international journal of security (ijs), volume (3): issue (6)

8/8/2019 International Journal of Security (IJS), volume (3): Issue (6)

1/24


2/24

International Journal of

Security (I JS)

Volume 3, Issue 6, 2010

Edited ByComputer Science Journals

www.cscjournals.org


3/24

Editor in Chief Dr. Wei Wang

International Journal ofSecurity (I JS)

Book: 2010 Volume 3, Issue 6

Publishing Date: 31-01-2010

Proceedings

ISSN (Online): 1985-2320

This work is subjected to copyright. All rights are reserved whether the whole or

part of the material is concerned, specifically the rights of translation, reprinting,

re-use of illusions, recitation, broadcasting, reproduction on microfilms or in any

other way, and storage in data banks. Duplication of this publication of parts

thereof is permitted only under the provision of the copyright law 1965, in its

current version, and permission of use must always be obtained from CSC

Publishers. Violations are liable to prosecution under the copyright law.

IJS Journal is a part of CSC Publishers

http://www.cscjournals.org

IJS Journal

Published in Malaysia

Typesetting: Camera-ready by author, data conversation by CSC Publishing

Services CSC Journals, Malaysia

CSC Publishers


4/24

Editorial Preface

This is the sixth issue of volume three of The International Journal of Security(IJS). The Journal is published bi-monthly, with papers being peer reviewedto high international standards. The International Journal of Security is not

limited to a specific aspect of Security Science but it is devoted to thepublication of high quality papers on all division of computer security ingeneral. IJS intends to disseminate knowledge in the various disciplines ofthe computer security field from theoretical, practical and analytical researchto physical implications and theoretical or quantitative discussion intendedfor academic and industrial progress. In order to position IJS as one of thegood journal on Security Science, a group of highly valuable scholars areserving on the editorial board. The International Editorial Board ensures thatsignificant developments in computer security from around the world arereflected in the Journal. Some important topics covers by journal are Accesscontrol and audit, Anonymity and pseudonym, Computer forensics, Denial of

service, Network forensics etc.

The coverage of the journal includes all new theoretical and experimentalfindings in the fields of computer security which enhance the knowledge ofscientist, industrials, researchers and all those persons who are coupled withcomputer security field. IJS objective is to publish articles that are not onlytechnically proficient but also contains information and ideas of fresh interestfor International readership. IJS aims to handle submissions courteously andpromptly. IJS objectives are to promote and extend the use of all methods in

the principal disciplines of computer security.

IJS editors understand that how much it is important for authors andresearchers to have their work published with a minimum delay aftersubmission of their papers. They also strongly believe that the directcommunication between the editors and authors are important for thewelfare, quality and wellbeing of the Journal and its readers. Therefore, allactivities from paper submission to paper publication are controlled throughelectronic systems that include electronic submission, editorial panel andreview system that ensures rapid decision with least delays in the publicationprocesses.

To build its international reputation, we are disseminating the publication

information through Google Books, Google Scholar, Directory of Open AccessJournals (DOAJ), Open J Gate, ScientificCommons, Docstoc and many more.Our International Editors are working on establishing ISI listing and a goodimpact factor for IJS. We would like to remind you that the success of our

journal depends directly on the number of quality articles submitted forreview. Accordingly, we would like to request your participation bysubmitting quality manuscripts for review and encouraging your colleagues tosubmit quality manuscripts for review. One of the great benefits we can


5/24

provide to our prospective authors is the mentoring nature of our reviewprocess. IJS provides authors with high quality, helpful reviews that areshaped to assist authors in improving their manuscripts.

Editorial Board MembersInternational Journal of Security (IJS)


6/24

Editorial Board

Editor-in-Chief (EiC)

Dr. Wei Wang

Norwegian University of Science and Technology (NTNU)(Norway)

Associate Editors (AEiCs)

Dr.Elena Irina Neaga

Loughborough University (United Kindom)

Editorial Board Members (EBMs)

Dr. Jianguo DingUniversity of Science and Technology (Norway)

Dr.Lei Chen

Sam Houston State University (United States America)

Dr. Zhen ZhuJohnson Controls, Inc (United State of America)


7/24

Table of Contents

Volume 3, Issue 6, January 2010.

Pages

1 - 10 A Secure Communication Model for Voting Application UsingMultiple Mobile AgentsDattatraya Adane, Shailesh Sathe

International Journal of Security (IJS) , Volume (3) : Issue (6 )


8/24

D.S.Adane & S.R.Sathe

International Journal of Security (IJS), volume (3): Issue (6) 1

A Secure Communication Model for Voting Application UsingMultiple Mobile Agents

D.S.Adane [email protected] of Information Technology,Shri Ramdeobaba Kamla Nehru Engineering College,Nagpur, INDIA.

S.R.Sathe [email protected] Science and Engineering Department,Visvesvaraya National Institute of Technology,Nagpur, INDIA.

Abstract

Communicating with confidential data requires special attention in a Mobile

Agents environment, especially when the other hosts must be prevented fromeavesdropping the communication. We propose a communication model forsecured communication between the agents belonging to different entities for aweb based application like voting involving multiple agents. We have usedBRAHMS agent modeling, simulation and execution environment for thepurpose. Data confidentiality is ensured using our on the fly Encryption-Decryption sequence using ElGamal system. We also explain how thehomomorphic property of ElGamal scheme can be integrated with our model.Our minimal simulation results using BRAHMS give a faithful picture of the stateof the agents as they move around the different servers and exchange data withother agents.

Keywords:Mobile Agents, ElGamal, Confidentiality.

1. INTRODUCTION

Mobile agentsare programs that can migrate from host to host in a network, at times andto places of their own choice. The state of the running program is saved, transported to the newhost, and re- stored, allowing the program to continue where it left off. Mobile-agent systemsdiffer from process migration systems in that the agents move when they choose, typicallythrough a jump or go statement, whereas in a process-migration system the system decideswhen and where to move the running process (typically to balance CPU load). Mobile agentsdiffer from applets, which are programs downloaded as the result of a user action and executed

from beginning to end on one host. Mobile agents are an effective choice for many applications,for several reasons [1], including improvements in latency and bandwidth of client-serverapplications and reducing vulnerability to network disconnection.

Mobile agents can travel to different hosts and it is often not known beforehand where theagent will migrate to. When located at an agent platform, the agent may need to communicatewith other agents. The problem of confidential communication between agents is addressed inthis paper with respect to a typical agent model of working. In this model, confidentialcommunication is especially difficult to achieve as the agent platform cannot be considered astrustworthy. Privacy during communication can be seen as preventing a third party from being


9/24



able to eavesdrop on the communication. In the agent model, this includes the agent platform.Many solutions have been proposed on protecting mobile software agents against untrustworthyhosts by providing confidentiality. The proposed solutions can be divided into two categories,either they protect the data the agent owns or collects, or they provide a solution towards theprotection of the agents code. Data protection is, for example, necessary when the agent collectsdata during the execution of its task, as this data should only be accessible to authorized entities.In [2], Karjoth et al. define a number of security properties that define the protection of datacollected by an agent against an attacker. The collected data exists of a chain of encapsulatedsmall pieces of data and these security properties can be among others: data confidentiality,forward privacy, forward integrity, or non-repudiability. A number of solutions have been proposedthat offer (a subset of) these properties, see [2], [3], [4], [5]. These solutions are based on publickey encryption, digital signatures, and hash chaining. In [6], flaws in some of these protocols areidentified. The second part of protection of mobile agents against untrustworthy hosts isprotection of the code itself. Protection of the code means providing the code with securityproperties such as integrity and confidentiality. When an agents code is executed, there shouldbe a guarantee that the code is executed correctly. Tools like cryptographic traces [10] and proofsof correctness [4], [11] have been proposed. These solutions are generalized in [12] by using theconcept of reference states. Confidentiality of code can be achieved by using tools as codeobfuscation [13]. Although in theory this is impossible [14], it may provide an adequate level ofprotection for a limited amount of time. Furthermore, function hiding provides a cryptographic way

to achieve confidentiality for agents code [15], [16], [17].

These solutions provide various levels of protection to an agent against a malicious host,but the subject of secure communication is not addressed. Tools like protection of computationresults or function hiding can be used to prevent the malicious host from accessing the agentscontent or actions. However, when the communication between agents is not protected againstthe host, the host may still be capable of obtaining relevant information about the agent.

1.1 Problem Statement

Within the context of the agent privacy model, the problem is defined as providing aconfidential communication between agents, where the confidential data to be communicated isstored securely in the agent. Beforehand it is not known with whom the agent will communicate.

Confidential communication means that at all time, no third parties can eavesdrop successfully onthe communication, not even the agent platform. The condition that confidential data is storedsecurely in the agent is added, because if that is not the case, the agent platform is capable ofreading data even before communication starts and securing the communication would then bean empty gesture. The condition is added explicitly to the problem statement as it is the startingposition of the problem and will be of great importance to the validity of proposed solutions.Confidential data that is stored in a software agent is usually protected by means of encryption.Taking the untrustworthy host into account requires ensuring that at no point in time the data isavailable to the host in clear text. Note that within the agent privacy model, it is assumed thathosts do not conspire. Two solutions are given here that demonstrate the complexity of theproblem.

A first naive approach is having the agent send the stored encrypted data directly to the

communicating partner, and having it transfer in some way the key. The advantage is that at notime during communication the data appears in clear text. However, each piece of data must beencrypted separately to avoid one communicating partner from having access to more data thanhe is entitled to. Encrypting each block of data separately is very inefficient and impractical, as itis necessary to transmit a key for each piece of data. The key must be transmitted in a securemanner, which means that the problem has shifted from protecting the data to a key exchangeproblem where many keys (one for each type of data) must be transmitted confidentially. Asimpler solution would be encrypting the data during the setup of the agent using thecommunicating partners key. However, as in advance it is not known with whom the agent will


10/24



communicate, this is not possible. Obviously, this approach to provide confidentiality duringcommunication is not practical.

In the second approach, each piece of data is encrypted only once to keep the agent assmall as possible in terms of stored data, and at the moment of communication the data is to betransformed such that only the receiving party is able to decrypt the message. Here, we describethis approach for the case where all encryptions are done using a public key algorithm. A similarsolution can be described for a symmetric algorithm. The public key of the agent is used toencrypt the information, and its private key is used to decrypt it. Figure 1 shows the procedure forencrypting information for storage in the agent and making the data ready to be sent to thecommunicating partner. The first step is to encrypt the data that must be kept confidential usingthe agents public key pk1: Epk1(data). This operation can be performed at the users computerand the result can then be stored in the agent. The moment the agent needs to send thisconfidential data to another party, it decrypts the data using its private key sk1. The result of thisoperation is plaintext data. Then the data is again encrypted, but this time using thecommunicating partners public key pk2: Epk2(data). This may also be a session key. At this pointthe data is ready to be sent to the communicating partner and this entity can decrypt the data,because he has access to his private key (this last step is not shown in Figure 1).

FIGURE 1: Conventional way of providing confidentiality in communication

The advantage of this second approach is that it is very simple and efficient. All the datato be stored is encrypted with the same key, and only when needed it is transformed into anencryption with the appropriate key. It is also an advantage that beforehand it is not known towhom the agent will talk, because the encryption for the communicating partner occurs at thetime of communication. A third advantage is that no complex key management scheme needs tobe used, because at the moment the data is encrypted to be stored in the agent, only the agentspublic key is used. Only the moment of data exchange with other parties it is necessary to obtainthe communicating partners key. This solution would be sufficient and adequate in a scenariowhere the agent is in a trusted environment and where confidentiality is not a priority, but this isnot the case in the agent model. During the transformation from encryption with the agents key toencryption with the communicating partners key, the plaintext data is available to the host.Obviously, this situation should not occur. A second problem is that not only the data is readableto the host and possibly to other parties at a certain moment, but also the private key of the agentis accessible to the host during the decryption process. Consequently, the host has access to allencrypted data stored in the agent. Concluding, this is only an adequate solution to provideconfidential communication in a fully trusted environment.

Our goal is to propose a communication model using mobile agents, with basic dataconfidentiality within the model being implemented using one of the existing security solutions, so

as to provide a foundation for secure application development. BRAHMS [7] provides an idealway to model and simulate agent behavior. BRAHMS is centered on the concept of agents.Agents behaviors are organized into activities, inherited from groups to which agents belong.Most importantly, activities locate behaviors of people and their tools in time and space, such thatresource availability and informal human participation can be taken into account. A model ofactivities doesnt necessarily describe the intricate details of reasoning or calculation, but insteadcaptures aspects of the social-physical context in which reasoning occurs. Thus Brahms differsfrom other multi-agent systems by incorporating chronological activities of multiple agents,


11/24



conversations, as well as descriptions of how information is represented, transformed,reinterpreted in various physical modalities [8].

The paper is organized as different sections. In section 2 we first briefly introduce theBRAHMS agent simulation and modeling environment. Then we discuss our security scheme forproviding data confidentiality in section 3. Thereafter, we describe our communication model andshow our simulation results using BRAHMS in section 4 which is followed by conclusion.

2. THE BRAHMS ENVIRONMENT

Brahms [8] can model and simulate work practices. Brahms models are written in theagent-oriented language. The run-time component - the simulation engine - can execute aBrahms model, also referred to as a simulation run. A Brahms model can be used to simulatehuman-machine systems for what-if experiments, for training, for user models, or for drivingintelligent assistants and robots. Brahms is different from task and functional analysis. Atraditional task or functional analysis of work leaves out the logistics, especially howenvironmental conditions come to be detected and how problems are resolved. Withoutconsideration of these factors, it is not possible to accurately model how work and informationactually flows, or to properly design software agents that help automate human tasks or interact

with people as their collaborators. What is wanted is, a model that includes aspects of reasoningfound in an information-processing model, plus aspects of geography, agent movement, andphysical changes to the environment found in a multi-agent simulation. A model of work practicefocuses on informal, circumstantial, and located behaviors by which synchronizationoccurs, suchthat the task contributions of humans and machines flow together to accomplish goals. Brahmsmakes this kind of models possible. Brahms relates knowledge-based models of cognition (e.g.,task models) with discrete simulations and the behavior-based subsumption architecture.

Brahms models are written in an agent-oriented language that has a well-defined syntaxand semantics. The Brahms language is a parsed language: you write the code and then theparser generates an internal object representation for the run-time component. Using thislanguage, a Brahms modeler can create Brahms models. The run-time component - thesimulation engine- can execute a Brahms model, also referred to as a simulation.The Brahms language is structured around the following concepts:

Agents and Groups

Objects and Classes

Beliefs and Facts

Workframes

Activities

Thoughtframes

GeographyThe concepts can be related to one another in the following way:Groups contain agents which are located and have beliefs that lead them to engage in activitiesthat are specified by workframes which consists of preconditions of beliefs that lead to actions,consisting of communication actions, movement actions, primitive actions, other compositeactivities, consequences of new beliefs and world facts thoughtframes that consist of

preconditions and consequences.

3. DATA CONFIDENTIALITY USING ELGAMAL SCHEME

In this section we briefly describe our encryption scheme [9] based on ElGamal system,to be used in the communication model. The typical problems in communicating confidential datathrough agents are:a) It is not known beforehand who the agent will communicate with, thus the data cannot beencrypted with the proper key of communicating partner.


12/24



b) The environment in which the agent is working may be untrustworthy. Thus, the data agentcarries, must be kept confidential all the time.

In conventional Client-Server systems the data is usually encrypted with the data ownerspublic key to keep it confidential and when the data is needed in communication it is firstdecrypted and then again encrypted using the public key of communication partner or the sessionkey used during the communication. In an agent environment this is not an acceptable solution asthe data is at one moment unencrypted and accessible by the host (untrusted host on which theagent resides). In our scheme, the data is first encrypted using the encryption key of the agent. Atthe moment data must be exchanged with another party, the data is again encrypted, but thistime with the encryption key of the communicating partner. A decryption process then followswhere the decryption key of the agent is used, such that the overall result is encrypted data,which can only be deciphered by the communicating party. The process is depicted in Figure 2below:

FIGURE 2: Successive encryption followed by decryption

The necessary condition for an encryption algorithm to be used in above operation is:

DSK1 (EPK2 (EPK1 (M))) = EPK2 (M) (1)

where, PK1 and PK2 are the public keys of the agent and communicating party respectively. SK1and SK2 are their corresponding private keys. It is assumed that there are more than one secretkeys generated by the agent corresponding to different types of data. Initially the data to beencrypted is stored at the users computer and in order to encrypt it, the user first generates a keypair for the agent according to the ElGamal system depending on type of data. The usergenerates a large random prime p and a generator of the multiplicative group Z

*p of the

integers modulo p. The user selects a random integer a1, 1


13/24



Where, k2, 1


14/24



FIGURE 3: General Communication Model

The two voter agents are required as one (PUB1) stores the voting preference 0 or 1.Voting preference 1 indicates voting in favor and 0 indicates otherwise. As per our encryptionscheme, agent PUB1 carries the preference encrypted using public key of voter and PUB2contains its secret key. The Consumer agent is first supposed to collect information from PUB1and go to the server where agent PUB2 is stationed. We have simplified this task by ensuring thatC2 visits UH1 first and then it goes to UH2. This ensures correct sequencing of operations of ourcomposite encryption scheme. The agent C2 first collects encrypted data from PUB1, encrypts itagain using its own public key and goes to UH2 where it sends this doubly encrypted message toPUB2 for decryption once using the secret key of voter or Publisher, held by it. The message isthe sent back to C2. Thus, what C2 receives is the message which is encrypted in the public keyof consumer (vote collector) which can be easily decrypted at THC once C2 returns back. Ifmultiple voters are present, then the Collector agent collects multiple encrypted votes from the

voters and go on adding them at untrusted hosts using the homomorphic property of ElGamal asdiscussed in section 3. It can also perform addition on its trusted host THC when it returns backat a latter date if the results of voting are not to be disclosed immediately. As can be seen, thecomposite scheme discussed in section 2 is applied successfully and it ensures that the datapossessed by the agents is never in clear. Though the encryption and decryption operations areperformed on untrusted hosts, they are never on clear data. Thus, data confidentiality is ensured.The ElGamal encryption and decryption operation can be easily implemented as an external Javaactivity in BRAHMS. The simulation results using BRAHMS are shown in Figure 4 and Figure 5respectively. To keep the simulation simple we only show how the different agent movements areperformed over the period of time and how the data exchange between the agents takes place. Inthis simple model, C2 has an initial data value 0. First time it encounters PUB1 on UH1, itreceives data value of PUB1 (1) and adds it to its own to get new data value which is 0+1=1. Nextwhen it encounters PUB2 on UH2, it again receives data value of PUB2 (2) and add it to its own.Hence the final value at C2 becomes 1+2=3. In BRAHMS it is possible to check the beliefs heldby the agent at different points of time during execution. Figure 5 show the beliefs held by agentC2 at servers UH1 and UH2 after collecting data from agents PUB1 and PUB2 respectively.

UH4

THC

creates

C2

UH2

UH1

UH3

THP

createsPub1 and

Pub2

PUB1

PUB2

C2

Path of C2


15/24



FIGURE 4: Agent movements: Agents PUB1 and PUB2 are launched on UH1 and UH2. Agent C2 roamsaround the servers UH4, UH3, UH1, UH2 and returns to THC

FIGURE 5: Data Beliefs of agent C2 changes as it visits servers UH1 and UH2

In order to perform the encryption-encryption-decryption operation on data it is necessaryto have a JAR file containing the ElGamal encryption / decryption classes. Since it is required toperform encryption/decryption sequence using different keys we have used a function getKeys()

First datachange in C2 at

UH1

Second data

change in C2 at

UH2


16/24



which returns the required keys first. Thus we have three activities getKeys, sayEncrypt andsayDecrypt. After retrieving the keys, we call the functions from the classes, in the Brahms filethrough Java Activity. A typical java activity for calling the encrypt function from the class is asfollows:

agent JAgent {

attributes:public string nextJavaActivity;public string performedActivity;public string text1; // message to be encryptedpublic int p;// Set through getKey Activity

public int y; // Set through getKey Activitypublic int skey;public int result;

initial_beliefs:// the java activity to be executed by the agent for encryption

//complete path where activity files are located(current.nextJavaActivity = "a.b.nm2.jact.doEncryptionActivity" );

activities:java sayEncrypt(int d, int p, int result) {max_duration: 0;class: "a.b.nm2.jact.doEncryptionActivity" ;when: start;

} // javacls is the class name to be executed// In Brahms workframes initiate the activitiesworkframes: // Executes the Encrypt java activity provided the nextJavaActivity // value is known. It is known since we specified it as an initial belief

workframe wf_encrypt {variables:

forone (int) m;

forone (int) pri;when(knownval(current.data=m) and knownval(current.p=pri))

// It is assumed that private key pri is obtained using getKeys activitydo {

sayEncrypt (m,pri,out);// m is data, pri is private key and result is obtained in out

conclude((current.data = out), bc:100, fc:0);// encrypted data is now current data held by the agent and this belief is// confirmed 100%

} // end do} // wf_encrypt

} // JAgent

5. CONCLUSION

It is a major challenge to provide secured Mobile Agent communication. The basic problems ofcode mobility restrict the use of conventional security measures to be adopted directly in thecontext of mobile agents. The existing solutions are either theoretical or practically infeasible.There is an urgent need for new, effective and efficient solutions in this area. We have proposeda basic model for secured communication for voting application, targeting the data security of theagents using convention security technique. The model uses ElGamal encryption / decryption and


17/24



exploits its homomorphic property for the purpose. The composite encryption scheme ismathematically proven and it can be easily implemented. The BRAHMS environment used by usprovides a realistic view of agents thought processes as they move from host to host. Though weconsidered a simple scenario with one voter and only one vote collector, we feel that the ideacould be extended to any number and lay the foundation for a more realistic voting application.

6. REFERENCES

[1] Danny B. Lange and Mitsuru Oshima. Seven good reasons for mobile agents.Communications of the ACM, 42(3):8889, March 1999.[2] G. Karjoth, N. Asokan, and G. Glc. Protecting the computation results of freeroaming agents.Mobile agents 98, Lecture Notes in Computer Science, pages 195207, 1998.[3] S. Loureiro, R. Molva, and A. Pannetrat. Secure data collection with updates. Proceedings ofthe workshop on agents in electronic commerce, pages 121130, 1999.[4] B. Yee. A sanctuary for mobile agents. Secure Internet Programming, Lecture notes incomputer science, 1603:pages 26173, 1999.[5] A. Young and M. Yung. Sliding encryption: a cryptographic tool for mobile agents.Proceedings of Fast Software Encryption Workshop 1997, Springer-Verlag, Lecture Notes inComputer Science, pages 230241, 1997.

[6] V. Roth. On the robustness of some cryptographic protocols for mobile agent protection.Mobile Agents 2001, Lecture Notes in Computer Science, pages 114, 2001.[7] http://agentisolutions.com/[8] http://agentisolutions.com/ Brahms Tutorial (TM01-0002-V1.1)[9] D.S. Adane and S.R.Sathe, A Security Model for Data Storing and Data Collecting Agents.International Journal of Computer Science and Network Security, IJCSNS, Vol (9), No.4, April2009.[10] G. Vigna. Cryptographic traces for mobile agents. Mobile agents and Security. LectureNotes in Computer Science, pages 137153, 1998.[11] I. Biehl, B. Meyer, and S. Wetzel. Ensuring the integrity of agent-based computations byshort proofs. Mobile agents, Lecture Notes in Computer Science 1477, pages 18394, 1998.[12] F. Hohl. A framework to protect mobile agents by using reference states. Proceedings ofthe 20th International Conference on Distributed Computing Systems CICDS2000, 2000.[13] F. Hohl. Time limited blackbox security: Protecting mobile agents from malicious hosts.Mobile agents and security, Lecture notes in computer science, pages 92113, 1998.[14] B. Barak and O. Goldreich. On the (im)possibility of obfuscating programs. Crypto 2001,Lecture Notes in Computer Science, pages 118, 2001.[15] C. Cachin, J. Camenisch, J. Kilian, and J. Muller. One-round secure computation andsecure autonomous mobile agents. Proceedings of the 27th International Colloquium onAutomata, Languages and Programming (ICALP), Lecture notes in Computer Science,1853:51223, 2000.[16] T. Sander and C.F. Tschudin. Towards mobile cryptography. Proceedings 1998 IEEEsymposium on security and privacy, pages 215224, 1998.[17] S. Loureiro and R. Molva. Function hiding based on error correcting codes. In Proceedingsof the CryptTEC99 International Workshop on Cryptographic Techniques and ElectronicCommerce, pages 9298, 1999.


18/24

CALL FOR PAPERS

Journal:International Journal of Security (IJS)Volume: 3 Issue: 6ISSN:1985-2320

URL: http://www.cscjournals.org/csc/description.php?JCode=IJS

About IJSInformation Security is an important aspect of protecting the informationsociety from a wide variety of threats. The International Journal of Security(IJS) presents publications and research that builds on computer security andcryptography and also reaches out to other branches of the informationsciences. Our aim is to provide research and development results of lastingsignificance in the theory, design, implementation, analysis, and applicationof secure computer systems.

IJS provides a platform to computer security experts, practitioners,executives, information security managers, academics, security consultantsand graduate students to publish original, innovative and time-critical articlesand other information describing research and good practices of importanttechnical work in information security, whether theoretical, applicable, orrelated to implementation. It is also a platform for the sharing of ideas aboutthe meaning and implications of security and privacy, particularly those withimportant consequences for the technical community. We welcomecontributions towards the precise understanding of security policies through

modeling, as well as the design and analysis of mechanisms for enforcingthem, and the architectural principles of software and hardware systemimplementing them.

To build its International reputation, we are disseminating the publicationinformation through Google Books, Google Scholar, Directory of Open AccessJournals (DOAJ), Open J Gate, ScientificCommons, Docstoc and many more.Our International Editors are working on establishing ISI listing and a goodimpact factor for IJS.

IJS List of Topics

The realm of International Journal of Security (IJS) extends, but not limited,to the following:


19/24

Anonymity Anonymity and pseudonymity

Attacks, security mechanisms, andsecurity service

Code security, including mobilecode security

Authorisation Biometrics Cellular/wireless/mobile/satellite networks

securi Authentication

Public key cryptography and keymanagement

Confidentiality, privacy, integrityauthenticatio

Cryptography and cryptanalysis Data confidentiality issues Data integrity issues Data recovery

Database security Denial of service

Denial of service attacks andcountermeasures

Dependability and reliability

Design or analysis of security protocols Distributed access control Distributed and parallel systems security Electronic commerce

Formal security analyses Fraudulent usage Information flow Information hiding and

watermarking Intellectual property protection Intrusion detection Key management Multicast security

Network and Internet security Network forensics

Network security performance evaluation Non-repudiation Peer-to-peer security Prevention of traffic analysis

Privacy protection Computer forensics

Revocation of malicious parties Risk assessment andmanagement

Secure location determination Secure PHY/MAC/routingprotocols

Secure routing protocols

Security group communications Security in ad hoc networks Security in cellular networks (2G

2.5G, 3G, B3G, Security in communications Security in content-delivery

networks

Security in distributed systems Security in domain name service

Security in e-mail Security in high-speed networks

Security in integrated networks Security in integrated wirelessnetworks

Security in internet and WWW Security in IP networks

Security in mobile IP Security in optical systems andnetworks

Security in peer-to-peer networks Security in satellite networks Security in sensor networks Security in VoIP

Security in wired and wireless integratednetworks

Security in Wired Networks

Security in wireless communications Security in wireless internet

Security in wireless LANs (IEEE 802.11WLAN, WiFi,

Security in wireless MANs (IEEE802.16 and WiMAX)

Security in wireless PANs (Bluetooth and Security policies


20/24

IEEE 802.

Security specification techniques Security standards Tradeoff analysis between performance

and security Trust establishment

Viruses worms and other malicious code WLAN and Bluetooth security


21/24

CFP SCHEDULE

Volume: 4Issue: 1

Paper Submission: January 31 2010

Author Notification: February 28 2010Issue Publication: March 2010


22/24

CALL FOR EDITORS/ REVIEWERS

CSC Journals is in process of appointing Editorial Board Members forI nternat ional Journal of Com pute r Security ( I JS). CSC Journalswould like to invite interested candidates to join IJS network of

professionals/researchers for the positions of Editor-in-Chief, AssociateEditor-in-Chief, Editorial Board Members and Reviewers.

The invitation encourages interested professionals to contribute into

CSC research network by joining as a part of editorial board members

and reviewers for scientific peer-reviewed journals. All journals use anonline, electronic submission process. The Editor is responsible for the

timely and substantive output of the journal, including the solicitation

of manuscripts, supervision of the peer review process and the final

selection of articles for publication. Responsibilities also includeimplementing the journals editorial policies, maintaining high

professional standards for published content, ensuring the integrity of

the journal, guiding manuscripts through the review process,

overseeing revisions, and planning special issues along with theeditorial team.

A complete list of journals can be found at

http://www.cscjournals.org/csc/byjournal.php. Interested candidatesmay apply for the following positions throughhttp://www.cscjournals.org/csc/login.php.

Please remember that it is through the effort of volunteers such as

yourself that CSC Journals continues to grow and flourish. Your helpwith reviewing the issues written by prospective authors would be very

much appreciated.

Feel free to contact us at [email protected] if you have anyqueries.


23/24

Contact Information

Computer Science Journals Sdn BhDM-3-19, Plaza Damas Sri Hartamas

50480, Kuala Lumpur MALAYSIA

Phone: +603 6207 1607

+603 2782 6991

Fax: +603 6207 1697

BRANCH OFFICE 1

Suite 5.04 Level 5, 365 Little Collins Street,

MELBOURNE 3000, Victoria, AUSTRALIA

Fax: +613 8677 1132

BRANCH OFFICE 2Office no. 8, Saad Arcad, DHA Main Bulevard

Lahore, PAKISTAN

EMAIL SUPPORT

Head CSC Press: [email protected] Press: [email protected]

Info: [email protected]


24/24

international journal of security (ijs), volume (3): issue (6)

Documents