COMMUNICATIONS AND MULTIMEDIA SECURITY ISSUES OF THE NEW CENTURY

IFIP - The International Federation for Information Processing

IFIP was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress held in Paris the previous year. An umbrella organization for societies working in information processing, IFIP's aim is two-fold: to support information processing within its member countries and to encourage technology transfer to developing nations. As its mission statement clearly states,

IFIP's mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of information technology for the benefit of all people.

IFIP is a non-profitmaking organization, run almost solely by 2500 volunteers. It operates through a number of technical committees, which organize events and publications. IFIP's events range from an international congress to local seminars, but the most important are:

• The IFIP World Computer Congress, held every second year; • open conferences; • working conferences.

The flagship event is the IFIP World Computer Congress, at which both invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejection rate is high.

As with the Congress, participation in the open conferences is open to all and papers may be invited or submitted. Again, submitted papers are stringently refereed.

The working conferences are structured differently. They are usually run by a working group and attendance is small and by invitation only. Their purpose is to create an atmosphere conducive to innovation and development. Refereeing is less rigorous and papers are subjected to extensive group discussion.

Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of selected and edited papers.

Any national society whose primary activity is in information may apply to become a full member ofiFIP, although full membership is restricted to one society per country. Full members are entitled to vote at the annual General Assembly, National societies preferring a less committed involvement may apply for associate or corresponding membership. Associate members enjoy the same benefits as full members, but without voting rights. Corresponding members are not represented in IFIP bodies. Affiliated membership is open to non-national societies, and individual and honorary membership schemes are also offered.

COMMUNICATIONS AND MULTIMEDIA SECURITY ISSUES OF THE NEW CENTURY

IF/P TC6 I TC11 Fifth joint Working Conference on Communications and Multimedia Security (CMS'01) May 21-22,2001, Darmstadt, Germany

Edited by

Ralf Steinmetz jana Dittman Martin Steinebach German National Research Center for Information Technology Institute IPS/ Germany

...... ' ' SPRINGER SCIENCE+BUSINESS MEDIA, LLC

Library of Congress Cataloging-in-Publication Data

IFIP Joint TC6frC11 Working Conference on Communications and Multimedia Security (5th: 2001 : Darmstadt, Germany)

Comrnunications and multimedia security issues ofthe new century 1 IFIP TC6/TC11 Fifth Joint Working Conference on Communications and Multimedia Security (CMS'01), May 21-22, 2001, Darmstadt, Germany; edited by Ralf Steinmetz, Jana Dittman, Martin Steinebach.

ISBN 978-1-4757-4811-6 ISBN 978-0-387-35413-2 (eBook) DOI 10.1007/978-0-387-35413-2

1. Computer networks-Security measures-Congresses. 2. Multimedia systems­Security measures--Congresses. 3. Computer security--Congresses. 4. Cryptography­Congresses. 5. Computer network protoco1s-Congresses. I. Steinmetz, Ralf. II. Dittman, Jana. III. Steinebach, Martin. IV. Title.

TK5105.59 .!35 2001 005.8-dc21

Copyright© 2001 by Springer Science+Business Media New York Originally published by Kluwer Academic Publishers in 2001

2001029417

Ali rights reserved. No part ofthis publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, mechanical, photo-copying, recording, or otherwise, without the prior written permission of the publisher, Springer Science+Business Media, LLC.

Printed on acid-free paper.

by IFIP International Federation for Information Processing.

The original version of the book frontmatter was revised: The copyright line was incorrect. The Erratum to the book frontmatter is available at DOI: 10.1007/978-0-387-35413-2_36

Contents

Preface ix

Conference Committees Xl

Web Security

What You See Is What You Sign-Trustworthy Display of XML 3 Documents for Signing and Verification

K. SCHEffiELHOFER XML Electronic Signatures 15

G. KARLINGER An integrated secure Web architecture for protected 25 Mobile code distribution

M. JALALI-SOHI, R. FOKA, G. HACHEZ, A. BEITLICH Secure and anonymous multicast framework 39

N. WEILER, B. PLATTNER Vulnerabilities and Security Limitations of current IP Telephony 53 Systems

R. ACKERMANN, M. SCHUMACHER, U. ROEDIG, R. STEINMETZ

Watermarking I

Quantization Watermarking in the JPEG2000 Coding Pipeline 69 P.MEERWALD

Theoretic Performance Analysis of a Watermarking System based on 81 Bernoulli Chaotic Sequences

S. TSEKERIDOU, V. SOLACHIDIS, N. NIKOLAIDIS, A. NIKOLAIDIS, A. TEFAS, I. PITAS

Scalable Detection of Perceptual Watermarks in JPEG2000 Images 93 D. SIMITOPOULOS, N.V. BOULGOURIS, A. LEONTARIS M. G. STRINTZIS

xiii

xi

Vl

Cryptographic Algorithms

Collecting randomness from the net 105 B. BENCSATH, I. VAJDA

Encryption System Based on Neutral Network 117 CHOI-K. CHAN, CHI-K. CHAN, L-P LEE, L.M.CHENG

A Modified Chaotic Cryptographic Method 123 W. WONG, L. LEE; K. WONG

An Elliptic Curve Random Number Generator 127 L. LEE, K. WONG

Watermarking II

Conditional and User Specific Access to Services and 137 Resources Using Annotation Watermarks

J. DITTMANN, P. WOHLMACHER, R. ACKERMANN Large Scale distributed watermarking of multicast media 149 through encryption

R. PARVIAINEN, P. PARNES Copyright Protection Protocols Based on Asymmetric 159 Watermarking: The Ticket Concept

S. CRAVER, S. KATZENBEISSER Fingerprints for Copyright Protection* 395

S.ENCHEVA

System Security

Software Security Assessment through Specification Mutations and Fault Injection

R. KAKSONEN, M. LAAKSO, A. TAKANEN Asynchronous Large-Scale Certification Based on Certificate Verification Trees

J. DOMINGO-FERRER, M. ALBA, F. SEBE ACLA: A Framework for Access Control List (ACL) Analysis and Optimization

J. QIAN, S. HINRICHS, K. NAHRSTEDT Transparent Access To Encrypted Data Using Operating System Network Stack Extensions

E. RADEMER, S.D. WOLTHUSEN

*Included in "Last Minute Papers" section.

173

185

197

213

viii

vii

A PC Cryptographic Coprocessor Based on TI Signal Processor 383 And Smart Card System *

M. MARKOVIC, Z SA VIC, Z. OBRENOVIC, A. NIKOLIC

Watermarking ill

Optimization of Watermarking Performances Using Error Correcting 229 Codes and Repetition

S. ZINGER, Z. JIN, H. MAITRE, B. SANKUR Using Raw Speech as a Watermark, does it work?

P. NINTANAVONGSA, T. AMORNRAKSA

Multiple Security Aspects

241

Transferability in Coin Systems with Observers 255 C. FREMDT, H. NEUMANN

Secure iLearning 267 F.GRAF

Tree-based Multicast Key Agreement 283 J. SCHWENK, T. MARTIN, R. SCHAFFELHOFER

Security for the core network of third generation mobile systems 297 G. HORN, D. KROSELBERG, S. PUTZ, R. SCHMITZ

Secure Internet Phone 313 P. HORSTER, M. SCHAFFER, P. SCHARTNER, D. SOMMER

Posters

Secure Meeting Scheduling with AgenTa T. HERLEA, J. CLAESSENS, D. DE COCK, B. PRENEEL, J. VANDEWALLE

Virtual Hidden Network N. SHIN

Gaussian Pixel Weighting Mark in Amplitude Modulation of Color Image Watermarking with 8 Neighborhood Retrieval

R. PUERTPAN, P. NINTANAVONGSA, T. AMORNRAKSA

*Included in "Last Minute Papers" section.

327

339

351

ixxix

X

A Prepositioned Secret Sharing Scheme for Message Authentication in 363 Broadcast Networks

A. ESKICIOGLU Secure Service Centered Networking for Nomadic Usage 375

M.HOLLICK

Last Minute Papers 3 81

A Secure Authentication Infrastructure for Mobile 405 Communication Services over the Internet

I. DUPRE LA TOUR, G. v. BOCHMANN, J-Y CHOUINARD Blind Compressed-Domain Watermarking for 417 MPEG-encoded Videos

C-L WU, W-NLIE, T-CWANG Erratum to: Communications and Multimedia Security Issues E1 of the New Century

R. STEINMETZ, J. DITIMAN, M . STEINEBACH

Index of Contributors 428

Preface

The volume contains the papers presented at the fifth working conference on Communications and Multimedia Security (CMS 2001), held on May 21-22, 2001 at (and organized by) the GMD -German National Research Center for Information Technology GMD - Integrated Publication and Information Systems Institute IPSI, in Darmstadt, Germany. The conference is arranged jointly by the Technical Committees 11 and 6 of the International Federation of Information Processing (IFIP)

The name "Communications and Multimedia Security" was first used in 1995, Reinhard Posch organized the first in this series of conferences in Graz, Austria, following up on the previously national (Austrian) "IT Sicherheit" conferences held in Klagenfurt (1993) and Vienna (1994). In 1996, the CMS took place in Essen, Germany; in 1997 the conference moved to Athens, Greece. The CMS 1999 was held in Leuven, Belgium.

This conference provides a forum for presentations and discussions on issues which combine innovative research work with a highly promising application potential in the area of security for communication and multimedia security. State-of-the-art issues as well as practical experiences and new trends in the areas were topics of interest again, as it has already been the case at previous conferences. This year, the organizers wanted to focus the attention on watermarking and copyright protection for e­commerce applications and multimedia data. We also encompass excellent work on recent advances in cryptography and their applications.

In recent years, digital media data have enormously gained in importance. They are opening up new markets and realms of possibilities. Whenever digital data, respectively multimedia data, are transmitted, displayed or sold, they need to be protected from manipulation, forgery and theft. More elaborate attacks demand more sophisticated security technologies, which have to be optimized for the particular requirements of each application scenano.

The volume includes the following sections: "Web Security" addresses security issues of web protocols and applications. "Watermarking I", "Watermarking II" and "Watermarking III" present new approaches and recent results in the field of multimedia watermarking. "Cryptographic algorithms" provides new advances in security algorithm design. "System Security" introduces new ways in computer access security. "Multiple Security Aspects" include mobile security and internet telephony security among other communication security issues.

X

We would like to thank Fred Baker and Klaus Keus for the outstanding keynote speeches on emerging topics. We thank the Technical Program Committee for fmding experts to review submitted papers and reviewing papers themselves. We also thank the paper reviewers who spent many hours reviewing papers and providing valuable feedback to the authors. 58 paper were submitted (complying to the rules of high quality research papers) 31 were accepted as full paper, 5 as poster presentation. We would like to thank the sponsors of the CMS 2001, Ericsson, Microsoft Research and Platanista, and the co-sponsors lTG and IG for supporting the conference. The conference would not have been a success without the help of so many people who have our special thanks. A number of people deserve special thanks for helping with logistics of the conference. Yvonne Sobon has provided valuable assistance in planning and realizing the conference. Thanks to Anke Rinne and Simone Weckler for providing all graphics and text related to public relations as well as the invitations and Olaf Beier for technical support.

Chair: Ralf Steinmetz (Program Committee Chair) Co-Chair: Jana Dittmann (Program Committee Co-Chair) Martin Steinebach (Organising Committee Chair)

German National Research Center for fuformation Technology fustitute IPSI Dolivostr.15 64293 Darmstadt Germany

xii

Conference Committees

Program Committee

Chair: R. Steinmetz, GMD-IPSI, Germany Co-Chair: J. Dittmann, , GMD-IPSI, Germany

Members

J. Buchmann, TV-Darmstadt, Germany I. Cox, NEC Research Institut, USA E. Delp, Purdue University, USA J. Fridrich, Center for Intelligent Systems SUNY Binghamton, USA D. Gollmann, Microsoft Research, UK R. Grimm, TU Illmenau, Germany P. Horster; Universitaet Klagenfurt, Austria T. Kalker, Philips Research Eindhoven, The Netherlands K. Keus, BSI, Germany P. Kraaibeek, ConSecur, Germany D. Kundur, University ofToronto, Canada N. Memon, Polytechnic University Brooklyn, USA K. Nahrstedt, University of Illinois at Urbana-Champaign, USA G. Pemul, University of Essen, Germany F. Petitcolas, Microsoft, UK B. Preneel, Katholieke Universiteit Leuven, Belgium C. Schmidt, Software Professional GmbH & Co. KG, Germany J. Schwenk, T-Nova Telekom, Germany H. Tiehlmann, SIT GMD, Germany A. Tirkel, Scientific Technology, Australia P. Wohlmacher, Universitaet Klagenfurt, Austria R. Zuccherato, Entrust Technologies, Canada

Organising Committee

Chair: M. Steinebach, , GMD-IPSI, Germany

Members

E. Hauer, GMD-IPSI, Germany Y. Sobon, GMD-IPSI, Germany