Collaborative intrusion detection framework : characteristics, adversarial opportunities and countermeasures

Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.

Effective emergency messaging during natural disasters: An application of message compliance theories

Study/Objective This research examines the types of emergency messages used in Australia during the response and early recovery phases of a natural disaster. The aim of the research is to develop theory-driven emergency messages that increase individual behavioural compliance during a disaster. Background There is growing evidence of non-compliant behaviour in Australia, such as refusing to evacuate and travelling through hazardous areas. This can result in personal injury, loss of life, and damage to (or loss of) property. Moreover, non-compliance can place emergency services personnel in life-threatening situations when trying to save non-compliant individuals. Drawing on message compliance research in psychology and sociology, a taxonomy of message types was developed to ascertain how emergency messaging can be improved to produce compliant behaviour. Method A review of message compliance literature was conducted to develop the taxonomy of message types previously found to achieve compliance. Seven categories were identified: direct-rational, manipulation, negative phrasing, positive phrasing, exchange appeals, normative appeals, and appeals to self. A content analysis was then conducted to assess the emergency messages evident in the Australian emergency management context. The existing messages were aligned with the literature to identify opportunities to improve emergency messaging. Results & Conclusion The results suggest there is an opportunity to improve the effectiveness of emergency messaging to increase compliance during the response and early recovery phases of a natural disaster. While some message types cannot legally or ethically be used in emergency communication (e.g. manipulative messaging), there is an opportunity to create more persuasive messages (e.g. appeals to self) that personalise the individual’s perception of risk, triggering them to comply with the message.

Password Based Server Aided Key Exchange

We propose a new password-based 3-party protocol with a formal security proof in the standard model. Under reasonable assumptions we show that our new protocol is more efficient than the recent protocol of Abdalla and Pointcheval (FC 2005), proven in the random oracle model. We also observe some limitations in the model due to Abdalla, Fouque and Pointcheval (PKC 2005) for proving security of such protocols.

Exchange relationships in building services maintenance activity : a test of transaction cost economics and the resource dependency view

The firm is faced with a decision concerning the nature of intra-organizational exchange relationships with internal human resources and the nature or inter-organizational exchange relationships with market firms. In both situations, the firm can develop an exchange that ranges from a discrete exchange to a relational exchange. Transaction Cost Economics (TCE) and the Resource Dependency View (RDV) represent alternative efficiency-based explanations fo the nature of the exchange relationship. The aim of the paper is to test these two theories in respect of air conditioning maintenance in retail centres. Multiple sources of information are genereated from case studies of Australian retail centres to test these theories in respoect of internalized operations management (concerning strategic aspects of air conditioning maintenance) and externalized planned routine air conditioning maintenance. The analysis of the data centres on pattern matching. It is concluded that the data supports TCE - on the basis of a development in TCE's contractual schema. Further research is suggested towards taking a pluralistic stance and developing a combined efficiency and power hypothesis - upon which Williamson has speculated. For practice, the conclusions also offer a timely cautionary note concerning the adoption of one approach in all exchange relationships.

Universally composable contributory group key exchange

We treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. We define an ideal functionality for GKE that captures contributiveness in addition to other desired security goals. We show that an efficient two-round protocol securely realizes the proposed functionality in the random oracle model. As a result, we obtain the most efficient UC-secure contributory GKE protocol known.

Modeling key compromise impersonation attacks on group key exchange protocols

A key exchange protocol allows a set of parties to agree upon a secret session key over a public network. Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for the case of GKE protocols. We first model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure even against outsider KCI attacks. The attacks on these protocols demonstrate the necessity of considering KCI resilience for GKE protocols. Finally, we give a new proof of security for an existing GKE protocol under the revised model assuming random oracles.