárlás SET (Secure Electronic Transaction) draft standard adatbiztonsági protokolljának vizsgálata

    Zs. Nagy

    BME, 1997.

    Bibtex

    @mastersthesis {
       author = {Zsigmond NAGY},
       title = {A hitelkártyás vásárlás SET (Secure Electronic Transaction) draft standard adatbiztonsági protokolljának vizsgálata},
       school = {BME},
       year = {1997}
    }

    Abstract

    Biztonságos kommunikáció X400 MTA és Web Browser ügyfél alkalmazás között

    Zs. Szabadi

    BME, 1997.

    Bibtex

    @mastersthesis {
       author = {Zsolt SZABADI},
       title = {Biztonságos kommunikáció X400 MTA és Web Browser ügyfél alkalmazás között},
       school = {BME},
       year = {1997}
    }

    Abstract

    Data Security Issues of Computer Networks

    L. Buttyán

    Magyar Távközlés (Selected Papers from the Hungarian Telecommunications), 1997, pp. 50-57..

    Bibtex

    @article {
       author = {Levente BUTTYÁN},
       title = {Data Security Issues of Computer Networks},
       journal = {Magyar Távközlés (Selected Papers from the Hungarian Telecommunications)},
       year = {1997},
       pages = {50-57.}
    }

    Abstract

    On the Design of Strong Bit Permutations and Substitutions

    L. Buttyán, I. Vajda

    Budapest University of Technology, January, 1997.

    Bibtex

    @techreport {
       author = {Levente BUTTYÁN, István VAJDA},
       title = {On the Design of Strong Bit Permutations and Substitutions},
       institution = {Budapest University of Technology},
       month = {January},
       year = {1997}
    }

    Abstract

    On the Design of Substitution-Permutation Ciphers

    I. Vajda, L. Buttyán

    Budapest University of Technology, January, 1997.

    Bibtex

    @techreport {
       author = {István VAJDA, Levente BUTTYÁN},
       title = {On the Design of Substitution-Permutation Ciphers},
       institution = {Budapest University of Technology},
       month = {January},
       year = {1997}
    }

    Abstract

    Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach

    S. Staamann, U. Wilhelm, A. Schiper, L. Buttyán, J. P. Hubaux

    Proceedings of TINA`97, November, 1997.

    Bibtex | Abstract

    @inproceedings {
       author = {, , , Levente BUTTYÁN, },
       title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
       booktitle = {Proceedings of TINA`97},
       month = {November},
       year = {1997}
    }

    Keywords

    security, TINA

    Abstract

    The article presents the first results of the CrySTINA project. We analyze and structure the security problem domain in the TINA-C architecture and present our approach to provide the necessary security functionality in the form of self-contained application-independent security services and security mechanisms as part of the DPE functionality. The DPE is assumed to be basically provided by CORBA products. Therefore, we introduce the CORBA security specification and investigate if and how the identified TINA security services can be implemented using the CORBA security functionality.

    1996

    Data Security Issues of Computer Networks (in Hungarian)

    L. Buttyán

    Magyar Távközlés, vol. VII., no. 4., April, 1996, pp. 11-19..

    Bibtex

    @article {
       author = {Levente BUTTYÁN},
       title = {Data Security Issues of Computer Networks (in Hungarian)},
       journal = {Magyar Távközlés},
       volume = {VII.},
       number = {4.},
       month = {April},
       year = {1996},
       pages = {11-19.}
    }

    Abstract

    1995

    Code construction for FH/CDMA channels

    I. Vajda

    IEEE Transactions on Communications, vol. 43, no. 10, October, 1995.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Code construction for FH/CDMA channels},
       journal = {IEEE Transactions on Communications},
       volume = {43},
       number = {10},
       month = {October},
       year = {1995}
    }

    Abstract

    Nyílt számítógépes hálózatok adatvédelmi kérdései

    K. Rassay

    BME, 1995.

    Bibtex

    @mastersthesis {
       author = {Krisztián RASSAY},
       title = {Nyílt számítógépes hálózatok adatvédelmi kérdései},
       school = {BME},
       year = {1995}
    }

    Abstract

    On Design Criteria of Conventional Block Ciphers (in Hungarian)

    I. Vajda, L. Buttyán

    Hiradástechnika, vol. XLVI., March, 1995, pp. 10-18., (awarded with the Pollak-Virag Award of the Hungarian Telecommunication Scientific Society).

    Bibtex

    @article {
       author = {István VAJDA, Levente BUTTYÁN},
       title = {On Design Criteria of Conventional Block Ciphers (in Hungarian)},
       journal = {Hiradástechnika},
       volume = {XLVI.},
       month = {March},
       year = {1995},
       pages = {10-18.},
       note = {(awarded with the Pollak-Virag Award of the Hungarian Telecommunication Scientific Society)}
    }

    Abstract

    S-box Design, (in Hungarian)

    L. Buttyán

    Budapest University of Technology, May, 1995.

    Bibtex

    @mastersthesis {
       author = {Levente BUTTYÁN},
       title = {S-box Design, (in Hungarian)},
       school = {Budapest University of Technology},
       month = {May},
       year = {1995}
    }

    Abstract

    Searching for the best linear approximation of DES-like cryptosystems

    L. Buttyán, I. Vajda

    IEE Electronics Letters, vol. 31, no. 11, May, 1995, pp. 873-874.

    Bibtex

    @article {
       author = {Levente BUTTYÁN, István VAJDA},
       title = {Searching for the best linear approximation of DES-like cryptosystems},
       journal = {IEE Electronics Letters},
       volume = {31},
       number = {11},
       month = {May},
       year = {1995},
       pages = {873-874}
    }

    Abstract

    1994

    Code Constructions for Code Division Multiple Access Channels

    I. Vajda

    Journal on Communications, vol. XLV, March, 1994, pp. 2-9.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Code Constructions for Code Division Multiple Access Channels},
       journal = {Journal on Communications},
       volume = {XLV},
       month = {March},
       year = {1994},
       pages = {2-9}
    }

    Abstract

    1993

    Construction of Protocol Sequences for Multiple-Access Collision Channels

    L. Györfi, I. Vajda

    Proceedings of the 1993 IEEE International Symposium on Information Theory, San Antonio, USA, Jan 17-22, 1993, pp. 157.

    Bibtex

    @inproceedings {
       author = {, István VAJDA},
       title = {Construction of Protocol Sequences for Multiple-Access Collision Channels},
       booktitle = {Proceedings of the 1993 IEEE International Symposium on Information Theory},
       address = {San Antonio, USA},
       month = {Jan 17-22},
       year = {1993},
       pages = {157}
    }

    Abstract

    Hibakorlátozó kódolás

    I. Vajda

    Chapter 7, in Géher K. (ed.): Híradástechnika, Mûszaki Könyvkiadó, 1993.

    Bibtex

    @inbook {
       author = {István VAJDA},
       title = {Hibakorlátozó kódolás},
       chapter = {Chapter 7},
       publisher = {in Géher K. (ed.): Híradástechnika, Mûszaki Könyvkiadó},
       year = {1993}
    }

    Abstract

    Spread Spectrum Principle Based Wireless Telecommunication Networks

    I. Vajda

    Magyar Távközlés, 1993, pp. 43-49, Selected papers 1993.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Spread Spectrum Principle Based Wireless Telecommunication Networks},
       journal = {Magyar Távközlés},
       year = {1993},
       pages = {43-49},
       note = {Selected papers 1993}
    }

    Abstract

    1992

    Code sequences for FH-CDMA channels

    I. Vajda

    Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications, Yokohama, Japan, 1992, pp. 195-197.

    Bibtex

    @inproceedings {
       author = {István VAJDA},
       title = {Code sequences for FH-CDMA channels},
       booktitle = {Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications},
       address = {Yokohama, Japan},
       year = {1992},
       pages = {195-197}
    }

    Abstract

    Construction of Protocol Sequences for Multiple-Access Collision Channel without Feedback

    L. Györfi, I. Vajda

    IEEE Transactions on Information Theory, vol. 39, no. 5, September, 1992, pp. 1762-1765.

    Bibtex

    @article {
       author = {, István VAJDA},
       title = {Construction of Protocol Sequences for Multiple-Access Collision Channel without Feedback},
       journal = { IEEE Transactions on Information Theory},
       volume = {39},
       number = {5},
       month = {September},
       year = {1992},
       pages = {1762-1765}
    }

    Abstract

    Lokális számítógéphálózatok algoritmikus adatvédelme

    Gy. Hernádi

    BME, 1992.

    Bibtex

    @mastersthesis {
       author = {György HERNÁDI},
       title = {Lokális számítógéphálózatok algoritmikus adatvédelme},
       school = {BME},
       year = {1992}
    }

    Abstract

    1991

    A cryptographic element based on number system conversion

    T. Nemetz, I. Vajda

    Proceedings of 1991 IEEE International Symposium on Information Theory, Budapest, Hungary, 1991, pp. 127.

    Bibtex

    @inproceedings {
       author = {Tibor NEMETZ, István VAJDA},
       title = {A cryptographic element based on number system conversion},
       booktitle = {Proceedings of 1991 IEEE International Symposium on Information Theory},
       address = {Budapest, Hungary},
       year = {1991},
       pages = {127}
    }

    Abstract

    Bevezetés az algoritmikus adatvédelembe

    T. Nemetz, I. Vajda

    Az elektronika újabb eredményei 9.kötet, Akadémiai Kiadó, 1991, Budapest.

    Bibtex

    @book {
       author = {Tibor NEMETZ, István VAJDA},
       title = {Bevezetés az algoritmikus adatvédelembe},
       series = {Az elektronika újabb eredményei 9.kötet},
       publisher = {Akadémiai Kiadó},
       year = {1991},
       note = {Budapest}
    }

    Abstract

    Comments on Code-Division Multiple Access Techniques in Optical Fiber Networks

    I. Vajda

    IEEE Transactions on Communications, vol. 39, no. 2, February, 1991, pp. 196.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Comments on Code-Division Multiple Access Techniques in Optical Fiber Networks},
       journal = {IEEE Transactions on Communications},
       volume = {39},
       number = {2},
       month = {February},
       year = {1991},
       pages = {196}
    }

    Abstract

    Reed-Solomon kódok alkalmazási lehetõségei az adatvédelemben

    T. Szántó

    BME, 1991.

    Bibtex

    @mastersthesis {
       author = {Tibor SZÁNTÓ},
       title = {Reed-Solomon kódok alkalmazási lehetõségei az adatvédelemben},
       school = {BME},
       year = {1991}
    }

    Abstract

    Side information gained from signal matrices in FFH spread spectrum systems

    I. Vajda

    Electronics and Communications, vol. 45, no. 2, March, 1991, pp. 70-76, Hirzel Verlag.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Side information gained from signal matrices in FFH spread spectrum systems},
       journal = {Electronics and Communications},
       volume = {45},
       number = {2},
       month = {March},
       year = {1991},
       pages = {70-76},
       note = {Hirzel Verlag}
    }

    Abstract

    Substitution of characters in q-ary m-sequences

    I. Vajda, T. Nemetz

    Lecture Notes in Computer Science 508, 1991, pp. 96-105, Springer-Verlag.

    Bibtex

    @article {
       author = {István VAJDA, Tibor NEMETZ},
       title = {Substitution of characters in q-ary m-sequences},
       journal = {Lecture Notes in Computer Science 508},
       year = {1991},
       pages = {96-105},
       note = {Springer-Verlag}
    }

    Abstract

    1990

    AGC based hard detected FFH signal matrices

    I. Vajda

    IEE Electronics Letters, vol. 26, no. 3, February, 1990, pp. 218-219.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {AGC based hard detected FFH signal matrices},
       journal = {IEE Electronics Letters},
       volume = {26},
       number = {3},
       month = {February},
       year = {1990},
       pages = {218-219}
    }

    Abstract

    On random code-hopping DS/SSMA systems

    I. Vajda

    Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications, London, 1990, pp. 47-52.

    Bibtex

    @inproceedings {
       author = {István VAJDA},
       title = {On random code-hopping DS/SSMA systems},
       booktitle = {Proceedings of IEEE Symposium on Spread Spectrum Techniques and Applications},
       address = {London},
       year = {1990},
       pages = {47-52}
    }

    Abstract

    1987

    Code acquisition for a frequency hopping system

    I. Vajda, G. Einarsson

    IEEE Transactions on Communications, vol. 35, no. 5, May, 1987, pp. 566-568.

    Bibtex

    @article {
       author = {István VAJDA, },
       title = {Code acquisition for a frequency hopping system},
       journal = {IEEE Transactions on Communications},
       volume = {35},
       number = {5},
       month = {May},
       year = {1987},
       pages = {566-568}
    }

    Abstract

    Error probability of a code-division multiple-access frequency-hopping system

    G. Einarsson, I. Vajda, L. Molnár

    Electronics and Communications, vol. 41, no. 6, December, 1987, pp. 356-364, Hirzel Verlag.

    Bibtex

    @article {
       author = {, István VAJDA, },
       title = {Error probability of a code-division multiple-access frequency-hopping system},
       journal = {Electronics and Communications},
       volume = {41},
       number = {6},
       month = {December},
       year = {1987},
       pages = {356-364},
       note = {Hirzel Verlag}
    }

    Abstract

    Some results on generation of shift-register sequences with large linear complexity

    I. Vajda, J. Landsmann

    Proceedings of Applied Algebra, Algebraic Algorithms and Error Control Codes, AAECC-5, Menorca, Spain, June 15-19, 1987, pp. 81.

    Bibtex

    @inproceedings {
       author = {István VAJDA, },
       title = {Some results on generation of shift-register sequences with large linear complexity},
       booktitle = {Proceedings of Applied Algebra, Algebraic Algorithms and Error Control Codes, AAECC-5},
       address = {Menorca, Spain},
       month = {June 15-19},
       year = {1987},
       pages = {81}
    }

    Abstract

    1985

    More on modelling and performance evaluation for frequency coded multiple access channels

    I. Vajda

    Proceedings of U.R.S.I. XXIst General Assembly, Florence, Italy, 1985, pp. 104.

    Bibtex

    @inproceedings {
       author = {István VAJDA},
       title = {More on modelling and performance evaluation for frequency coded multiple access channels},
       booktitle = {Proceedings of U.R.S.I. XXIst General Assembly},
       address = {Florence, Italy},
       year = {1985},
       pages = {104}
    }

    Abstract

    1983

    A coding rule for frequency-hopped multiple access channels

    I. Vajda

    Problems of Control and Information Theory, vol. 13, no. 5, 1983, pp. 331-335.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {A coding rule for frequency-hopped multiple access channels},
       journal = {Problems of Control and Information Theory},
       volume = {13},
       number = {5},
       year = {1983},
       pages = {331-335}
    }

    Abstract

    Block coding and correlation decoding for an M-user weighted adder channel

    L. Györfi, I. Vajda

    Problems of Control and Information Theory, vol. 12, no. 6, 1983, pp. 405-417.

    Bibtex

    @article {
       author = {, István VAJDA},
       title = {Block coding and correlation decoding for an M-user weighted adder channel},
       journal = {Problems of Control and Information Theory},
       volume = {12},
       number = {6},
       year = {1983},
       pages = {405-417}
    }

    Abstract

    Decoding error probability of the Einarsson-code for frequency-hopped multiple access channel

    L. Molnár, I. Vajda

    Problems of Control and Information Theory, vol. 13, no. 2, 1983, pp. 109-120.

    Bibtex

    @article {
       author = {, István VAJDA},
       title = {Decoding error probability of the Einarsson-code for frequency-hopped multiple access channel},
       journal = {Problems of Control and Information Theory},
       volume = {13},
       number = {2},
       year = {1983},
       pages = {109-120}
    }

    Abstract

    1982

    Hibajavító kódolás és mûszaki alkalmazásai

    I. Vajda

    BME Mérnöktovábbképzõ Intézet, 1982.

    Bibtex

    @book {
       author = {István VAJDA},
       title = {Hibajavító kódolás és mûszaki alkalmazásai},
       publisher = {BME Mérnöktovábbképzõ Intézet},
       year = {1982}
    }

    Abstract

    1980

    Information transmission with intermediate storage under the special conditions of microcomputers

    S. Csibi, L. Györfi, Z. Györfi, I. Vajda

    Periodica Polytechnica, vol. 24, 1980, pp. 222-227.

    Bibtex

    @article {
       author = {, , , István VAJDA},
       title = {Information transmission with intermediate storage under the special conditions of microcomputers},
       journal = {Periodica Polytechnica},
       volume = {24},
       year = {1980},
       pages = {222-227}
    }

    Abstract

    Upper bound on the error probability of detection in non-Gaussian noise

    L. Györfi, I. Vajda

    Problems of Control and Information Theory, vol. 9, no. 3, 1980, pp. 215-224.

    Bibtex

    @article {
       author = {, István VAJDA},
       title = {Upper bound on the error probability of detection in non-Gaussian noise},
       journal = {Problems of Control and Information Theory},
       volume = {9},
       number = {3},
       year = {1980},
       pages = {215-224}
    }

    Abstract

    1979

    Remarks on a coding technique for asynchronous multiple access communication

    I. Vajda, I. Kerekes, L. Györfi, H. Gomez

    Problems of Control and Information Theory, vol. 9, no. 4, 1979, pp. 287-296.

    Bibtex

    @article {
       author = {István VAJDA, , , },
       title = {Remarks on a coding technique for asynchronous multiple access communication},
       journal = {Problems of Control and Information Theory},
       volume = {9},
       number = {4},
       year = {1979},
       pages = {287-296}
    }

    Abstract

    1978

    Adaptive Gaussian detection without a priori symbol synchronization

    I. Vajda

    Problems of Control and Information Theory, vol. 9, no. 2, 1978, pp. 133-140.

    Bibtex

    @article {
       author = {István VAJDA},
       title = {Adaptive Gaussian detection without a priori symbol synchronization},
       journal = {Problems of Control and Information Theory},
       volume = {9},
       number = {2},
       year = {1978},
       pages = {133-140}
    }

    Abstract

    Bayesian decision with rejection

    L. Györfi, Z. Györfi, I. Vajda

    Problems of Control and Information Theory, vol. 8, no. 5, 1978, pp. 445-452.

    Bibtex

    @article {
       author = {, , István VAJDA},
       title = {Bayesian decision with rejection},
       journal = {Problems of Control and Information Theory},
       volume = {8},
       number = {5},
       year = {1978},
       pages = {445-452}
    }

    Abstract

    1977

    A strong law of large numbers and some applications

    L. Györfi, Z. Györfi, I. Vajda

    Studia Scientiarum Mathematicarum Hungarica, vol. 12, 1977, pp. 233-244.

    Bibtex

    @article {
       author = {, , István VAJDA},
       title = {A strong law of large numbers and some applications},
       journal = {Studia Scientiarum Mathematicarum Hungarica},
       volume = {12},
       year = {1977},
       pages = {233-244}
    }

    Abstract