|
||||||
|
||||||
| Workshop 2003: | |||
On November 15, 2003, the second CyberSecurity Workshop was held at Michigan State University. Below is the complete agenda and links to the PowerPoint presentations of each speaker. |
|||||||||||||||||||||||||||||||||||||||||||||||
| Keynote and Panel Welomce and Introductions: |
|||||||||||||||||||||||||||||||||||||||||||||||
|
Anthony S. Wojcik, Michigan State University Partnerships to Meet the Challenges of Cybersecurity The session theme will focus on the strategic needs for collaboration between business, government Keynote Speaker and Panelist: Survey of Public Private Partnerships for Critical Infrastructure Protection Richard Holmes, General Director Rick Holmes has been involved in establishing public private partnerships for infrastructure protection for the past four years. He will discuss a number of initiatives that have a genesis in Presidential Decision Directive 63 including the National Strategy to Secure Cyberspace, and the various Information Sharing and Analysis Centers. In addition, the events of 9/11 led to the establishment of the Department of Homeland Security which has critical infrastructure protection as part of its charter. Mr. Holmes will present the various projects that the National Infrastructure Advisory Council, the National Security Telecommunications Advisory Council, the Homeland Security Advisory Council and the Business Round Table have completed or initiated.
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Student poster display and discussions of current research in cybersecurity at MSU. | |||||||||||||||||||||||||||||||||||||||||||||||
| (See poster abstracts below) | |||||||||||||||||||||||||||||||||||||||||||||||
Moderator: Dan Kim, Michigan State University |
|||||||||||||||||||||||||||||||||||||||||||||||
| 1. | Multimedia Content Security |
||||||||||||||||||||||||||||||||||||||||||||||
| 2. | Multimodal Biometrics |
||||||||||||||||||||||||||||||||||||||||||||||
| 3. | Document Authentication using Online Signatures as Watermarks |
||||||||||||||||||||||||||||||||||||||||||||||
| 4. | Secure Group Communication |
||||||||||||||||||||||||||||||||||||||||||||||
| 5. | Physical Layer Built-in Security Analysis and Enhancement of CDMA Systems |
||||||||||||||||||||||||||||||||||||||||||||||
| 6. | SMF Parametric Speech Watermarking |
||||||||||||||||||||||||||||||||||||||||||||||
| 7. | Security and Privacy in WWAN Connection Sharing |
||||||||||||||||||||||||||||||||||||||||||||||
| 8. | Secure Service Discovery in Public Environments |
||||||||||||||||||||||||||||||||||||||||||||||
| 9. | Secure Prophet Address Allocation for MANETs |
||||||||||||||||||||||||||||||||||||||||||||||
| 10. | IDS Decision Logic Extension to Detection of Sequential Anomalies |
||||||||||||||||||||||||||||||||||||||||||||||
| 11. | Defending P2Ps from Overlay Flooding-based DDoS Attacks |
||||||||||||||||||||||||||||||||||||||||||||||
| 12. | Ensuring HIPAA Compliance and Security in Nursing Home Videoconferencing: Wireless Encryption, Biometric Security, and the Human Factor |
||||||||||||||||||||||||||||||||||||||||||||||
| 13. | Wireless Applications in Support of Physical Location Security: An Empirical Test in Shopping Mall Context |
||||||||||||||||||||||||||||||||||||||||||||||
| 14. | The Last Line of Defense: a Host-Based, Real-Time, Kernel-Level Intrusion Detection System |
||||||||||||||||||||||||||||||||||||||||||||||
| 15. | Robust Pervasive Computing Using a Kernel-Middleware eXchange (KMX) |
||||||||||||||||||||||||||||||||||||||||||||||
| 16. | Using Developmental Learning to Support Network Intrusion Detection |
||||||||||||||||||||||||||||||||||||||||||||||
| 17. | On the Encryption of JPEG / JPEG 2000 Images |
||||||||||||||||||||||||||||||||||||||||||||||
| 18. | Cross-Layer Secure Networking for Heterogeneous Complexity- Constrained Networks |
||||||||||||||||||||||||||||||||||||||||||||||
| 19. | Online Criminal Tracking and Investigations System |
||||||||||||||||||||||||||||||||||||||||||||||
| 20. | Dental Biometrics: Matching Dental X-rays for Human Identification |
||||||||||||||||||||||||||||||||||||||||||||||
| Faculty presentations on new opportunities in cybersecurity research. | |||||||||||||||||||||||||||||||||||||||||||||||
| (See presentation abstracts below.) | |||||||||||||||||||||||||||||||||||||||||||||||
| Moderator: Nora Rifon, Michigan State University | |||||||||||||||||||||||||||||||||||||||||||||||
| The Digital Millenium Copyright Act and Its Impact on Cybersecurity Peter Yu, Michigan State University Detroit College of Law |
|||||||||||||||||||||||||||||||||||||||||||||||
| Component Based Design of Fault-Tolerance and Security Sandeep Kulkarni, Dept. of Computer Science and Engineering |
|||||||||||||||||||||||||||||||||||||||||||||||
Promoting I-Safety: The Role of Psychological Factors in Determining Consumer Risk Assessment and Online Privacy Protection |
|||||||||||||||||||||||||||||||||||||||||||||||
| Private, Secure and User-Centric Service Discovery Matt Mutka, Dept of Computer Science and Engineering |
|||||||||||||||||||||||||||||||||||||||||||||||
Abstracts of Poster and Faculty Presentations |
|||||||||||||||||||||||||||||||||||||||||||||||
| 1. | Multimedia Content Security | ||
| Collaborators: Umut Uludag and Anil K. Jain (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: The security of multimedia data (e.g., image, video, audio) is becoming an important problem. Due to the widespread utilization of digital techniques in creation, editing and distribution of multimedia data and proliferation of Internet usage, illegal distribution of copyrighted digital material is a growing concern for content owners. Further, this piracy increases the overall costs for legitimate users. In this study, we summarize techniques that can be used for eliminating this problem. The advantages, limitations and application areas of the two of the most promising techniques, watermarking and encryption, are highlighted. A biometrics-based encryption framework that can eliminate the major problem associated with the classical cryptosystems, illegal key exchange, is presented. Further, it is possible to combine watermarking with the proposed framework to increase the multimedia security even further. |
|||
| 2. | Multimodal Biometrics | ||
| Collaborators: Karthik Nandakumar, Umut Uludag, and Xiaoguang Lu, and Anil K. Jain (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: Biometrics is rapidly gaining acceptance as the technology that can meet the ever increasing need for security in critical applications. Biometrics refers to the automatic recognition of individuals based on their physiological and/or behavioral characteristics. The traits that can be used for biometric recognition include fingerprint, hand- geometry, face, voice, iris, retina, gait, signature, palm-print and keystroke dynamics. Biometric systems that use a single trait for recognition are often affected by several practical problems like noisy sensor data, non-universality and/or lack of distinctiveness of the chosen biometric trait, and spoof attacks. Multimodal biometric systems alleviate some of these problems by combining evidences of the same identity obtained from different biometric sources. These sources include multiple sensors for the same biometric (e.g., optical and solid-state fingerprint sensors), multiple instances of the same biometric (e.g., fingerprints from different fingers of a person), multiple snapshots of the same biometric (e.g., four impressions of a user’s right index finger), multiple representations and matching algorithms for the same biometric (e.g., combining multiple face matchers like PCA and LDA), or multiple biometric traits (e.g., face and fingerprint). Multimodal biometric systems help in achieving higher recognition rates that may not be possible by using any single biometric indicator. In a multimodal biometric system, an effective fusion scheme is required to combine the multiple evidences and the consolidation of information can take place at the feature, matching score or decision level. Research in the Pattern Recognition and Image Processing (PRIP) lab focuses on some of the issues involved in developing efficient multimodal biometric systems like matching score normalization and user-specific weighting of the different biometric modalities. |
|||
| 3. | Document Authentication using Online Signatures as Watermarks | ||
| Collaborators: Anoop M. Namboodiri and Anil K. Jain (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: Authentication of digital documents is an important concern as digital documents replace the traditional paper-based documents. This is especially important when digital documents are exchanged over the Internet and can easily be accessed or modified by intruders. One of the well-known methods used for authentication of digital documents is the public key encryption-based authentication. However, the encryption-based method is not suitable for widespread distribution of a document since it needs to be decrypted by each recipient, before using it, or additional data should be tagged along with the document. An alternate approach uses digital watermarking to ascertain the source/origin of the document, where a signature string is embedded in the document in such a way that the contents of the document are not altered. Watermarking can also be used in conjunction with encryptionbased methods to provide an additional level of security in document authentication. This poster presents a watermarking-based solution, where an on-line signature of the author is embedded in the document. Since we use a biometric as the watermark, the recipients of the document can verify both the integrity of the document and the claimed identity of the author. |
|||
| 4. | Secure Group Communication | ||
| Collaborators: Bruhadeshwar Bezawada and Sandeep Kulkarni (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: Many network applications are group oriented. In these applications we need to secure the data from unauthorized access, either because the data is confidential or that the users are required to pay for it. To secure the data, a controller for the group generates a cryptographic key and distributes it to all the users. Thus, any communication encrypted with the group key can be understood only by the group users. Group communication is dynamic i.e. a user can join or leave the group during a session. To preserve secrecy, whenever group membership changes, the group controller changes the group key and distributes it to the group users. If the group key is not changed then the joining (respectively, leaving) user can access past (respectively, future) group communication. The group controller also updates other shared keys which are necessary for distributing the group key. We split up the rekeying cost into two parts: critical and non-critical. The critical cost is cost of distributing keys which are necessary to resume group communication and non-critical cost is the cost of updating the shared keys. We have developed a family of key management algorithms which examine the tradeoff between critical and non-critical costs. We have also developed routing techniques to distribute the keys to the group users such that the network bandwidth usage is reduced. |
|||
| 5. | Physical Layer Built-in Security Analysis and Enhancement of CDMA Systems | ||
| Collaborators: Qi Ling, Weiguo Liang, Tongtong Li (faculty), and Jian Ren (faculty) Affiliation: Department of Electrical and Computer Engineering |
|||
| Abstract: Historically developed for secure communication and military use, CDMA is now serving as one of the most widely used wireless airlink interface and has been identified as a major technique for 3G wireless communications. In addition to the wide bandwidth and low power spectrum density which make CDMA signals robust to narrow band jamming and easy to be concealed within the noise floor, the physical layer built- in information privacy of CDMA system is provided by pseudo-random scrambling. In our work, first, the security weakness of the operational IS-95 CDMA airlink interface is analyzed. Secondly, based on the advanced encryption standard (AES), we propose to enhance the physical layer built-in security of CDMA systems through secure scrambling. Performance analysis shows that while providing strong information privacy, CDMA system with secure scrambling has comparable computational complexity and system performance with that of the IS-95 system. Moreover, it is shown that by scrambling the training sequence and the message sequence separately with two independent scrambling sequences, both information privacy and system performance can be improved. |
|||
| 6. | SMF Parametric Speech Watermarking | ||
| Collaborators: Aparna Gurijala and J.R. Deller, Jr. (faculty) Affiliation: Department of Electrical and Computer Engineering |
|||
| Abstract: Speech watermarking strategies inevitably alter original signals content. Fidelity is adversely affected by increased perturbation while the robustness of the watermark to attack is generally improved. Parameter-embedded watermarking is effected through slight perturbations of parametric models of some deeply-integrated dynamics of the speech. Within this framework, a specific algorithm is presented in which the fidelity-robustness tradeoff can be objectively assessed and quantifiably adjusted according to specific measures. An overview of the general parameter-embedding strategy is followed by presentation of the featured algorithm, analysis of its properties, and experiments with speech data to assess fidelity, robustness, and other performance properties. |
|||
| 7. | Security and Privacy in WWAN Connection Sharing | ||
| Collaborators: Seung-Seok Kang, Danyu Zhu, and Matt W. Mutka (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: Continuous WWAN access for mobile devices may be limited by battery power and data telecommunication costs. Nearby mobile users may form a Cooperating ad Hoc network to support Messaging (CHUM) to share a single message notification channel to reduce power consumption and telecommunication charges. Several mechanisms are further taken in CHUM to improve the mobile user's security and provide privacy protection. Further research indicates that this approach could be exploited for general message/event notification services and other "always on, anywhere, mostly idle" services. In addition, CHUM network provides secure transmission mechanism of data from the Internet. All mobile devices share the same symmetric group key. The downloaded data from the Internet is encrypted using the key in order to discourage any free riders. The group key is generated and delivered only to the cooperating mobile devices by the associated CHUM servers through the private WWAN channel. |
|||
| 8. | Secure Service Discovery in Public Environments | ||
| Collaborators: Feng Zhu, Matt Mutka (faculty), and Lionel Ni(faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: Securely accessing unfamiliar services in public environments using ad hoc wireless networks is challenging. We present a proxy-based approach that uses other existing network channels to set up a secure and trust relationship between communication parties to facilitate ad hoc wireless communications. Based on a service discovery protocol, our models achieve secure, trusted, anonymous, efficient, and economical communications between unfamiliar parties. Our protocols are formally verified using BAN logic. |
|||
| 9. | Secure Prophet Address Allocation for MANETs | ||
| Collaborators: Hongbo Zhou, Matt Mutka (faculty), and Lionel Ni(faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: A mobile node in a MANET must be assigned a free IP address before it may participate in unicast communication. This is a fundamental and difficult problem in the practical use of any MANET. There have been several solutions proposed, amo ng which prophet address allocation outperforms others in terms of communication overhead, latency, and scalability. However, none of the approaches can survive attacks in an insecure environment, especially in the presence of IP spoofing attacks. Based on studies of insecure scenarios, attack schemes, and our previous work, we proposed a secure autoconfiguration algorithm, namely secure prophet address allocation. The proposed approach is able to maintain uniqueness of address assignment in the presence of DoS attacks, IP spoofing attacks, and "state pollution" attacks. The survivability of our scheme is supported by theoretical analysis and simulation results. |
|||
| 10. | IDS Decision Logic Extension to Detection of Sequential Anomalies | ||
| Collaborators: Alexander L. Chobanyan, Matt W. Mutka (faculty), Philip K .McKinley(faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: An Intrusion Detection System (IDS) is an important layer in up-to-date defense models for information systems. An IDS is expected to detect and report known intrusions or computer misuse attempts, as well as all types of activity considered to be anomalous for a particular system. The development of an efficient anomaly detection system is an important goal of an IDS since an anomaly detection approach requires no preliminary knowledge about intrusion or misuse signatures in order to detect them. Nevertheless, the inherent inconsistency of human behavior imposes a probabilistic condition on anomaly detection and consequently makes highly-assured anomaly detection a complicated problem. Present statistical approaches to anomaly detection deploy a wide spectrum of statistical models. Nevertheless, they have limited capabilities for detecting sequential anomalies. We analyze an application of a time-series statistical model to sequential anomaly detection. In particular, we analyze various types of network-level script-generated anomalies that may be detected by considering "time-periodicity" characteristics that are natural for many scriptgenerated malicious network event sequences. We apply a time-domain approach to a security-sensitive random signal analysis. Suspicious dependencies between observations are detected with the help of a ampleautocorrelation functio n (ACF). Experimental work on sequential network anomaly detection has been performed by using traces of "attack-free traffic" provided by CS department of University of California, Los Angeles and traces from the 1999 MIT Lincoln Lab DARPA IDS evaluation dataset. |
|||
| 11. | Defending P2Ps from Overlay Flooding -based DDoS Attacks | ||
| Collaborators: Yunhao Liu, Xiaomei Liu, and Li Xiao (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: The emerging peer-to-peer (P2P) model has recently been gained a significant attention due to its high potential of sharing various resources among networked users, where each peer acts as both a resource provider and a consumer. Unstructured P2P systems are most commonly used in practice, in which peers are connected in an ad hoc fashion and file placement is random. A flooding-based search mechanism where a query is broadcast and rebroadcast, is often used in unstructured P2P systems. Although flooding-based search mechanism is simple and easy to be implemented, it is vulnerable for overlay distributed denial-of-service (DDoS) attacks. Most previous techniques protect networks from networklayer DDoS attacks, and cannot be applied to overlay DDoS attacks. Overlay flooding-based DDoS attacks can be more damaging in that a small number of messages is inherently propagated to consume a large amount of bandwidth and computation resources. We propose a distributed and scalable method to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. The effectiveness and overhead of the proposed method will be evaluated by comprehensive simulation studies. |
|||
| 12. | Ensuring HIPAA Compliance and Security in Nursing Home Videoconferencing: Wireless Encryption, Biometric Security, and the Human Factor |
||
| Collaborators: Michael Scott Mackert and Pam Whitten (faculty) Affiliation: Department of Telecommunication |
|||
| Abstract: It is well known that rural healthcare providers face a variety of challenges in providing quality healthcare services in a cost-effective manner. Novel technical solutions that can help improve care generate excitement, but security and privacy concerns related to these technical solutions often take a backseat in projects exploring the feasibility of a new technology to aid in the provision of health services. A new project is beginning that will use Tablet PCs to provide videoconferencing to the bedsides of nursing home residents in rural nursing homes. This will be accomplished over a wireless network that will tie the Tablet PCs to an ISDN line dedicated to videoconferencing. This poster focuses on some of the relevant security issues of wireless networks, particularly in a healthcare setting where HIPAA concerns must be considered. A summary of potential security concerns related to human error and behavior are also discussed. Finally, a summary of possible methods to address wireless security weaknesses and human errors offers a strategy to ensure that patient security and privacy are protected in this research project. |
|||
| 13. | Wireless Applications in Support of Physical Location Security: An Empirical Test in Shopping Mall Context |
||
| Collaborators: Zoo Hyun Chae, Doohwang Lee, Charles Steinfield (faculty),
Pam Whitten (faculty), Dan J. Kim (faculty) Affiliation: Department of Telecommunication |
|||
| Abstract: The convergence of affordable multimedia capabilities with local and wide area wireless data networking on handheld devices is a particularly important trend. Using offthe- shelf technology, we conducted a simple experiment that required subjects to engage in a person-identification task while posing as security agents in field setting. Subjects attempted to identify a target person in a public setting under different conditions with or without the aid of video information distributed to them via wireless-enabled multimedia PDAs. We develop expectations based on previous research in the areas of social presence, information richness, and the role of video in grounding. Our findings suggest new directions for research on this new generation of video-enabled devices. |
|||
| 14. | The Last Line of Defense: a Host-Based, Real-Time, Kernel-Level Intrusion Detection System |
||
| Collaborators: Tim Westran, Mike Mack, Richard Enbody (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: This paper describes a variation of a kernel-level Intrusion Detection System (IDS). In particular, it is real time so it could be described as an intrusion prevention system. In addition to looking at system calls as others have done, we also look at arguments to system calls as well as Process IDs (PIDs) and parent PIDs. Also, we focus on the “lowestcommon-denominator” of attacks: elevation of privileges. Together, that focus and enrichment of the data dramatically reduces false positives—in fact, false positives have been eliminated for the attacks we have tested. Since our focus captures a class of host intrusions our technique will also flag unknown but related attacks. We tested the IDS with a variety of intrusions on a Linux machine while in use by a user and flagged in real time all the intrusions with no false positives. |
|||
| 15. | Robust Pervasive Computing Using a Kernel-Middleware eXchange (KMX) | ||
| Collaborators: Farshad A. Samimi and Philip K. McKinley (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: Pervasive computing systems, including smart spaces and sensor networks, require software that can tolerate highly dynamic operating conditions and changing security policies. The KMX project investigates the interaction between middleware and the operating system kernel to achieve this goal. The middleware layer is an intermediary between applications and operating system, and thus it is an appropriate place to deploy most of the adaptation. On the other hand, the operating system manages essential system resources which are not available from upper layers. KMX uses a cross- layer approach to adaptation that exploits the strengths of both layers by defining appropriate interfaces and enabling cross-layer communication of relevant events and the corresponding responses. To validate the proposed methods and facilitate technology transfer, the KMX project includes experimental case studies on a mobile computing testbed. The results of this project will support the development of next generation computing systems that provide users with anytime, anywhere connectivity. This adaptive mobile computing technology can also be used to help protect critical infrastructures such as nuclear power plants, oil refineries, and airports. In these environments, correctly adapting to changing conditions and responding to security threats can directly benefit public safety. |
|||
| 16. | Using Developmental Learning to Support Network Intrusion Detection | ||
| Collaborators: Dave Knoester, Eric Kasten, Philip McKinley (faculty), Juyang Weng (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: Network-based intrusion detection systems have typically relied upon either misuse- or anomaly-based mechanisms. Misuse detection systems, utilizing an attack signature database or via state-analysis, are quite accurate at detecting known attacks, and quite poor at detecting zero-day, or unknown, attacks. Anomaly detection systems are able to detect zero-day attacks, while at the same time suffering from a high false-positive rate. Obviously, misuse and anomaly detection systems must be used in concert to provide an effective network-based intrusion detection system.By utilizing Hierarchical Discriminant Regression (HDR), an algorithm developed for machine learning, we are able to perform both misuse and anomaly detection within the same framework, combining the strengths of these two approaches and mitigating their shortcomings. As a by-product of using HDR for network intrusio n detection, we are able to calculate the degree of similarity between different attack classes, as well as determining the discriminating characteristics between normal and intrusive network traffic. |
|||
| 17. | On the Encryption of JPEG / JPEG 2000 Images | ||
| Collaborators: Aparna Gurijala, Syed A. Khayam, Hayder Radha (faculty), J.R. Deller, Jr. (faculty) Affiliation: Department of Electrical and Computer Engineering |
|||
| Abstract: Advances in network communications have necessitated secure local-storage and transmission of multimedia content. The work involves the application of a pre- filter based encryption technique to uncompressed digital images. We investigate encryption performance in the context of JPEG and JPEG 2000 compression standards. The pre- filter employs pseudo random keys to scramble phase information and thus effect encryption. The resulting image is Gaussian distributed. Experiments were performed to study the impact of encryption on compression efficiency for various JPEG and JPEG 2000 bit-rates. Efforts are being made to maintain compression performance in the presence of encryption. To this end, the effect of linear signal transformations on Gaussian encrypted images is being studied. One of the main objectives is to understand the security-compressio n trade-off for various operating conditions. |
|||
| 18. | Cross-Layer Secure Networking for Heterogeneous Complexity-Constrained Networks | ||
| Collaborators: Syed Ali Khayam and Hayder Radha (faculty) Affiliation: Department of Electrical and Computer Engineering |
|||
| Abstract: In this work, we propose a novel method of secure multimedia distribution for networks with heterogeneous node resources. In particular, and due to their growing promise and imminent security threat, we address the problem of multicast media distribut ion over 802.11b wireless ad hoc networks. Ad hoc networks generally comprise of wireless nodes with assorted resources ranging from high-end laptop machines to complexity-constrained handheld devices. In such a mixed-resource environment, application of homogeneous security policies to serve all the nodes is quite impractical. Furthermore, traditional security schemes at different layers of the protocol stack operate without any assumption about the nature of the payload content and the security being rendered by layers above or below them. Therefore, and due in part to the fact that partial encryption can remove perceptual intelligibility from the multimedia content, we propose a new cross- layer security framework to provide a resource-oriented level of security to different nodes in the network. Specifically, we propose the use of integrated encryption at different layers of the wireless protocol stack, i.e., Wired-Equivalent Privacy (WEP) at the link- layer, transport mode IP Security (IPSec) at the network-layer, and partial multimedia encryption at the application- layer. This integrated security will define the complexity upper bound and can only be employed by nodes without any resource constraints. In order to mitigate the complexity for resource-constrained devices, we propose the concept of security scalars, which are high-end wireless stations with considerable resources, to progressively reduce the encryption overhead at each layer. Specifically, a security scalar performs a certain level of decryption (based on the complexity of the nodes surrounding it) and then redistributes the multimedia to its neighbors. These security scalars may or may not be a part of the multicast tree which is the intended multimedia recipient. Note that the efficacy of this scheme is dependent on the availability of complexity information at each security scalar. Toward that end, we propose a variant of the Ad Hoc On Demand Distance Vector Routing (AODV) protocol that (among other routing table parameters) propagates comple xity information along the route. |
|||
| 19. | Online Criminal Tracking and Investigations System | ||
| Collaborators: Qiang Xue, Andrew Robinson, Sandra Hoffman (associate director), Judith Collins (faculty, director) Affiliation: (Faculty) School of Criminal Justice and Identity Theft University-Business Partnership, (Students) Computer Science and Engineering |
|||
| Abstract: The Online Criminal Tracking and Investigation System (OCTIS) is a web-based database system used for tracking and investigating criminal cases. OCTIS is a two part system comprised of a URL database and a Criminal Case database. The URL database contains links collected and categorized by criminology experts. These links can be searched by labels, summaries or categories. The Meta Search, a unique feature of the system, provides the ability to select a set of websites (online databases) and search them all simultaneously for the same information. The Criminal Case database contains information from past and current investigations. This database allows law enforcement officials to collaborate on investigations that cross jurisdictional boundaries. These cases contain information of witnesses, perpetrators, and victims cross referenced to allow an officer to retrieve all cases related to a particular ind ividual. The database can be searched using any information that is known about the case. The system also allows the officers to supplement each other's existing cases with new information. |
|||
| 20. | Dental Biometrics: Matching Dental X-rays for Human Identification | ||
| Collaborators: Hong Chen and Anil K. Jain (faculty) Affiliation: Department of Computer Science and Engineering |
|||
| Abstract: The main purpose of forensic dentistry is to identify deceased individuals, for whom other cues of identification (e.g., fingerprint, face, etc) are not available. Dental biometrics is to automate this process using image processing and pattern recognition techniques. Specifically, given a postmortem (PM) radiograph, we search a database of antemortem (AM) radiographs to retrieve the closest match with respect to some salient features. Currently we use the tooth contours as the feature for matching. The process involves three stages: radiograph segmentation, contour extraction and contour matching. The stage of the radiograph segmentation is to segment a dental radiograph into blocks, so that each block will contain a tooth. The regions of interest (ROI) for the contour extraction are formed based on the segmentation. The contour extraction stage employs the method of pixel classification, for which a probabilistic model is used to describe the distribution of the intensities of tooth pixels. During contour matching, a matching distance for two sets of teeth contours will be computed, and a candidate list is generated according to the matching distances, which can be examined in detail by human experts. |
|||
| FACULTY PRESENTATIONS | |||
| . | Peter Yu MSU Detroit College of Law |
||
| The Digital Millennium Copyright Act and Its Impact on Cybersecurity Research | |||
| In 1998, Congress enacted the Digital Millennium Copyright Act (DMCA) to strengthen copyright protection in the digital medium. The statute includes an anti-circumvention provision, which prohibits the circumvention of encryption technology copyright holders use to protect their creative works and the dissemination of information concerning how to defeat copy-protection technologies. Although the DMCA includes various exemptions, including one for encryption research, the statute poses significant challenges to cybersecurity research. This presentation discusses these challenges and the ramifications of the DMCA in the area. | |||
| . | Sandeep Kulkarni Computer Science and Engineering |
||
| Component Based Design of Fault-Tolerance and Security | |||
| Today's computer systems need to be fault-tolerant to different types of faults and secure to different security threats. Also, the fault-tolerance and security requirements often evolve after the system is deployed. It is, therefore, important to separate the functionality of a system from its fault-tolerance and security aspects so that fault-tolerance and security can be enhanced while reusing functionality. In the context of fault-tolerance, we have developed component-based methods that identify a set of fault-tolerance components that achieve the separation between functionality and fault-tolerance. We have studied how these fault-tolerance components can be used for achieving dynamic adaptation where the fault-tolerance requirements of application vary at run-time. Furthermore, we have used these components in automating the design of fault-tolerant systems. In the context of security, we have developed scalable security distribution protocols for wireless sensor networks. These protocols provide a level of adaptation based on the sensor capabilities. In this context, we have also developed adaptive algorithms for key management ingroup communication. These protocols allow us to change the key arrangement among users in a group based on their needs, application requirements and environment changes. We plan to apply the security protocols developed in the context of cyber security, apply the lessons learned in separating concerns while designing fault-tolerant programs into the design of secure programs, and combine security issues with high- level requirements (including legal requirements). | |||
| . | Robert LaRose and Nora Rifon Department of Telecommunication, Information Studies, and Media Department of Advertising |
||
| Promoting I-Safety: The Role of Psychological Factors in Determining Consumer Risk Assessment and Online Privacy Protection | |||
| The devastating attacks of the SoBig.F virus and Blaster worm in the summer of 2003 highlighted the importance of enlisting individual Internet users to protect both themselves and the network commons. Consumers are called upon to update virus protection, mind their security settings, download patches, install firewalls, screen e-mail, shut down spyware, control cookies, employ encryption, fend off browser hijackers, and block popups. These efforts entail managing the release of personal information while deflecting unwanted intrusions, coinciding with two underlying dimensions of consumer privacy. Online privacy may thus be defined in behavioral terms as actions that prevent unwanted disclosures and intrusions while using the Internet. Although consumers voice fears about online privacy, their concerns seem to have little impact on online behavior. Consumer misinformation about the true risks of online disclosures as well as individual differences in privacy involvement and privacy self-efficacy may account for the apparent paradox. In our work, consumer risk was manipulated through warning labels placed on test privacy statements and their effects examined in relation to the presence of privacy seals and the involvement and self- efficacy of the respondents. Privacy warnings reduced the amount of personally identifying information respondents were willing to disclose and their intentions to buy products from those sites, but only for those with low self-efficacy. Privacy seals increased personal information disclosures among those with high privacy self-efficacy and low privacy involvement and among those with low selfefficacy and high involvement. The findings support the value of incorporating psychological constructs into a model of online privacy and protection behaviors that promote I-safety. Understanding the psychological aspects of consumer privacy and privacy protection is the first step toward educating or empowering Internet users to understand and interact with systems in knowledgeable, self-protecting ways. A model will be presented that focuses on the role of psychological variables determining privacy behaviors and implications for secure systems in different sectors. | |||
| . | Matt Mutka Computer Science and Engineering |
||
| Private, Secure and User-Centric Service Discovery | |||
| Service Discovery as an essential element in pervasive computing environments is widely accepted. Much active research on service discovery has been conducted, but privacy has been ignored and may be sacrificed. While it is essential that legitimate users should be able to discover services of which they have credentials, it is also necessary that services be hidden from illegitimate users. Since service information, service provider's information, service requests, and credentials to access services via service discovery protocols may be sensitive, we may want to keep them private. Existing service discovery protocols do not solve these problems. We introduce our research in the area of security and private service discovery, as well as tie the activity with secure ad hoc networking for pervasive environments. This presentation touches several issues, such as privacy, trust, secure networking, and social interactions while using pervasive computing devices. These issues are avenues to expand current collaborative activities with Electrical and Computer Engineering, Telecommunications, College of Human Medicine, and School of Criminal Justice. | |||