CrySyS Lab Publications

@inproceedings {
   author = {Mustafa Ozger and István Gódor and Anders Nordlow and Thomas Heyn and Sreekrishna Pandi and Ian Peterson and Alberto Viseras and Jaroslav Holis and Christian Raffelsberger and Andreas Kercek and Bengt Mölleryd and Laszlo Toka and Gergely Biczók and Robby de Candido and Felix Laimer and Udo Tarmann and Dominic A. Schupke and Cicek Cavdar},
   title = {6G for Connected Sky: A Vision for Integrating Terrestrial and Non-Terrestrial Networks},
   booktitle = {Proceedings of EuCNC & 6G Summit},
   year = {2023}
}

Abstract

Privacy pitfalls of releasing in-vehicle network data

A. Gazdag and Sz. Lestyán and M. Remeli and G. Ács and T. Holczer and G. Biczók

Vehicular Communications, 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {András Gazdag and Szilvia Lestyan and Mina Remeli and Gergely Ács and Tamas Holczer and Gergely Biczók},
   title = {Privacy pitfalls of releasing in-vehicle network data},
   journal = {Vehicular Communications},
   year = {2023},
   howpublished = "\url{https://www.sciencedirect.com/science/article/pii/S2214209622001127?via%3Dihub}"
}

Keywords

In-vehicle network data; Privacy attacks; Driver re-identification; Trajectory reconstruction; Anonymization; Differential privacy

Abstract

The ever-increasing volume of vehicular data has enabled different service providers to access and monetize in-vehicle network data of millions of drivers. However, such data often carry personal or even potentially sensitive information, and therefore service providers either need to ask for drivers\' consent or anonymize such data in order to comply with data protection regulations. In this paper, we show that both fine-grained consent control as well as the adequate anonymization of in-network vehicular data are very challenging. First, by exploiting that in-vehicle sensor measurements are inherently interdependent, we are able to effectively i) re-identify a driver even from the raw, unprocessed CAN data with 97% accuracy, and ii) reconstruct the vehicle's complete location trajectory knowing only its speed and steering wheel position. Since such signal interdependencies are hard to identify even for data controllers, drivers' consent will arguably not be informed and hence may become invalid. Second, we show that the non-systematic application of different standard anonymization techniques (e.g., aggregation, suppression, signal distortion) often results in volatile, empirical privacy guarantees to the population as a whole but fails to provide a strong, worst-case privacy guarantee to every single individual. Therefore, we advocate the application of principled privacy models (such as Differential Privacy) to anonymize data with strong worst-case guarantee.

SECREDAS: Safe and (Cyber-)Secure Cooperative and Automated Mobility

C. Ploeg and J. Sluis and S. Gerres and Sz. Novaczki and A. Wippelhauser and E. Nassor and J. Sevin and A. Gazdag and G. Biczók

Proceedings of IFAC World Congress, 2023.

@inproceedings {
   author = {Chris van der Ploeg and Jacco van de Sluis and Sebastian Gerres and Szabolcs Novaczki and András Wippelhauser and Eric Nassor and Julien Sevin and András Gazdag and Gergely Biczók},
   title = {SECREDAS: Safe and (Cyber-)Secure Cooperative and Automated Mobility},
   booktitle = {Proceedings of IFAC World Congress},
   year = {2023}
}

Abstract

Infrastructure-to-Vehicle (I2V) and Vehicle-to-Infrastructure (V2I) communication is likely to be a key-enabling technology for automated driving in the future. Using externally placed sensors, the digital infrastructure can support the vehicle in perceiving surroundings that would otherwise be difficult to perceive due to, for example, high traffic density or bad weather. Conversely, by communicating on-board vehicle measurements, the environment can more accurately be perceived in locations which are not (sufficiently) covered by digital infrastructure. The security of such communication channels is an important topic, since malicious information on these channels could potentially lead to a reduction in overall safety. Collective perception contributes to raising awareness levels and an improved traffic safety. In this work, a demonstrator is introduced, where a variety of novel techniques have been deployed to showcase an overall architecture for improving vehicle and vulnerable road user safety in a connected environment. The developed concepts have been deployed at the Automotive Campus intersection in Helmond (NL), in a field testing setting.

2022

Collaborative Drug Discovery: Inference-level Privacy Perspective

B. Pejo and M. Remeli and Á. Arany and M. Galtier and G. Ács

Transactions on Data Privacy (TDP), vol. 15, 2022.

Bibtex | Abstract | PDF | Link

@article {
   author = {Balazs Pejo and Mina Remeli and Ádám Arany and Mathieu Galtier and Gergely Ács},
   title = {Collaborative Drug Discovery: Inference-level Privacy Perspective},
   journal = {Transactions on Data Privacy (TDP)},
   volume = {15},
   year = {2022},
   howpublished = "\url{http://www.tdp.cat/issues21/abs.a449a21.php}"
}

Abstract

Pharmaceutical industry can better leverage its data assets to virtualize drug discovery through a collaborative machine learning platform. On the other hand, there are non-negligible risks stemming from the unintended leakage of participants' training data, hence, it is essential for such a platform to be secure and privacy-preserving. This paper describes a privacy risk assessment for collaborative modeling in the preclinical phase of drug discovery to accelerate the selection of promising drug candidates. After a short taxonomy of state-of-the-art inference attacks we adopt and customize several to the underlying scenario. Finally we describe and experiments with a handful of relevant privacy protection techniques to mitigate such attacks.

Games in the Time of COVID-19: Promoting Mechanism Design for Pandemic Response

B. Pejo and G. Biczók

ACM Transactions on Spatial Algorithms and Systems (TSAS), 2022.

@article {
   author = {Balazs Pejo and Gergely Biczók},
   title = {Games in the Time of COVID-19: Promoting Mechanism Design for Pandemic Response},
   journal = {ACM Transactions on Spatial Algorithms and Systems (TSAS)},
   year = {2022},
   howpublished = "\url{https://dl.acm.org/doi/abs/10.1145/3503155}"
}

Abstract

Guide to Differential Privacy Modifications

B. Pejo and D. Desfontaines

Springer International Publishing (SpringerBriefs), 2022.

@book {
   author = {Balazs Pejo and Damien Desfontaines},
   title = {Guide to Differential Privacy Modifications},
   publisher = {Springer International Publishing (SpringerBriefs)},
   year = {2022},
   howpublished = "\url{https://link.springer.com/book/10.1007/978-3-030-96398-9}"
}

Abstract

In search of lost utility: private location data

Sz. Lestyán and G. Ács and G. Biczók

Privacy Enhancing Technologies Symposium (PETS), 2022.

Bibtex | Abstract | PDF | Link

@conference {
   author = {Szilvia Lestyan and Gergely Ács and Gergely Biczók},
   title = {In search of lost utility: private location data},
   booktitle = {Privacy Enhancing Technologies Symposium (PETS)},
   year = {2022},
   howpublished = "\url{https://arxiv.org/pdf/2008.01665.pdf}"
}

Keywords

Location data anonymization, Differential Privacy, Generative Models

Abstract

The unavailability of training data is a permanent source of much frustration in research, especially when it is due to privacy concerns. This is particularly true for location data since previous techniques all suffer from the inherent sparseness and high dimensionality of location trajectories which render most techniques impractical, resulting in unrealistic traces and unscalable methods. Moreover, time information of location visits is usually dropped, or its resolution is drastically reduced. In this paper we present a novel technique for privately releasing a composite generative model and whole high-dimensional location datasets with detailed time information. To generate high-fidelity synthetic data, we leverage several peculiarities of vehicular mobility such as its language-like characteristics ("you should know a location by the company it keeps") or how humans plan their trips from one point to the other. We model the generator distribution of the dataset by first constructing a variational autoencoder to generate the source and destination locations, and the corresponding timing of trajectories. Next, we compute transition probabilities between locations with a feed forward network, and build a transition graph from the output of this model, which approximates the distribution of all paths between the source and destination (at a given time). Finally, a path is sampled from this distribution with a Markov Chain Monte Carlo method. The generated synthetic dataset is highly realistic, scalable, provides good utility and, nonetheless, provably private. We evaluate our model against two state-of-the-art methods and three real-life datasets demonstrating the benefits of our approach.

Incentives for Individual Compliance with Pandemic Response Measures

B. Pejo and G. Biczók

Enabling Technologies for Social Distancing: Fundamentals, concepts and solutions, (IET), 2022.

Bibtex | PDF | Link

@inproceedings {
   author = {Balazs Pejo and Gergely Biczók},
   title = {Incentives for Individual Compliance with Pandemic Response Measures},
   booktitle = {Enabling Technologies for Social Distancing: Fundamentals, concepts and solutions, (IET)},
   year = {2022},
   howpublished = "\url{https://digital-library.theiet.org/content/books/te/pbte104e}"
}

Abstract

IoT Malware Detection with Machine Learning

L. Buttyán and R. Ferenc

ERCIM News (129), Special Issue on Fighting Cybercrime, 2022.

@article {
   author = {Levente Buttyán and Rudolf Ferenc},
   title = {IoT Malware Detection with Machine Learning},
   journal = {ERCIM News (129), Special Issue on Fighting Cybercrime},
   year = {2022},
   howpublished = "\url{https://ercim-news.ercim.eu/en129/special/iot-malware-detection-with-machine-learning}"
}

Fuzzy Message Detection (FMD) is a recent cryptographic primitive invented by Beck et al. (CCS’21) where an untrusted server performs coarse message filtering for its clients in a recipient-anonymous way. In FMD — besides the true positive messages — the clients download from the server their cover messages determined by their false- positive detection rates. What is more, within FMD, the server cannot distinguish between genuine and cover traffic. In this paper, we formally analyze the privacy guarantees of FMD from three different angles. First, we analyze three privacy provisions offered by FMD: recipient unlinkability, relationship anonymity, and temporal detection ambiguity. Second, we perform a differential privacy analysis and coin a relaxed definition to capture the privacy guarantees FMD yields. Finally, we simulate FMD on real-world communication data. Our theoretical and empirical results assist FMD users in adequately selecting their false-positive detection rates for various applications with given privacy requirements.

2021

Attacking IEC 60870-5-104 Protocol

P. György and T. Holczer

CEUR Workshop Proceedings, 2874 pp. 140-150. Paper: 13 , 11 p., 2021.

ERCIM NEWS, vol. 126, 2021, pp. 35-36.

Bibtex | Abstract | Link

@article {
   author = {Gergely Ács and Gergely Biczók and Balazs Pejo},
   title = {Measuring Contributions in Privacy-Preserving Federated Learning},
   journal = {ERCIM NEWS},
   volume = {126},
   year = {2021},
   pages = {35-36},
   howpublished = "\url{https://ercim-news.ercim.eu/en126/special/measuring-contributions-in-privacy-preserving-federated-learning}"
}

Abstract

How vital is each participant’s contribution to a collaboratively trained machine learning model? This is a challenging question to answer, especially if the learning is carried out in a privacy-preserving manner with the aim of concealing individual actions.

Privacy of Aggregated Mobility Data

G. Ács and Sz. Lestyán and G. Biczók

Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg., Springer, 2021.

Bibtex | PDF | Link

@inproceedings {
   author = {Gergely Ács and Szilvia Lestyan and Gergely Biczók},
   title = {Privacy of Aggregated Mobility Data},
   booktitle = {Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.},
   publisher = {Springer},
   year = {2021},
   howpublished = "\url{https://doi.org/10.1007/978-3-642-27739-9_1575-1}"
}

Abstract

Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction

R. Kerkouche and G. Ács and C. Castelluccia and P. Geneves

ACM Conference on Health, Inference, and Learning (CHIL), 2021, ACM, 2021.

@inproceedings {
   author = {Raouf Kerkouche and Gergely Ács and Claude Castelluccia and Pierre Geneves},
   title = {Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction},
   booktitle = {ACM Conference on Health, Inference, and Learning (CHIL), 2021},
   publisher = {ACM},
   year = {2021}
}

Abstract

Machine Learning, and in particular Federated Machine Learning, opens new perspectives in terms of medical research and patient care. Although Federated Machine Learning improves over central- ized Machine Learning in terms of privacy, it does not provide prov- able privacy guarantees. Furthermore, Federated Machine Learning is quite expensive in term of bandwidth consumption as it requires participant nodes to regularly exchange large updates. This pa- per proposes a bandwidth-efficient privacy-preserving Federated Learning that provides theoretical privacy guarantees based on Differential Privacy. We experimentally evaluate our proposal for in-hospital mortality prediction using a real dataset, containing Electronic Health Records of about one million patients. Our re- sults suggest that strong and provable patient-level privacy can be enforced at the expense of only a moderate loss of prediction accuracy.

Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity

M. Parisot and B. Pejo and D. Spagnuelo

18th International Conference on Security and Cryptography (SECRYPT), 2021.

@conference {
   author = {Mathias Parisot and Balazs Pejo and Dayana Spagnuelo},
   title = {Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity},
   booktitle = {18th International Conference on Security and Cryptography (SECRYPT)},
   year = {2021},
   howpublished = "\url{https://www.scitepress.org/Link.aspx?doi=10.5220/0010555607150721}"
}

The Internet of Things (IoT) consists of billions of embedded devices connected to the Internet. Secure remote management of many of these devices requires them to store and use long-term cryptographic keys. In this work we propose to protect cryptographic keys in embedded IoT devices using a Trusted Execution Environment (TEE) which is supported on many embedded platforms. Our approach provides similar protection as secure co-processors, but does not actually require an additional secure hardware element.

Development of a Man-in-the-Middle Attack Device for the CAN Bus

A. Gazdag and Cs. Ferenczi and L. Buttyán

Proceedings of the 1st Conference on Information Technology and Data Science, 2020, pp. 115-130.

@inproceedings {
   author = {András Gazdag and Csongor Ferenczi and Levente Buttyán},
   title = {Development of a Man-in-the-Middle Attack Device for the CAN Bus},
   booktitle = {Proceedings of the 1st Conference on Information Technology and Data Science},
   year = {2020},
   pages = {115-130}
}

Keywords

Vehicle Security, CAN, ISO 11898, Man-in-the-Middle attack

Abstract

Modern vehicles are full of embedded controllers called ECUs (Electronic Control Units). They are responsible for different functionalities involving processing information from sensors and controlling actuators. To perform their functions, ECUs also need to communicate with each other. Most ve- hicles use a Controller Area Network (CAN) for ECU communication. The original design of the CAN bus was focusing on safety and reliability prop- erties. Security was not an issue because these networks were considered to be isolated systems. These assumptions were correct for a long time, but they no longer hold. Modern vehicles have many interfaces towards the outside world, which renders the internal network accessible to an attacker. Bluetooth, Wifi, wireless Tire Pressure Monitoring System (TPMS), or the On-Board Diagnostics (OBD) port are all options for attackers to either di- rectly access the CAN network or compromise a component attached to it. It is possible to inject fake messages, or potentially, to modify messages on the CAN, and hence, forcing some ECUs to act upon these fake messages, which may influence the overall behaviour of the vehicle. Modification attacks are complex both to carry out and to detect. The main difficulty of modification attacks is that the sender checks whether the transmitted bits correctly appear on the bus or not for safety reasons. The only network level way to circumvent this protection is to physically separate the sender and the attacked ECU on the CAN bus. This can be achieved with a physical layer Man-in-the-Middle attack. We built a proof-of-concept hard- ware device capable of modifying the CAN traffic in real-time to demonstrate that this attack is possible. It has two CAN interfaces to read messages from the original CAN bus and either just forward or modify-and-forward traffic to the attacked CAN bus. We showed with measurements that we can perform a message modification attack while keeping the introduced delay within what is allowed by the CAN specification.

GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic

G. Ládi and L. Buttyán and T. Holczer

Infocommunications Journal, Vol. XII, No. 2, 2020.

IEEE Communications Magazine, vol. 58, no. 7, vol. 58, 2020, pp. 1-8.

M. Remeli and Sz. Lestyán and G. Ács and G. Biczók

22th IEEE Intelligent Transportation Systems Conference (ITSC), IEEE, 2019.

@inproceedings {
   author = {Mina Remeli and Szilvia Lestyan and Gergely Ács and Gergely Biczók},
   title = {Automatic Driver Identification from In-Vehicle Network Logs},
   booktitle = {22th IEEE Intelligent Transportation Systems Conference (ITSC)},
   publisher = {IEEE},
   year = {2019},
   howpublished = "\url{https://arxiv.org/pdf/1911.09508.pdf}"
}

Directed symbolic execution, Trigger-based behavior, Software verification

Abstract

In this paper, we present our first results towards detecting trigger-based behavior in binary programs. A program exhibits trigger-based behavior if it contains undocumented, often malicious functionality that is executed only under specific circumstances. In order to determine the inputs and environment required to trigger such behavior, we use directed symbolic execution and present techniques to overcome some of its practical limitations. Specifically, we propose techniques to overcome the environment problem and the path selection problem. We implemented our techniques and evaluated their performance on a real malware sample that launches denial-of-service attacks upon receiving specific remote commands. Thanks to our techniques, our implementation was able to determine those specific commands and all other requirements needed to trigger the malicious behavior in reasonable time.

Towards protected VNFs for multi-operator service delivery

E. Marku and G. Biczók and C. Boyd

1st International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft), IEEE, 2019, co-located with IEEE NetSoft 2019.

@inproceedings {
   author = {Enio Marku and Gergely Biczók and Colin Boyd},
   title = {Towards protected VNFs for multi-operator service delivery},
   booktitle = {1st International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft)},
   publisher = {IEEE},
   year = {2019},
   note = {co-located with IEEE NetSoft 2019}
}

Intrusion Detection, CAN Networks

Abstract

Prior research has demonstrated that modern cars are vulnerable to cyber attacks. As such attacks may cause physical accidents, forensic investigations must be extended into the cyber domain. In order to support this, CAN traffic in vehicles must be logged continuously, stored efficiently, and analyzed later to detect signs of cyber attacks. Efficient storage of CAN logs requires compressing them. Usually, this compressed logs must be decompressed for analysis purposes, leading to waste of time due to the decompression operation itself and most importantly due to the fact that the analysis must be carried out on a much larger amount of decompressed data. In this paper, we propose an anomaly detection method that works on the compressed CAN log itself. For compression, we use a lossless semantic compression algorithm that we proposed earlier. This compression algorithm achieves a higher compression ratio than traditional syntactic compression methods do such as gzip. Besides this advantage, in this paper, we show that it also supports the detection of injection attacks without decompression. Moreover, with this approach we can detect attacks with low injection frequency that were not detected reliably in previous works.

Differentially Private Mixture of Generative Neural Networks

G. Ács and L. Melis and C. Castelluccia and E. De Cristofaro

IEEE Transactions on Knowledge and Data Engineering, 2018.

Bibtex | Abstract | Link

@article {
   author = {Gergely Ács and Luca Melis and Claude Castelluccia and Emiliano De Cristofaro},
   title = {Differentially Private Mixture of Generative Neural Networks},
   journal = {IEEE Transactions on Knowledge and Data Engineering},
   year = {2018},
   howpublished = "\url{https://arxiv.org/pdf/1709.04514.pdf}"
}

Abstract

Generative models are used in a wide range of applications building on large amounts of contextually rich information. Due to possible privacy violations of the individuals whose data is used to train these models, however, publishing or sharing generative models is not always viable. In this paper, we present a novel technique for privately releasing generative models and entire high-dimensional datasets produced by these models. We model the generator distribution of the training data with a mixture of k generative neural networks. These are trained together and collectively learn the generator distribution of a dataset. Data is divided into k clusters, using a novel differentially private kernel k-means, then each cluster is given to separate generative neural networks, such as Restricted Boltzmann Machines or Variational Autoencoders, which are trained only on their own cluster using differentially private gradient descent. We evaluate our approach using the MNIST dataset, as well as call detail records and transit datasets, showing that it produces realistic synthetic samples, which can also be used to accurately compute arbitrary number of counting queries.

Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic

G. Ládi and L. Buttyán and T. Holczer

26th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2018, pp. 1-6, ISBN 978-9-5329-0087-3.

Journal of Communications Software and Systems (JCOMSS), vol. 14, no. 1, 2018.

@article {
   author = {István VAJDA and Máté Horváth},
   title = {Searchable Symmetric Encryption for Restricted Search},
   journal = {Journal of Communications Software and Systems (JCOMSS)},
   volume = {14},
   number = {1},
   year = {2018}
}

Keywords

Searchable Symmetric Encryption; Forward Index; Type-3 Pairings; MAC

Abstract

The proliferation of cloud computing highlights the importance of techniques that permit both secure storage of sensitive data and flexible data management at the same time. One line of research with this double motivation is the study of Searchable Symmetric Encryption (SSE) that has provided several outstanding results in the recent years. These solutions achieve sublinear keyword search in huge databases by using various data structures to store keywords and document identifiers. In this work, we focus on certain scenarios in which search over the whole database is not necessary and show that the otherwise inefficient sequential scan (in linear time) can be very practical. This is due to the fact that adding new entries to the database comes for free in this case while updating a complex data structure without information leakage is rather complicated. To demonstrate the practicality of our approach we build a simple SSE scheme based on bilinear pairings and prove its security against adaptive chosen-keyword attacks in the standard model under the widely used Symmetric eXternal Diffie-Hellman (SXDH) assumption.

Vehicular Can Traffic Based Microtracking for Accident Reconstruction

A. Gazdag and T. Holczer and L. Buttyán and Zs. Szalay

Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering, University of Miskolc, Miskolc, Hungary, 2018.

@inproceedings {
   author = {András Gazdag and Tamas Holczer and Levente Buttyán and Zsolt Szalay},
   title = {Vehicular Can Traffic Based Microtracking for Accident Reconstruction},
   booktitle = {Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering},
   publisher = {University of Miskolc, Miskolc, Hungary},
   year = {2018}
}

Keywords

Digital forensics, CAN network

Abstract

Accident reconstruction is the process of reliably discovering what has happened before a serious event. We show how the most widely used intra vehicular network (namely the Controller Area Network, CAN) can be used in this process. We show how the actual velocity and steering wheel position transmitted on the CAN network can be used to reconstruct the trajectory of a vehicle. This trajectory is an essential input in the reconstruction process. In this paper, we show how the CAN traffic of an actual vehicle can be used to recon- struct the trajectory of the vehicle, and we evaluate our approach in several real life experiments including normal and pre-accident situations.

2017

CAN compression based IDS

A. Gazdag

IT-SECX 2017, 2017, FH St. Pölten.

@conference {
   author = {András Gazdag},
   title = {CAN compression based IDS},
   booktitle = {IT-SECX 2017},
   year = {2017},
   publisher = {FH St. Pölten}
}

Abstract

Modern vehicles are mainly controlled by ECUs (Electric Control Units). They are small programmable computers responsible for single tasks. New smart features of vehicles showed demand for Internet connectivity rendering these previously isolated computer networks reachable for malicious attacks. Detecting cyber-attacks requires a continuous network traffic logging for online and offline analysis. This generates a huge amount of data which is a challenge to store and to analyze, as well. In this presentation, we show a proposed semantic compression mechanism that is capable of representing the original data in a lossless form while using a fraction of the space. The introduced algorithm understands properties of the CAN traffic log. This is a powerful foundation for compression and for intrusion detection. The compressed traffic log can be directly used as an input for a machine learning based IDS, which is then capable to effectively recognize malicious attack patterns.

Differentially Private Mixture of Generative Neural Networks

E. De Cristofaro and C. Castelluccia and L. Melis and G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2017.

@inproceedings {
   author = {Emiliano De Cristofaro and Claude Castelluccia and Luca Melis and Gergely Ács},
   title = {Differentially Private Mixture of Generative Neural Networks},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

Efficient Lossless Compression of CAN Traffic Logs

A. Gazdag and L. Buttyán and Zs. Szalay

IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom), IEEE, 2017.

@inproceedings {
   author = {András Gazdag and Levente Buttyán and Zsolt Szalay},
   title = {Efficient Lossless Compression of CAN Traffic Logs},
   booktitle = {IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by cyber attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data, therefore, it contributes to reduced analysis time and effort. We achieve this by performing semantic compression on the CAN traffic logs, rather than simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of state-of-the-art syntactic compression methods, such as gzip.

Forensics aware lossless compression of CAN traffic logs

A. Gazdag and L. Buttyán and Zs. Szalay

Scientific Letters of the University of Zilina, 2017.

@article {
   author = {András Gazdag and Levente Buttyán and Zsolt Szalay},
   title = {Forensics aware lossless compression of CAN traffic logs},
   journal = {Scientific Letters of the University of Zilina},
   year = {2017}
}

Keywords

CAN, network traffic capture, semantic compression, forensic analysis

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.

Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange

H Lønsethagen and P Heegaard and L. Toka and M Dramitinos and G. Biczók

IEEE Communications Magazine, vol. 55, no. 4, 2017.

@article {
   author = {Håkon Lønsethagen and Poul E. Heegaard and Laszlo Toka and Manos Dramitinos and Gergely Biczók},
   title = {Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange},
   journal = {IEEE Communications Magazine},
   volume = {55},
   number = {4},
   year = {2017}
}

Abstract

Bla

Privacy-Aware Caching in Information-Centric Networking

C. Wood and G. Tsudik and C. Ghali and P. Gasti and M. Conti and G. Ács

IEEE Transactions on Dependable Computing (TDSC), 2017.

@article {
   author = {Christopher Wood and Gene Tsudik and Cesar Ghali and Paulo Gasti and Mauro Conti and Gergely Ács},
   title = {Privacy-Aware Caching in Information-Centric Networking},
   journal = {IEEE Transactions on Dependable Computing (TDSC)},
   year = {2017}
}

Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance

D. Papp and L. Buttyán and Z. Ma

Workshop on Software Assurance at ARES 2017, 2017.

@conference {
   author = {Dorottya Papp and Levente Buttyán and Zhendong Ma},
   title = {Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance},
   booktitle = {Workshop on Software Assurance at ARES 2017},
   year = {2017}
}

Abstract

A program exhibits trigger-based behavior if it performs undocumented, often malicious, functions when the environmental conditions and/or specific input values match some pre-specified criteria. Checking whether such hidden functions exist in the program is important for increasing trustworthiness of software. In this paper, we propose a framework to effectively detect trigger-based behavior at the source code level. Our approach is semi-automated: We use automated source code instrumentation and mixed concrete and symbolic execution to generate potentially suspicious test cases that may trigger hidden, potentially malicious functions. The test cases must be investigated by a human analyst manually to decide which of them are real triggers. While our approach is not fully automated, it greatly reduces manual work by allowing analysts to focus on a few test cases found by our automated tools.

Transparent Encryption for Cloud-based Services

G. Ládi

Mesterpróba 2017, Conference Proceedings, Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics, 2017, pp. 5-8.

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {Mesterpróba 2017, Conference Proceedings},
   publisher = {Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics},
   year = {2017},
   pages = {5-8}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that even if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services.

Transparent Encryption for Cloud-based Services

G. Ládi

25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2017, pp. 64-68, ISSN 1847-3598.

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
   publisher = {FESB, University of Split},
   year = {2017},
   pages = {64-68},
   note = {ISSN 1847-3598}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; TLS inspection; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services, even if the connection between the client and the provider is secured by Transport Layer Security.

Privacy Preserving Data Aggregation over Multi-hop Networks

Sz. Lestyán

Infocommunications Journal, pp. 7-15, December 2016, Volume VIII, Number 4, ISSN 2061-2079, 2016.

@article {
   author = {Szilvia Lestyan},
   title = {Privacy Preserving Data Aggregation over Multi-hop Networks},
   journal = {Infocommunications Journal, pp. 7-15, December 2016, Volume VIII, Number 4, ISSN 2061-2079},
   year = {2016}
}

storage in clouds; access control; attribute-based encryption; multi-authority; user revocation

Abstract

In this work, we aim to make attribute-based encryption (ABE) more suitable for access control to data stored in the cloud. For this purpose, we concentrate on giving to the encryptor full control over the access rights, providing feasible key management even in case of multiple independent authorities, and enabling viable user revocation, which is essential in practice. Our main result is an extension of the decentralized CP-ABE scheme of Lewko and Waters [6] with identity-based user revocation. Our revocation system is made feasible by removing the computational burden of a revocation event from the cloud service provider, at the expense of some permanent, yet acceptable overhead of the encryption and decryption algorithms run by the users. Thus, the computation overhead is distributed over a potentially large number of users, instead of putting it on a single party (e.g., a proxy server), which would easily lead to a performance bottleneck. The formal security proof of our scheme is given in the generic bilinear group and random oracle models.

Attribute-Based Encryption Optimized for Cloud Computing

M. Horváth

Infocommunications Journal, vol. 7, no. 2, 2015, pp. 1-9.

@article {
   author = {Máté Horváth},
   title = {Attribute-Based Encryption Optimized for Cloud Computing},
   journal = {Infocommunications Journal},
   volume = {7},
   number = {2},
   year = {2015},
   pages = {1-9}
}

Keywords

storage in clouds; access control; attribute-based encryption; multi-authority; user revocation

Abstract

Duqu 2.0:A comparison to Duqu

B. Bencsáth and L. Buttyán and R. Kamarás and G. Vaspöri and G. Molnár and G. Ács-Kurucz

BME CrySyS Lab, 2015.

@techreport {
   author = {Boldizsár Bencsáth and Levente Buttyán and Roland Kamarás and Gábor Vaspöri and Gábor Molnár and Gábor Ács-Kurucz},
   title = {Duqu 2.0:A comparison to Duqu},
   institution = {BME CrySyS Lab},
   year = {2015}
}

Abstract

Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy

D. Papp and Z. Ma and L. Buttyán

IEEE International Confenrence on Privacy, Security, and Trust, 2015.

@conference {
   author = {Dorottya Papp and Zhendong Ma and Levente Buttyán},
   title = {Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy},
   booktitle = {IEEE International Confenrence on Privacy, Security, and Trust},
   year = {2015}
}

Abstract

Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and ``invisible' way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. In this paper, we conduct a systematic review of the existing threats and vulnerabilities in embedded systems based on public available data. Moreover, based on the information, we derive an attack taxonomy for embedded systems. We envision that the findings in this paper provide a valuable insight of the threat landscape facing embedded systems. The knowledge can be used for a better understanding and the identification of security risks in system analysis and design.

On pricing online data backup

G. Biczók and L. Toka

IEEE INFOCOM Smart Data Pricing WS, IEEE, 2015.

@inproceedings {
   author = {Gergely Biczók and Laszlo Toka},
   title = {On pricing online data backup},
   booktitle = {IEEE INFOCOM Smart Data Pricing WS},
   publisher = {IEEE},
   year = {2015}
}

Abstract

On the Unicity of Smartphone Applications

C. Castelluccia and G. Ács and J. P. Achara

ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács and Jagdish Prasad Achara},
   title = {On the Unicity of Smartphone Applications},
   booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2015}
}

Abstract

Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)

C. Castelluccia and J. P. Achara and G. Ács

IEEE International Conference on Big Data (Big Data), IEEE, 2015.

@inproceedings {
   author = {Claude Castelluccia and Jagdish Prasad Achara and Gergely Ács},
   title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
   booktitle = {IEEE International Conference on Big Data (Big Data)},
   publisher = {IEEE},
   year = {2015}
}

Abstract

ROSCO: Repository of signed code

B. Bencsáth and L. Buttyán and T. Holczer and B. Kócsó and D. Papp

Virus Bulletin, 2015.

@conference {
   author = {Boldizsár Bencsáth and Levente Buttyán and Tamas Holczer and Balázs Kócsó and Dorottya Papp},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract

The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems

L. Buttyán and M. Felegyhazi and T. Holczer

Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, IAEA, 2015.

@inproceedings {
   author = {Levente Buttyán and Mark Felegyhazi and Tamas Holczer},
   title = {The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems},
   booktitle = {Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange},
   publisher = {IAEA},
   year = {2015}
}

@conference {
   author = {András Gazdag},
   title = {Android Memory Forensics Hello Workshop},
   booktitle = {Hacktivity 2014.},
   year = {2014}
}

Abstract

Szakértõk kezében a sérülékeny memóriatartalmak vizsgálata már jó ideje hatékony fegyvernek bizonyult. Az új technológiák robbanásszerû elterjedése szükségessé teszi a megbízható technológiák átalakítását, hogy azok az új kihívásoknak is eleget tudjanak ezáltal tenni. Erre az egyik legkézenfekvõbb példa az Android platform. Az utóbbi években látható jelentõs térhódítása ennek a platformnak elkerülhetetlenné tette – többek között – a memória vizsgálati módszerek kifejlesztését is. A workshop célja a résztvevõk megismertetése a jelenleg elérhetõ technológiákkal, gyakorlati példákon keresztül. A lehetséges megközelítések rövid összefoglalása után a résztvevõk megtanulhatják, hogy hogyan lehetséges memória tartalmat rögzíteni Android-ot futtató eszközökrõl, ezután pedig a minták elemzésére kerül sor a széles körben elterjedt Volatility framework segítségével.

CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp

T. Holczer and M. Felegyhazi and Gy. Miru and F. Juhasz and D. Buza

Kiss Natália Nagy Bálint Németh István Péter (Eds), Tudományos terek, pp. 9-20, DUF Press, 2014, ISBN: 9789632870755.

@inbook {
   author = {Tamas Holczer and Mark Felegyhazi and Gyorgy Miru and Ferenc Juhasz and Daniel Buza},
   editor = {Kiss Natália Nagy Bálint Németh István Péter (Eds)},
   title = {CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp},
   chapter = {Tudományos terek},
   pages = {9-20},
   publisher = {DUF Press},
   year = {2014},
   note = {ISBN: 9789632870755}
}

Abstract

CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot

D. Buza and F. Juhasz and Gy. Miru and M. Felegyhazi and T. Holczer

in Proceedings of SmartGridSec 2014, February 26, 2014.

@article {
   author = {Daniel Buza and Ferenc Juhasz and Gyorgy Miru and Mark Felegyhazi and Tamas Holczer},
   title = {CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot},
   journal = {in Proceedings of SmartGridSec 2014},
   month = {February 26},
   year = {2014}
}

Keywords

@conference {
   author = {Jens Grossklags and Benjamin Johnson and Aron Laszka},
   title = {A Game-Theoretic Approach to Risk Mitigation Against Targeted and Non-Targeted Covert Attacks},
   booktitle = {4th Conference on Decision and Game Theory for Security (GameSec 2013)},
   year = {2013},
   month = {November},
   note = {(accepted)}
}

Abstract

A Survey of Security Issues in Hardware Virtualization

B. Bencsáth and L. Buttyán and G. Pék

ACM Computing Surveys (CSUR), vol. 45 , no. 3, June , 2013, doi:10.1145/2480741.2480757.

@article {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK},
   title = {A Survey of Security Issues in Hardware Virtualization},
   journal = { ACM Computing Surveys (CSUR)},
   volume = {45 },
   number = {3},
   month = {June },
   year = {2013},
   note = {doi:10.1145/2480741.2480757}
}

Abstract

Virtualization is a powerful technology to increase the efficiency of computing services; however, besides its advantages, it also raises a number of security issues. In this paper, we provide a thorough survey of those security issues in hardware virtualization. We focus on potential vulnerabilities and existing attacks on various virtualization platforms, but we also briefly sketch some possible countermeasures. To the best of our knowledge, this is the first survey of security issues in hardware virtualization with this level of details. Moreover, the adversary model and the structuring of the attack vectors are original contributions, never published before.

Bitspotting: Detecting Optimal Adaptive Steganography

R. Böhme and J. Grossklags and A. Laszka and P. Schöttle and B. Johnson

12th International Workshop on Digital-Forensics and Watermarking (IWDW), 2013, October.

@conference {
   author = { and Jens Grossklags and Aron Laszka and Pascal Schöttle and Benjamin Johnson},
   title = {Bitspotting: Detecting Optimal Adaptive Steganography},
   booktitle = {12th International Workshop on Digital-Forensics and Watermarking (IWDW)},
   year = {2013},
   month = {October}
}

Abstract

Cache Privacy in Named-Data Networking

G. Tsudik and C. Ghali and P. Gasti and M. Conti and G. Ács

The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.

@inproceedings {
   author = {Gene Tsudik and Cesar Ghali and Paulo Gasti and Mauro Conti and Gergely Ács},
   title = {Cache Privacy in Named-Data Networking},
   booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
   publisher = {IEEE},
   year = {2013}
}

Abstract

Designing Robust Network Topologies for Wireless Sensor Networks in Adversarial Environments

D. Szeszlér and L. Buttyán and A. Laszka

Pervasive and Mobile Computing, Elsevier, vol. 9, no. 4, August, 2013, pp. 546 - 563, (http://dx.doi.org/10.1016/j.pmcj.2012.05.001).

@article {
   author = {Dávid Szeszlér and Levente Buttyán and Aron Laszka},
   title = {Designing Robust Network Topologies for Wireless Sensor Networks in Adversarial Environments},
   journal = {Pervasive and Mobile Computing, Elsevier},
   volume = { 9},
   number = {4},
   month = {August},
   year = {2013},
   pages = {546 - 563},
   note = {(http://dx.doi.org/10.1016/j.pmcj.2012.05.001)}
}

Abstract

In this paper, we address the problem of deploying sink nodes in a wireless sensor network such that the resulting network topology be robust. In order to measure network robustness, we propose a new metric, called persistence, which better captures the notion of robustness than the widely known connectivity based metrics. We study two variants of the sink deployment problem: sink selection and sink placement. We prove that both problems are NP-hard, and show how the problem of sink placement can be traced back to the problem of sink selection using an optimal search space reduction te chnique, which may be of independent interest. To solve the problem of sink selection, we propose efficient heuristic algorithms. Finally, we provide experim ental results on the performance of our proposed algorithms.

eNeMI: Evading the state-of-the-art hardware protection of I/O virtualization

G. Pék

Presentation at Hactivity Conference, October, 2013.

9th Conference on Web and Internet Economics (WINE), 2013, December.

@conference {
   author = {Jens Grossklags and Benjamin Johnson and Aron Laszka},
   title = {Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks},
   booktitle = {9th Conference on Web and Internet Economics (WINE)},
   year = {2013},
   month = {December}
}

Abstract

On formal and automatic security verification of WSN transport protocols

A. Dvir and L. Buttyán and T. V. Thong

ISRN Sensor Networks Journal, Hindawi, December, 2013, In Press.

@article {
   author = {Amit Dvir and Levente Buttyán and Ta Vinh Thong},
   title = {On formal and automatic security verification of WSN transport protocols },
   journal = {ISRN Sensor Networks Journal, Hindawi},
   month = {December},
   year = {2013},
   note = {In Press}
}

Abstract

Quantifying All-to-One Network Topology Robustness Under Budget Constraints

A. Gueye and A. Laszka

The joint Workshop on Pricing and Incentives in Networks and Systems, 2013, June.

@conference {
   author = {Assane Gueye and Aron Laszka},
   title = {Quantifying All-to-One Network Topology Robustness Under Budget Constraints},
   booktitle = {The joint Workshop on Pricing and Incentives in Networks and Systems},
   year = {2013},
   month = {June}
}

Abstract

To design robust network topologies that resist strategic at- tacks, one must rst be able to quantify robustness. In a recent line of research, the theory of network blocking games has been used to derive robustness metrics for topologies. However, these previous works did not consider the bud- get constraints of the network operator. In this paper, we introduce a budget limit on the operator and study two bud- get constraint formulations: the maximum and the expected cost constraints. For practical applications, the greatest challenge posed by blocking games is their computational complexity. Therefore, we show that the expected cost con- straint formulation leads to games that can be solved e- ciently, while the maximum cost constraint leads to NP-hard problems. As an illustrative example, this paper discusses the particular case of All-to-One (e.g., sensor or access) net- works

Quantifying Network Topology Robustness Under Budget Constraints: General Model and Computational Complexity

A. Gueye and A. Laszka

4th Conference on Decision and Game Theory for Security (GameSec 2013), 2013, November, (accepted).

@conference {
   author = {Assane Gueye and Aron Laszka},
   title = {Quantifying Network Topology Robustness Under Budget Constraints: General Model and Computational Complexity},
   booktitle = {4th Conference on Decision and Game Theory for Security (GameSec 2013)},
   year = {2013},
   month = {November},
   note = {(accepted)}
}

social networks, privacy, machine learning

Abstract

Online Social Networks have gained increased popularity in recent years. However, besides their many advanteges, they also represent privacy risks for the users. In order to control access to their private information, users of OSNs are typically allowed to set the visibility of their profile attributes, but this may not be sufficient, beacuse visible attributes, friendship relationships, and group memberships can be used to infer private information. In this paper, we propose a fully automated approach based on machine learning for inferring undisclosed attributes of OSN users. Our method can be used for both classification and regression tasks, and it makes large scale privacy attacks feasible. We also provide experimental results showing that our method achieves good performance in practice.

A Survey of Interdependent Security Games

L. Buttyán and M. Felegyhazi and A. Laszka

no. CRYSYS-TR-2012-11-15, CrySyS Lab, BME, Nov, 2012.

@techreport {
   author = {Levente Buttyán and Mark Felegyhazi and Aron Laszka},
   title = {A Survey of Interdependent Security Games},
   number = {CRYSYS-TR-2012-11-15},
   institution = {CrySyS Lab, BME},
   month = {Nov},
   year = {2012}
}

Keywords

interdependent security, security economics, security games

Abstract

Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the security-related decisions of other connected systems. Therefore, defending networked systems relies on the correlated action of the system operators or users. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies and present solution methods. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community.

A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability

A. Grilo and A. Casaca and P. Pereira and L. Buttyán and J. Goncalves and C. Fortunato

Euro-NF Conference on Next Generation Internet (NGI), IEEE, 2012.

@inproceedings {
   author = {Antonio M. Grilo and Augusto Casaca and Paulo Pereira and Levente Buttyán and José Goncalves and Carlos Fortunato},
   title = {A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability},
   booktitle = {Euro-NF Conference on Next Generation Internet (NGI)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

This paper presents an overview of a Wireless Sensor and Actuator Network (WSAN) used to monitor an electrical power grid distribution infrastructure. The WSAN employs appropriate sensors to monitor key grid components, integrating both safety and security services, which improve the grid distribution dependability. The supported applications include, among others, video surveillance of remote secondary substations, which imposes special requirements from the point of view of quality of service and reliability. The paper presents the hardware and software architecture of the system together with performance results.

Célzott informatikai támadások napjainkban

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

Budapest New Tech Meetup, Budapest, Hungary., December, 2012.

@misc {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {Célzott informatikai támadások napjainkban},
   howpublished = {Budapest New Tech Meetup, Budapest, Hungary.},
   month = {December},
   year = {2012}
}

Abstract

Critical Infrastructure Security: Assessment, Prevention, Detection, Response

P. Langendoerfer and L. Buttyán and A. Casaca and E. Osipov and A. Hessler and C. Castelluccia and A. Alkassar

F. Flammini (ed), Wireless Sensor Networks for Critical Infrastructure Protection, pp. 155-167, WIT Press, 2012.

@inbook {
   author = {Peter Langendoerfer and Levente Buttyán and Augusto Casaca and Evgeny Osipov and Alban Hessler and Claude Castelluccia and Ammar Alkassar},
   editor = {F. Flammini (ed)},
   title = {Critical Infrastructure Security: Assessment, Prevention, Detection, Response},
   chapter = {Wireless Sensor Networks for Critical Infrastructure Protection},
   pages = {155-167},
   publisher = {WIT Press},
   year = {2012}
}

Abstract

Cryptography: The strongest link in the chain

L. Buttyán and B. Bencsáth

Hackin9 Extra, vol. 8, no. 1, January, 2012, pp. 8-11.

@article {
   author = {Levente Buttyán and Boldizsár Bencsáth},
   title = {Cryptography: The strongest link in the chain},
   journal = {Hackin9 Extra},
   volume = {8},
   number = {1},
   month = {January},
   year = {2012},
   pages = {8-11}
}

Abstract

IT security architectures that use cryptographic elements sometimes fail, but it is rarely cryptography to blame. The reason is more often the use of cryptography in an inappropriate way, or the use of algorithms that do not really qualify as cryptographic. High quality cryptography is in fact the strongest link in the chain, and there are good reasons for that.

Differentially Private Histogram Publishing through Lossy Compression

C. Castelluccia and R. Chen and G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2012.

@inproceedings {
   author = {Claude Castelluccia and Rui Chen and Gergely Ács},
   title = {Differentially Private Histogram Publishing through Lossy Compression},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

Differentially Private Sequential Data Publication via Variable-Length N-Grams

C. Castelluccia and G. Ács and R. Chen

In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács and Rui Chen},
   title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
   booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

Digital Identity and Access Management: Technologies and Frameworks

G. Gy. Gulyás and R. Schulcz and S. Imre

Dr Raj Sharman, Dr. Sanjukta Das Smith, Manish Gupta, Separating Private and Business Identities, pp. 114-132, IGI Global, 2012.

@inbook {
   author = {Gábor György Gulyás and Róbert Schulcz and Sándor Imre},
   editor = {Dr Raj Sharman, Dr. Sanjukta Das Smith, Manish Gupta},
   title = {Digital Identity and Access Management: Technologies and Frameworks},
   chapter = {Separating Private and Business Identities},
   pages = {114-132},
   publisher = {IGI Global},
   year = {2012}
}

Abstract

As various information technologies are penetrating everyday life, private and business matters inevitably mingle. Separating private and business past records, public information, actions or identities may, however, be crucial for an employee in certain situations. In this chapter we review the interrelated areas of employee privacy, and analyze in detail two areas of special importance from the viewpoint of the separation: web and social network privacy. In relation to these areas we discuss threats and solutions in parallel, and besides surveying the relevant literature, we also present current Privacy Enhancing Technologies applicable in each area. Additionally, we briefly review other means of workplace surveillance, providing some insight into the world of smartphones, where we expect the rise of new privacy-protecting technologies as these devices are getting capable of taking over the functions of personal computers.

Duqu, Flame, Gauss - new challenges for a new era

B. Bencsáth and L. Buttyán and M. Felegyhazi and G. Pék

EuroNOG 2012 conference, Budapest, 10-11 Sept 2012, September, 2012.

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Mark Felegyhazi and Gábor PÉK},
   title = {Duqu, Flame, Gauss - new challenges for a new era },
   howpublished = {EuroNOG 2012 conference, Budapest, 10-11 Sept 2012},
   month = {September},
   year = {2012}
}

Query Auditing, Statistical databases, Full disclosure, Partial disclosure, MIN, MAX aggregation queries

Abstract

In this paper, we dene a novel setting for query auditing, where instead of detecting or preventing the disclosure of individual sensitive values, we want to detect or prevent the disclosure of aggregate values in the database. More specically, we study the problem of detecting or preventing the disclosure of the maximum (minimum) value in the database, when the querier is allowed to issue average queries to the database. We propose efficient offline and online query auditors for this problem in the full disclosure model, and an ecient simulatable online query auditor in the partial disclosure model.

Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey

P. Schaffer and K. Farkas and Á. Horváth and T. Holczer and L. Buttyán

accepted for publication in Elsevier Computer Networks, 2012.

@article {
   author = {Peter Schaffer and Károly Farkas and Ádám Horváth and Tamas Holczer and Levente Buttyán},
   title = {Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey},
   journal = {accepted for publication in Elsevier Computer Networks},
   year = {2012}
}

Abstract

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols inWSNs with special emphasis on security and reliability issues. First, we define the taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols.

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

In collaboration with the sKyWIper Analysis Team , 2012.

@techreport {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks},
   institution = {In collaboration with the sKyWIper Analysis Team },
   year = {2012}
}

Abstract

Targeted attacks against Critical infrastructure: Stuxnet and beyond

B. Bencsáth and G. Pék and L. Buttyán and M. Felegyhazi

SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012, April, 2012, London.

@misc {
   author = {Boldizsár Bencsáth and Gábor PÉK and Levente Buttyán and Mark Felegyhazi},
   title = {Targeted attacks against Critical infrastructure: Stuxnet and beyond},
   howpublished = {SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012},
   month = {April},
   year = {2012},
   note = {London}
}

Abstract

Targeted Attacks of Recent Times

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico, February, 2012.

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Targeted Attacks of Recent Times },
   howpublished = {Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico},
   month = {February},
   year = {2012}
}

Abstract

Technical analysis and information sharing in the handling of high-profile targeted attacks

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012, June, 2012, Barcelona, Spain.

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Technical analysis and information sharing in the handling of high-profile targeted attacks },
   howpublished = {2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012},
   month = {June},
   year = {2012},
   note = {Barcelona, Spain}
}

Abstract

The BIZ Top-Level Domain: Ten Years Later

T. Halvorson and J. Szurdi and G. Maier and M. Felegyhazi and C. Kreibich and N. Weaver and K. Levchenko and V. Paxson

in Proceedings of Passive Active Measurements (PAM 2012), PAM 2012, Vienna, Austria, March 12-14, 2012.

@inproceedings {
   author = { and János Szurdi and Gregor Maier and Mark Felegyhazi and and and and },
   title = {The BIZ Top-Level Domain: Ten Years Later},
   booktitle = {in Proceedings of Passive Active Measurements (PAM 2012)},
   publisher = {PAM 2012},
   address = {Vienna, Austria},
   month = {March 12-14},
   year = {2012}
}

Abstract

On May 15, 2001 ICANN announced the introduction of the biz and info generic top-level domains (gTLDs)—the first new gTLDs since the inception of the Domain Name System—aiming to “increase consumer choice and create opportunities for entities that have been shut out under the current name structure.” The biz gTLD, in particular, was to become an alternative to the popular com top-level domain. In this paper we examine the current usage of the biz gTLD in order to determine whether it has evolved into the role intended by ICANN, and whether concerns expressed in the early discussions of this expansion have been justified. In particular, using DNS zone files, DNS probing, and Web crawler data, we attempt to answer the question of whether biz has become a viable alternative to com, giving trademark holders who find themselves unable to register a com name an attractive alternative; or whether it has merely induced defensive registrations by existing trademark holders who already had equivalent com domains

The cousins of Stuxnet:Duqu, Flame, Gauss, …

L. Buttyán and B. Bencsáth and G. Pék and M. Felegyhazi

ISCD 2012, Balatonöszöd, 3-4 Sep., September, 2012.

@misc {
   author = {Levente Buttyán and Boldizsár Bencsáth and Gábor PÉK and Mark Felegyhazi},
   title = {The cousins of Stuxnet:Duqu, Flame, Gauss, …},
   howpublished = {ISCD 2012, Balatonöszöd, 3-4 Sep.},
   month = {September},
   year = {2012}
}

Proceedings of the First SysSec Workshop SysSec 2011, SysSec, Amsterdam, The Netherlands, July 6, 2011, pp. 73-76.

@inproceedings {
   author = {Levente Buttyán and Mark Felegyhazi and Boldizsár Bencsáth},
   title = {CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap},
   booktitle = {Proceedings of the First SysSec Workshop SysSec 2011},
   publisher = {SysSec},
   address = { Amsterdam, The Netherlands},
   month = {July 6},
   year = {2011},
   pages = {73-76}
}

Abstract

Cryptography - the strongest chain element in the practice of cyber security

B. Bencsáth and L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011.

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán},
   title = {Cryptography - the strongest chain element in the practice of cyber security},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011}
}

Abstract

Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes

L. Czap and L. Buttyán and I. Vajda

IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, November/December, 2011.

@article {
   author = {László CZAP and Levente Buttyán and István VAJDA},
   title = {Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes},
   journal = {IEEE Transactions on Dependable and Secure Computing},
   volume = {8},
   number = {6},
   month = {November/December},
   year = {2011}
}

Abstract

We address the problem of pollution attacks in coding based distributed storage systems. In a pollution attack, the adversary maliciously alters some of the stored encoded packets, which results in the incorrect decoding of a large part of the original data upon retrieval. We propose algorithms to detect and recover from such attacks. In contrast to existing approaches to solve this problem, our approach is not based on adding cryptographic checksums or signatures to the encoded packets, and it does not introduce any additional redundancy to the system. The results of our analysis show that our proposed algorithms are suitable for practical systems, especially in wireless sensor networks.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

T. V. Thong and L. Buttyán

Periodica Polytechnica Journal, accepted for publication, 2011.

@article {
   author = {Ta Vinh Thong and Levente Buttyán},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   journal = {Periodica Polytechnica Journal},
   month = {accepted for publication},
   year = {2011}
}

Keywords

Automated verification, secure routing protocols, model-cheking, process calculus

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for adhoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated.

I have a DREAM! (DiffeRentially privatE smArt Metering)

C. Castelluccia and G. Ács

The 13th Information Hiding Conference (IH), Springer, 2011.

@inproceedings {
   author = {Claude Castelluccia and Gergely Ács},
   title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
   booktitle = {The 13th Information Hiding Conference (IH)},
   publisher = {Springer},
   year = {2011}
}

Abstract

nEther: In-guest Detection of Out-of-the-guest Malware Analyzers

G. Pék and B. Bencsáth and L. Buttyán

ACM European Workshop on System Security (EuroSec), ACM, Salzburg, Austria, April 10, 2011, pp. 1-6.

@inproceedings {
   author = {Gábor PÉK and Boldizsár Bencsáth and Levente Buttyán},
   title = {nEther: In-guest Detection of Out-of-the-guest Malware Analyzers},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   address = {Salzburg, Austria},
   month = {April 10},
   year = {2011},
   pages = {1-6}
}

Abstract

Network Regulation and Market Entry

G. Schwartz and J. Musacchio and M. Felegyhazi and J. Walrand

GameNets 2011, 2011, , Shanghai, China, April 16-18.

@conference {
   author = { and and Mark Felegyhazi and },
   title = {Network Regulation and Market Entry},
   booktitle = {GameNets 2011},
   year = {2011},
   address = {, Shanghai, China},
   month = { April 16-18}
}

Abstract

This paper uses a two-sided market model to study if lastmile access providers (ISPs), should charge content providers (CPs), who derive revenue from advertisers, for the right to access ISP’s end-users. We compare two-sided pricing (ISPs could charge CPs for content delivery) with one-sided pricing (neutrality regulations prohibit such charges). Our analysis indicates that number of CPs is lower, and the number of ISPs often higher, with two- rather than one-sided pricing. From our results the superiority of one regime over the other depends on parameters of advertising rates, end-user demand, CPs’ and ISPs’ costs, and relative importance of their investments. Thus, caution should be taken in designing neutrality regulations

On automating the verification of secure ad-hoc network routing protocols

T. V. Thong and L. Buttyán

Springer Telecommunication Systems, accepted for publication, 2011, pp. 1-30, Article ID: 10.1007/s11235-011-9592-3.

The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.

@inproceedings {
   author = {William Lecat and Claude Castelluccia and Gergely Ács},
   title = {Protecting against Physical Resource Monitoring},
   booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

Schönherz - Simonyi Szakkollégium ., December 13, 2011.

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Schönherz - Simonyi Szakkollégium .},
   month = {December 13},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth and L. Buttyán and G. Pék and M. Felegyhazi

Fókuszban a CrySyS Lab. , December 14, 2011.

@misc {
   author = {Boldizsár Bencsáth and Levente Buttyán and Gábor PÉK and Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Fókuszban a CrySyS Lab. },
   month = {December 14},
   year = {2011}
}

Click Trajectories: End-to-End Analysis of the Spam Value Chain

S. Savage and G. M. Voelker and V. Paxson and N. Weaver and A. Pitsillidis and D. McCoy and H. Liu and C. Kreibich and C. Kanich and T. Halvorson and C. Grier and M. Felegyhazi and B. Enright and N. Chachra and K. Levchenko

in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011), IEEE, Oakland, CA, USA, May 22-25, 2011 , pp. 1-16.

@inproceedings {
   author = { and and and and and and and and and and and Mark Felegyhazi and and and },
   title = {Click Trajectories: End-to-End Analysis of the Spam Value Chain},
   booktitle = {in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011)},
   publisher = {IEEE},
   address = {Oakland, CA, USA},
   month = {May 22-25},
   year = { 2011 },
   pages = {1-16}
}

Abstract

Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email— including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

Decision and Game Theory for Security

T. Alpcan and L. Buttyán and J. Baras

vol. LNCS 6442, Springer, 2010.

@book {
   author = {Tansu Alpcan and Levente Buttyán and John Baras},
   title = {Decision and Game Theory for Security},
   volume = {LNCS 6442},
   publisher = {Springer},
   year = {2010}
}

Abstract

Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks

M. Petrocchi and F. Martinelli and L. Dóra and L. Buttyán

Elsevier Computer Communications, vol. 33, April, 2010, pp. 907-922.

@article {
   author = {Marinella PETROCCHI and Fabio MARTINELLI and László DÓRA and Levente Buttyán},
   title = {Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks},
   journal = {Elsevier Computer Communications},
   volume = {33},
   month = {April},
   year = {2010},
   pages = {907-922}
}

Abstract

In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in a multi-operator environment. In this paper, we propose two certificate-based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We assume that the access point is always a constrained device, and we propose different mechanisms for mesh clients with different computational performance. For constrained devices, we propose a mechanism where weak keys are used for digital signatures to decrease the latency of the authentication. The authenticity of the weak keys are provided by short-term certificates issued by the owner of the key. The short-term certificate has the digital signature generated by the owner's long-term key. We prove formally that the use of our weak key mechanism on the mesh client side is as secure as the use of some stronger keys. We perform a detailed performance evaluation on our proof-of-concept implementation, and we also compare our solution to the current standard methods.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

L. Buttyán and T. V. Thong

Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC), IFIP, Budapest, Hungary, October 18-20, 2010, pp. 1-6.

@inproceedings {
   author = {Levente Buttyán and Ta Vinh Thong},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   booktitle = {Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC)},
   publisher = {IFIP},
   address = {Budapest, Hungary},
   month = {October 18-20},
   year = {2010},
   pages = {1-6}
}

Optimal Security Investment with Penetration Testing

R. Böhme and M. Felegyhazi

GameSec 2010, 2010. , Berlin, Germany, Nov 22-23.

@conference {
   author = { and Mark Felegyhazi},
   title = {Optimal Security Investment with Penetration Testing},
   booktitle = {GameSec 2010},
   year = { 2010. },
   address = {Berlin, Germany},
   month = {Nov 22-23}
}

Abstract

Penetration testing, the deliberate search for potential vulnerabilities in a system by using attack techniques, is a relevant tool of information security practitioners. This paper adds penetration testing to the realm of information security investment. Penetration testing is modeled as an information gathering option to reduce uncertainty in a discrete time, nite horizon, player-versus-nature, weakest-link security game. We prove that once started, it is optimal to continue penetration testing until a secure state is reached. Further analysis using a new metric for the return on penetration testing suggests that penetration testing almost always increases the per-dollar eciency of security investment.

2009

Competitive Cyber-Insurance and Internet Security,

N. Shetty and G. Schwartz and M. Felegyhazi and J. Walrand

in Proceedings of WEIS 2009, WEIS 2009, London, England,, June 24-25 , 2009..

@inproceedings {
   author = { and and Mark Felegyhazi and },
   title = {Competitive Cyber-Insurance and Internet Security, },
   booktitle = {in Proceedings of WEIS 2009},
   publisher = {WEIS 2009},
   address = {London, England,},
   month = { June 24-25 },
   year = {2009.}
}

Abstract

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Security of Communication Networks (In Hungarian)

B. Bencsáth and L. Buttyán and I. Vajda

Híradástechnika, vol. LXIV, August, 2009..

@article {
   author = {Boldizsár Bencsáth and Levente Buttyán and István VAJDA},
   title = {Security of Communication Networks (In Hungarian)},
   journal = {Híradástechnika},
   volume = {LXIV},
   month = {August},
   year = {2009.}
}

Abstract

An Authentication Scheme for QoS-aware Multi-operator maintained Wireless Mesh Networks

L. Dóra and L. Buttyán

In Proceedings of the First IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'09), IEEE, Kos, Greece, June 15, 2009.

@inproceedings {
   author = {László DÓRA and Levente Buttyán},
   title = {An Authentication Scheme for QoS-aware Multi-operator maintained Wireless Mesh Networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'09)},
   publisher = {IEEE},
   address = {Kos, Greece},
   month = {June 15},
   year = {2009}
}

Abstract

Consistency verification of stateful firewalls is not harder than the stateless case

L. Buttyán and G. Pék and T. V. Thong

Infocommunications Journal, vol. LXIV, no. 2009/2-3, March, 2009, pp. 1-8.

BME Informatikai Tudományok doktori iskola, November, 2009.

@phdthesis {
   author = {Boldizsár Bencsáth},
   title = {New Approaches to Mitigate Network Denial-of-Service Problems},
   school = {BME Informatikai Tudományok doktori iskola},
   month = {November},
   year = {2009}
}

Abstract

On the security of communication network: now and tomorrow

B. Bencsáth and L. Buttyán and I. Vajda

Infocommunications Journal, vol. LXIV., no. no. 4., 2009, pp. pp. 3-7..

@article {
   author = {Boldizsár Bencsáth and Levente Buttyán and István VAJDA},
   title = {On the security of communication network: now and tomorrow},
   journal = {Infocommunications Journal},
   volume = {LXIV.},
   number = {no. 4.},
   year = {2009},
   pages = {pp. 3-7.}
}

Abstract

Private Cluster Head Election in Wireless Sensor Networks

T. Holczer and L. Buttyán

Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09), IEEE, IEEE, Macau SAR, PRC, October 12 , 2009, pp. 1048-1053.

@inproceedings {
   author = {Tamas Holczer and Levente Buttyán},
   title = {Private Cluster Head Election in Wireless Sensor Networks},
   booktitle = {Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09)},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Macau SAR, PRC},
   month = {October 12 },
   year = {2009},
   pages = {1048-1053}
}

Abstract

Clustering is a useful mechanism in wireless sensor networks that helps to cope with scalability problems and, if combined with in-network data aggregation, may increase the energy efficiency of the network. At the same time, by assigning a special role to the cluster head nodes, clustering makes the network more vulnerable to attacks. In particular, disabling a cluster head by physical destruction or jamming may render the entire cluster inoperable temporarily until the problem is detected and a new cluster head is elected. Hence, the cluster head nodes may be attractive targets of attacks, and one would like to make it difficult for an adversary to identify them. The adversary can try to identify the cluster head nodes in various ways, including the observation of the cluster head election process itself and the analysis of the traffic patterns after the termination of the cluster head election. In this paper, we focus on the former problem, which we call the private cluster head election problem. This problem has been neglected so far, and as a consequence, existing cluster head election protocols leak too much information making the identification of the elected cluster head nodes easy even for a passive external observer. We propose the first private cluster head election protocol for wireless sensor networks that is designed to hide the identity of the elected cluster head nodes from an adversary that can observe the execution of the protocol.

Secure Vehicle Communication (SeVeCom)

D. D. Cock and P. Ardelean and N. Asaj and S. Cosenza and M. Müter and A. Held and B. Wiedersheim and P. Papadimitratos and F. Kargl and T. Holczer

Demonstration. Mobisys, June, 2009.

@misc {
   author = {Danny De Cock and Petra Ardelean and Naim Asaj and Stefano Cosenza and Michael Müter and Albert Held and Björn Wiedersheim and Panagiotis Papadimitratos and Frank Kargl and Tamas Holczer},
   title = {Secure Vehicle Communication (SeVeCom)},
   howpublished = {Demonstration. Mobisys},
   month = {June},
   year = {2009}
}

Keywords

vehicular ad hoc network, security, privacy

L. Buttyán and J. P. Hubaux

Cambridge University Press, 2008.

@book {
   author = {Levente Buttyán and Jean-Pierre Hubaux},
   title = {Security and Cooperation in Wireless Networks},
   publisher = {Cambridge University Press},
   year = {2008}
}

Abstract

Security API analysis with the spi-calculus

L. Buttyán and T. V. Thong

Hiradástechnika, vol. LXIII, January, 2008, pp. 16-21.

@article {
   author = {Levente Buttyán and Ta Vinh Thong},
   title = {Security API analysis with the spi-calculus},
   journal = {Hiradástechnika},
   volume = {LXIII},
   month = {January},
   year = {2008},
   pages = {16-21}
}

Keywords

Security API, Spi-calculus, Verification

Abstract

API level vulnerabilities of hardware security modules represent a serious threat, thus, discovering and patching security holes in APIs are important. In this paper, we argue and illustrate that the application of formal verification methods is a promising approach for API analysis. In particular, we propose an API verification method based on process algebra. The proposed method seems to be extremely wellsuited for API analysis as it allows for the straightforward modelling of the API, the precise definition of the security requirements, and the rigorous verification of the security properties offered by the API.

2007

An User Authentication Scheme for Fast Handover Between WiFi Access Points

A. Bohák and L. Buttyán and L. Dóra

In Proceedings of the Third Annual International Wireless Internet Conference, ACM, Austin, Texas, USA, October 22-23, 2007, pp. 1-6, (invited paper).

@inproceedings {
   author = {András BOHÁK and Levente Buttyán and László DÓRA},
   title = {An User Authentication Scheme for Fast Handover Between WiFi Access Points},
   booktitle = {In Proceedings of the Third Annual International Wireless Internet Conference},
   publisher = {ACM},
   address = {Austin, Texas, USA},
   month = {October 22-23},
   year = {2007},
   pages = {1-6},
   note = {(invited paper)}
}

Abstract

In this paper, we propose an authentication scheme that is designed to reduce the authentication delay during a WiFi handover process. We observe that the largest part of the delay is due to the remote communications between the access point and the AAA server that authorizes the access to the network. In order to eliminate remote communications, our scheme uses pre-authorization, and it pre-distributes authentication information to the access points that are the potential targets of a future handover. This ensures that only local communications (between the mobile station and the access point) take place during the handover itself. We describe the design of our scheme, as well as report on a proof-of-concept implementation. Our validation results show that our scheme breaks the dependency of the authentication delay on the round-trip time between the access point and the AAA server. This makes our scheme applicable in real time applications such as telephony and video streaming for WiFi users.

Architecture for Secure and Private Vehicular Communications

P. Papadimitratos and L. Buttyán and J. P. Hubaux and F. Kargl and A. Kung and M. Raya

Proceedings of the International Conference on ITS Telecommunications (ITST), -, Sophia Antipolis, France, June 6-8, , 2007, pp. 1-6.

@inproceedings {
   author = {Panagiotis Papadimitratos and Levente Buttyán and Jean-Pierre Hubaux and Frank Kargl and Antonio Kung and Maxim Raya},
   title = {Architecture for Secure and Private Vehicular Communications},
   booktitle = {Proceedings of the International Conference on ITS Telecommunications (ITST)},
   publisher = {-},
   address = {Sophia Antipolis, France},
   month = {June 6-8, },
   year = {2007},
   pages = {1-6}
}

Abstract

The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities and cryptographic keys, the security of communications, and the integration of privacy enhancing technologies. Our design approach aims at a system that relies on well-understood components which can be upgraded to provide enhanced security and privacy protection in the future. This effort is undertaken by SeVeCom (http://www.sevecom.org), a transversal project providing security and privacy enhancing mechanisms compatible with the VC technologies currently under development by all EU funded projects.

Barter-based cooperation in delay-tolerant personal wireless networks

L. Buttyán and L. Dóra and M. Felegyhazi and I. Vajda

In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications, IEEE Computer Society Press, Helsinki, Finland, June 18 , 2007, pp. 1-6.

@inproceedings {
   author = {Levente Buttyán and László DÓRA and Mark Felegyhazi and István VAJDA},
   title = {Barter-based cooperation in delay-tolerant personal wireless networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications},
   publisher = {IEEE Computer Society Press},
   address = {Helsinki, Finland},
   month = {June 18 },
   year = {2007},
   pages = {1-6}
}

Abstract

In this paper, we consider the application of delay-tolerant networks to personal wireless communications. In these networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. In addition, the results show that the individually most beneficial behavior leads to the social optimum of the system.

Biztonsági API analízis a spi-kalkulussal

L. Buttyán and T. V. Thong

Hiradástechnika, vol. LXII/8, August, 2007, pp. 43-49.

@article {
   author = {Levente Buttyán and Ta Vinh Thong},
   title = {Biztonsági API analízis a spi-kalkulussal},
   journal = {Hiradástechnika},
   volume = {LXII/8},
   month = {August},
   year = {2007},
   pages = {43-49}
}

Keywords

Biztonsági API, Formális ellenõrzés, Spi-kalkulus

Abstract

Az API szintû támadások komoly veszélyt jelentenek a hardver biztonsági modulokra nézve, ezért fontos követelmény az API-ban rejlõ biztonsági lyukak felfedezése és foltozása. Az API analízis egyik igéretes iránya a formális verifikációs módszerek alkalmazása. Cikkünkben ezt az irányt követjük, s egy processz-algebra alapú API verifikációs módszert javaslunk, mely különösen alkalmasnak látszik a biztonsági API-k mûködésének formális leírására, a biztonsági követelmények precíz definiálására, és a megfogalmazott követelmények teljesítésének ellenõrzésére. Munkánk motiválása céljából ismertetünk nénány konkrét API szintû támadást is egy a gyakorlatban elterjedten használt hardver biztonsági modul ellen. Bevezetés

CORA: Correlation-based Resilient Aggregation in Sensor Networks

P. Schaffer and I. Vajda

In Proceedings of the 10th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), ACM Press, Chania, Crete, Greece, October 22 - 26, 2007.

@inproceedings {
   author = {Peter Schaffer and István VAJDA},
   title = {CORA: Correlation-based Resilient Aggregation in Sensor Networks},
   booktitle = {In Proceedings of the 10th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)},
   publisher = {ACM Press},
   address = {Chania, Crete, Greece},
   month = {October 22 - 26},
   year = {2007}
}

Abstract

In this paper we consider the problem of resilient data aggregation, namely, when aggregation has to be performed on a compromised sample. We present a statistical framework that is designed to mitigate the effects of an attacker who is able to alter the values of the measured parameters of the environment around some of the sensor nodes. Our proposed framework takes advantage of the naturally existing correlation between the sample elements, which is very rarely considered in other sensor network related papers. The algorithms presented are to be applied without assumption on the sensor network’s sampling distribution or on the behaviour of the attacker. The effectiveness of the algorithms is formally evaluated.

Efficient Directory Harvest Attacks and Countermeasures

B. Bencsáth and I. Vajda

International Journal of Network Security, vol. 5, no. 3, 2007, pp. 264-273.

@article {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Efficient Directory Harvest Attacks and Countermeasures},
   journal = {International Journal of Network Security},
   volume = {5},
   number = {3},
   year = {2007},
   pages = {264-273}
}

Abstract

Empirical Analysis of Denial of Service Attack Against SMTP Servers

B. Bencsáth and M. A. Rónai

Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems, IEEE, Orlando, Florida, USA, May 21-25 , 2007, pp. 72-79.

@inproceedings {
   author = {Boldizsár Bencsáth and Miklós Aurél RÓNAI},
   title = {Empirical Analysis of Denial of Service Attack Against SMTP Servers},
   booktitle = {Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE},
   address = {Orlando, Florida, USA},
   month = {May 21-25 },
   year = {2007},
   pages = {72-79}
}

The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks

I. Vajda and L. Buttyán and G. Ács

October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.

@inproceedings {
   author = {István VAJDA and Levente Buttyán and Gergely Ács},
   title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
   editor = {October 8-11},
   booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
   organization = {IEEE Press},
   address = {Pisa, Italy},
   year = {2007}
}

Abstract

In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.

2006

A taxonomy of routing protocols for wireless sensor networks

L. Buttyán and G. Ács

Híradástechnika, December, 2006.

@article {
   author = {Levente Buttyán and Gergely Ács},
   title = {A taxonomy of routing protocols for wireless sensor networks},
   journal = {Híradástechnika},
   month = {December},
   year = {2006}
}

Abstract

Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.

How to accept an electronic signature?

I. Zs. Berta

Híradástechnika, 2006, vol. LXI, 2006, in Hungarian.

@article {
   author = {István Zsolt BERTA},
   title = {How to accept an electronic signature?},
   journal = {Híradástechnika, 2006, vol. LXI},
   year = {2006},
   note = {in Hungarian}
}

Abstract

The mathematical principles of electronic signatures have been known for several decades. Since then, electronic signatures have been incorporated into the Hungarian legal system: they have become legally equivalent with handwritten ones. Although we can now rely on both their mathematical and on their legal foundations, this technology has began to spread but in the last few years. The practical application of this new technology highlighted certain problems. Many of these also appear in case of handwritten signatures, but have lesser significance in that case.

Az elektronikus aláírás elméleti alapjai régóta ismertek. E matematikai, kriptográfiai szempontból bevált technológia már a hazai jogrendszerbe is beépült, és ezzel az elektronikus aláírás a kézzel írott aláírással egyenértékûvé vált. Az elektronikus aláírás használatához mind a matematikai, mind a jogi alapok rendelkezésre állnak, de e technológia mégis csak az elmúlt években kezdett elterjedni hazánkban. A gyakorlati alkalmazás során számos probléma merült fel ezen új technológiával kapcsolatban. Ezek nagy része megjelenik a kézzel írott aláírások esetében is, de e problémák ott sokkal kisebb jelentõséggel bírnak.

Internet Denial of Service attacks in game theoretical model (in hungarian)

B. Bencsáth and I. Vajda

Alkalmazott Matematikai Lapok 23, 2006, pp. 335-348..

Híradástechnika, vol. LXI, 05, 2006, pp. pp. 2-9.

@article {
   author = {Géza Szabó and Boldizsár Bencsáth},
   title = {Protection against DHA attack with central filtering (in hungarian)},
   journal = {Híradástechnika},
   volume = {LXI},
   month = {05},
   year = {2006},
   pages = {pp. 2-9}
}

Abstract

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

I. Vajda and L. Buttyán and G. Ács

IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.

@article {
   author = {István VAJDA and Levente Buttyán and Gergely Ács},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {5},
   number = {11},
   year = {2006}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.

Providing Location Privacy in Automated Fare Collection Systems

I. Vajda and T. Holczer and L. Buttyán

In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece, June, 2006.

@inproceedings {
   author = {István VAJDA and Tamas Holczer and Levente Buttyán},
   title = {Providing Location Privacy in Automated Fare Collection Systems},
   booktitle = {In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece},
   month = {June},
   year = {2006}
}

Jelen cikkben ismeretterjesztõ jellegû áttekintést adunk a WiFi biztonsághoz kapcsolódó szabványokról, a WEP-rõl és a 802.11i-rõl.

2005

A framework for the revocation of unintended digital signatures initiated by malicious terminals

I. Zs. Berta and L. Buttyán and I. Vajda

@inproceedings {
   author = {Mark Felegyhazi and and Levente Buttyán},
   title = {Cooperative Packet Forwarding in Multi-Domain Sensor Networks},
   booktitle = {Proceedings of the First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005)},
   month = {March},
   year = {2005}
}

Abstract

Efficient Directory Harvest Attacks

B. Bencsáth and I. Vajda

William McQuay and Waleed W. Smari, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, IEEE, IEEE Computer Society, July, 2005, pp. 62- 68.

@inproceedings {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Efficient Directory Harvest Attacks},
   editor = {William McQuay and Waleed W. Smari},
   booktitle = {Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE, IEEE Computer Society},
   month = {July},
   year = {2005},
   pages = {62- 68}
}

Keywords

DHA, SPAM, e-mail attack, DoS

Abstract

In this paper the E-mail Directory Harvest Attacks (DHA) are investigated. We elaborated a method for optimizing the wordlist size used by the attacker in a resource limited environment. We analyzed the results and proved that our method is optimal. We also present an efficient countermeasure against DHA.

Mitigating the attacks of malicious terminals

I. Zs. Berta

BME, 2005.

@phdthesis {
   author = {István Zsolt BERTA},
   title = {Mitigating the attacks of malicious terminals},
   school = {BME},
   year = {2005}
}

Abstract

Smart cards, having no user interface, are unable to communicate with the user directly. Communication is only possible with the aid of a terminal, which leads to several security problems. For example, if the terminal is untrusted (which is a very typical scenario), it may perform a man-in-the middle attack. I have created a formal model for dealing with untrusted terminals, and developed mathematical proofs on the limitations of a user in an untrusted terminal environment. Unfortunately, these limitations are too severe, so the attacks of malicious terminals cannot be fully eliminated. Thus, I elaborated solutions to mitigate the problem: I have developed a protocol that takes advantage of the biometric abilities of the user and thus allows sending authentic messages from untrusted terminals. I have also developed a framework for the user to review signatures made in untrusted environment, and to revoke unintended signatures.

Mobility Helps Peer-to-Peer Security

S. Capkun and J. P. Hubaux and L. Buttyán

IEEE Transactions on Mobile Computing, to appear, 2005.

@article {
   author = { and and Levente Buttyán},
   title = {Mobility Helps Peer-to-Peer Security},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks

M. Felegyhazi and J. P. Hubaux and L. Buttyán

IEEE Transactions on Mobile Computing, to appear, 2005.

@article {
   author = {Mark Felegyhazi and and Levente Buttyán},
   title = {Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Node Cooperation in Hybrid Ad hoc Networks

N. B. Salem and L. Buttyán and J. P. Hubaux and M. Jakobsson

IEEE Transactions on Mobile Computing, to appear, 2005.

@article {
   author = {N. Ben Salem and Levente Buttyán and and Markus Jakobsson},
   title = {Node Cooperation in Hybrid Ad hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

Possible protection methods against DHA attacks by the attackers recognition and centralized ban (in hungarian)

Géza Szabó and Gábor Szabó

Networkshop 2005 Konferencia, 2005.

@inproceedings {
   author = {Géza Szabó and Gábor Szabó},
   title = {Possible protection methods against DHA attacks by the attackers recognition and centralized ban (in hungarian)},
   booktitle = {Networkshop 2005 Konferencia},
   year = {2005}
}

Abstract

Introduction: In result of growing number of uninvited mails,viruses spreading in mails and other malwares people tend to think it twice who they give their e-mails to. They have another think whether they should take the risk to use their e-mail on an online forum, or even to leave it on their own web page or calling card. Cause of the reasons above, the users usually keep an other one-time e-mail address, often at some free service provider, which in case of flooding of uninvited mails, it can be leaved to its own devices. The root of the problem in DHA is in the SMTP protocoll itself: the e-mail servers, if they got the mail to a proper address, would not respond, simply accept it. If the server got a mail to a non-existent address, then it would give a response either immediately or later whether the post office box exists or not. This process gives information about the e-mail addresses which are upkept by the server. The attackers use this information, sending huge amount of messages to the email server. The addresses from which do not arrive response (so the server accepts the e-mail without negative signal) are gathered to a list. These addresses should belong to valid user accounts, so it is worthy to send uninvited mails to it. Beside of getting out of our address, the other problem may the DoS like attack of the mail server. For the sake of gathering the e-mails, the attacker (or even more than one) sends huge amount of misaddressed e-mails, which can result in the overloading of computing and network capacity of the server. There are two main types of DHA attack: the first one is a “brute force” like method, when all the possible character combinations are tried out as e-mail address; the second, a much more sophisticated: typical occurent e-mail addresses are generated from first, second, and nick names, offten occurent words, and well-known e-mail IDs. One way of the protection against DHA attacks can be the simply complicated-choosen e-mail addresses. Although our collegues may be hardly able to remember it, and the other side of the coin is that this method can do nothing against brute force like attacks. Other solution can be if we configure the server to accept every e-mails and do not feedback to anyone, and so the misaddressed e-mails are simply ignored. This solution has several backdraws: the mail senders does not know that an address does not exist, so the server may be flooded by uninvited mails. It is also important, that even the legitim user is not informed about misaddressed e-mails. So because of all of these reasons, the ban of feedback is not suggested. The most applicable would be the refinement of SMTP protocoll, but what can we do by the time this not happens? Our suggested solution: We suggest a system built up by components, which infiltrates besides our current system and halts these types of attacks. This system consists of a syslog analyzator, a spam detector, and a virus searching portion. The results are summerised in a centralized registration list, so we keep the list of those computers which are involved in the DHA attack. With the help of the centralized registration list, all member of the system using our components gain information even from each others problems, so the attacker can be banned not only from one place but it can not do any harm for the others as well. The syslog analyzing system looks up in the e-mail server notifications that where the misadressed emails are coming from (which IP address), and makes a detailed report to the central database. In favour of the low number of misaddressed mails, we introduce a method that the discrete missaddressed e-mails can be divided from the real attackers. Our system can be connected to spam-recognizing softwares. The solution makes it possible to save resources by not analysing the e-mails coming from known DHA attacking servers with other resourceintensive content filtering methods but we ban them. Our system even raises these softwares efficiency combined with them.

Provable Security for Ad Hoc Routing Protocols

G. Ács and L. Buttyán and I. Vajda

Híradástechnika, June, 2005.

Chapter 53, in IT Security Handbook, edited by Hossein Bidgoli, John Wiley and Sons, 2005, (to appear).

@inbook {
   author = {István Zsolt BERTA and Levente Buttyán and István VAJDA},
   title = {Standards for Product Security Assessment},
   chapter = {Chapter 53},
   publisher = {in IT Security Handbook, edited by Hossein Bidgoli, John Wiley and Sons},
   year = {2005},
   note = {(to appear)}
}

Abstract

Statistical Wormhole Detection in Sensor Networks

L. Dóra and L. Buttyán and I. Vajda

Refik Molva, Gene Tsudik, Dirk Westhoff, Lecture Notes in Computer Science, Springer-Verlag GmbH, 2005, pp. Volume 3813/ 2005, pp. 128 - 141, Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005.

@inproceedings {
   author = {László DÓRA and Levente Buttyán and István VAJDA},
   title = {Statistical Wormhole Detection in Sensor Networks},
   editor = {Refik Molva, Gene Tsudik, Dirk Westhoff},
   booktitle = {Lecture Notes in Computer Science},
   publisher = {Springer-Verlag GmbH},
   year = {2005},
   pages = {Volume 3813/ 2005, pp. 128 - 141},
   note = {Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005}
}

Keywords

Sensor network, wormhole detection, chi-square

Abstract

n this paper, we propose two mechanisms for wormhole detection in wireless sensor networks. The proposed mechanisms are based on hypothesis testing and they provide probabilistic results. The first mechanism, called the Neighbor Number Test (NNT), detects the increase in the number of the neighbors of the sensors, which is due to the new links created by the wormhole in the network. The second mechanism, called the All Distances Test (ADT), detects the decrease of the lengths of the shortest paths between all pairs of sensors, which is due to the shortcut links created by the wormhole in the network. Both mechanisms assume that the sensors send their neighbor list to the base station, and it is the base station that runs the algorithms on the network graph that is reconstructed from the received neighborhood information. We describe these mechanisms and investigate their performance by means of simulation.

The applied Spam-filtering methods and the Sender ID in Hungary (in hungarian)

Gábor Szabó and Géza Szabó

Proceedings of Networkshop 2005 conference, 2005.

@inproceedings {
   author = {Gábor Szabó and Géza Szabó},
   title = {The applied Spam-filtering methods and the Sender ID in Hungary (in hungarian)},
   booktitle = {Proceedings of Networkshop 2005 conference},
   year = {2005}
}

Abstract

Nowadays we could hear a lot of advantages and disadvantages of Microsoft’s Sender ID Framework. This industrial standard combines the Microsoft’s Caller ID for E-mail, the Sender Policy Framework and the Submitter Optimisation specification. Instead of describing the specification or the problems of the method, I want to make an overview of the incidence of Sender ID and the other methods in Hungary. Analysing the Hungarian position of Sender ID and making a comparison to the related specifications (Sender Policy Framework, SpamAssassin, etc.) I want to come to a conclusion whether the Sender ID could be viable in Hungary.

HUNEID - Hungarian Electronic ID smart card specifications

I. Zs. Berta and I. Vajda and L. Buttyán and B. Bencsáth and T. Veiland

Ministry of Informatics and Telecommunications (www.ihm.hu), 2004.

@techreport {
   author = {István Zsolt BERTA and István VAJDA and Levente Buttyán and Boldizsár Bencsáth and Tamás Veiland},
   title = {HUNEID - Hungarian Electronic ID smart card specifications},
   institution = {Ministry of Informatics and Telecommunications (www.ihm.hu)},
   year = {2004}
}

Abstract

Incentives for Cooperation in Multi-hop Wireless Networks

L. Buttyán and T. Holczer and P. Schaffer

Híradástechnika, vol. LIX, no. 3, March, 2004, pp. 30--34, (in Hungarian).

@article {
   author = {Levente Buttyán and Tamas Holczer and Peter Schaffer},
   title = {Incentives for Cooperation in Multi-hop Wireless Networks},
   journal = {Híradástechnika},
   volume = {LIX},
   number = {3},
   month = {March},
   year = {2004},
   pages = {30--34},
   note = {(in Hungarian)}
}

Abstract

Cikkünkben bevezetjük a kooperációra való ösztönzés problémáját, ami tipikus problémaként jelentkezik a többugrásos vezetéknélküli hálózatokban. Röviden áttekintjük a nem-kooperatív viselkedési fajtákat, és a kooperációra ösztönzõ mechanizmusok típusait. Végül összefoglaljuk két általunk javasolt ösztönzõ mechanizmus fõbb elemeit, ötleteit.

Kriptográfia és alkalmazásai

L. Buttyán and I. Vajda

Typotex Kiadó, 2004, Budapest, 445p.

@book {
   author = {Levente Buttyán and István VAJDA},
   title = {Kriptográfia és alkalmazásai},
   publisher = {Typotex Kiadó},
   year = {2004},
   note = {Budapest, 445p}
}

Abstract

Limitations of humans when using malicious terminals

I. Zs. Berta and I. Vajda

Tatra Mountains Mathematical Publications, vol. 29, 2004, pp. 1-16.

@article {
   author = {István Zsolt BERTA and István VAJDA},
   title = {Limitations of humans when using malicious terminals},
   journal = {Tatra Mountains Mathematical Publications},
   volume = {29},
   year = {2004},
   pages = {1-16}
}

Abstract

Limitations of humans when using malicious terminals

István Zsolt BERTA, István VAJDA

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal a potential attacker.

According to our model, the user is able to encrypt or authenticate messages with very small degree of security, so these messages can be broken by the terminal with significant probability. Since the cryptographic abilities of the user are more than limited, and no solution is known for the problem, our assumption seems to be realistic.

In this model, we prove, that if the user lacks the ability to encrypt (and decrypt) messages in one step, the remote partner is unable to help the user in constructing a secret channel. We also present our conjecture, that the case is similar in case of authenticity: If the user is unable to calculate a MAC that cannot be broken by the terminal with high probability, then the remote partner is unable to help the user in constructing an authenticated channel.

Mitigating the Untrusted Terminal Problem Using Conditional Signatures

I. Zs. Berta and L. Buttyán and I. Vajda

Proceedings of International Conference on Information Technology ITCC 2004, IEEE, Las Vegas, NV, USA, April, 2004.

@inproceedings {
   author = {István Zsolt BERTA and Levente Buttyán and István VAJDA},
   title = {Mitigating the Untrusted Terminal Problem Using Conditional Signatures},
   booktitle = {Proceedings of International Conference on Information Technology ITCC 2004},
   publisher = {IEEE},
   address = { Las Vegas, NV, USA},
   month = {April},
   year = {2004}
}

Abstract

We study the problem of how a user at an untrusted terminal can generate digital signatures with the help of a smart card. This problem may arise in many practical applications; an example would be a user generating an electronic check at a merchant's terminal in a shop. The danger is that after receiving the PIN code of the card from the user, the terminal can obtain a signature from the card on an arbitrarily chosen document, that is different from the one displayed on the screen and confirmed by the user. We propose a solution to this problem which is based on a new concept called conditional signature. This leads to a new paradigm where digital signatures are not considered as non-repudiable proofs, at least until a short deadline.

Modelling Location Reveal Attacks in Mobile Systems

L. Zombik and L. Buttyán

Periodica Polytechnica, vol. 48, no. 1-2, 2004, pp. 85-100.

@article {
   author = {Laszlo Zombik and Levente Buttyán},
   title = {Modelling Location Reveal Attacks in Mobile Systems},
   journal = { Periodica Polytechnica},
   volume = {48},
   number = {1-2},
   year = {2004},
   pages = {85-100}
}

Abstract

Privacy Protecting Protocols for Revokable Digital Signatures

I. Zs. Berta and L. Buttyán and I. Vajda

@inproceedings {
   author = {István Zsolt BERTA and Boldizsár Bencsáth},
   title = {Sending authentic messages from malicious terminals},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the user’s messages. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal. This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. In the first part of our lecture, we review various solutions and protocols from literature that can aid the user in an untrusted terminal environment. In the second part of the lecture, we propose a solution, that can be implemented with smart cards that exist today, and does not need the user to perform cryptographic operations. Although the smart card cannot decide if the message came from the user or from a malicious software running on the terminal, but can still aid the user in authenticating the message. This is possible if the user sends a so-called biometric message. A biometric message could be a video or voice message. Such a message is very hard to manipulate, it may even require human interaction. In order to prevent the attack, the smart card should ensure, that the attacker has no possibility, no time to perform such a complicated attack. The smart card can be used as a secure time that can guarantee that the message was sent in a certain time frame. This way, the time the attacker has to manipulate the message can be severely limited so even simple algorithmic authenticators can provide strong security.

The problems and connections of network virus protection and the protection against denial of service attacks

B. Bencsáth

Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004.

@inproceedings {
   author = {Boldizsár Bencsáth},
   title = {The problems and connections of network virus protection and the protection against denial of service attacks},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Keywords

virus, denial of service attack, e-mail

Abstract

First I will provide some introduction into the problems and solutions in both the network virus protection and the protection against Distributed Denial of Service (DDoS). I will show the usual and most workable methods in the area of virus protection: client-side virus protection, mail server / relay server protection (with the priority of open source tools) (e.g. linux, amavis, mailscanner, clamav, unix virus scanners, „mail gateway” protection software), content-filtering tools (filtering web traffic), extended file access control systems (RSBAC malware scan module). I will also introduce the problem area of DDoS protection: Different types of DDoS attacks (protocol fault („magic packet”), network bandwidth overflow, server resource consumption). I will also show the most usable techniques for the protection (error correction, firewalls, anomaly detection (SYN flood protection etc.), protection based on network analysis) and will provide some data about the recent major attacks (Ebay, SCO, anti-spam rbl providers, zombie networks). After the introduction I will show the possible DDoS problems of the network virus protection: The resource consumption of the virus protection, the possibility of flooding, the dangers of virus reports and e-mail alerts. After defining the problems I’ll show our proposed solutions: A virus protection system combined with the technique of network analysis to protect the system against DoS attacks. The incoming mails will be examined by the network analysis engine and therefore it makes possible to filter out DDoS attacks against the virus protection system. Our proposed solution might be useful against unknown (not detectable) viruses and in the area early epidemic protection. To support our method I’ll show the details of the structure of our pilot implementation.

Towards Provable Security for Ad Hoc Routing Protocols

L. Buttyán and I. Vajda

Proceedings of the 2nd ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2004), ACM, October, 2004.

@inproceedings {
   author = {Levente Buttyán and István VAJDA},
   title = {Towards Provable Security for Ad Hoc Routing Protocols},
   booktitle = {Proceedings of the 2nd ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2004)},
   publisher = {ACM},
   month = {October},
   year = {2004}
}

Abstract

Trap E-mail Address for Combating E-mail Viruses

I. Vajda and B. Bencsáth

Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks, University of Split, October, 2004, pp. 220-224.

@inproceedings {
   author = {István VAJDA and Boldizsár Bencsáth},
   title = {Trap E-mail Address for Combating E-mail Viruses},
   booktitle = {Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks},
   publisher = {University of Split},
   month = {October},
   year = {2004},
   pages = {220-224}
}

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed for communication. Cryptographic algorithms running on the terminal may provide authent icity for the user's messages.

In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal a potential attacker.

Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. However, the ir lack of user interface enables man-in-the middle attack from the terminal.

The authors assume, that user is a human being with limited memory and computational power, and also makes mis takes in his calculations. They demnostrate, that only exceptional useres are able to authenticate messages without a trusted device.

Several biometric media encapsulate the content of the message and the identity of the sender, such as speech, video and handwriting. The authors suggest, that such media is far more difficult to counterfeit than plaintext. Thus, the user must rely on his other resources, like biometric ones.

In the protocol proposed by the authors, the user sends messages in a biometric format, strengthened by simple algorithmic authenticators. The smart card functions as a secure time gate ensuring, that the attacker has extremely little time to counterfeit both the biometric and the algorithmic protection on the message.

The authors claim, that with the proper calibration of the biometric method and the time gate of the smart card, their protocol is strong enough for practical use.

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case

M. Felegyhazi and L. Buttyán and J. P. Hubaux

8th International Conference on Personal Wireless Communications (PWC 2003), September, 2003.

@inproceedings {
   author = {Mark Felegyhazi and Levente Buttyán and },
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case},
   booktitle = {8th International Conference on Personal Wireless Communications (PWC 2003)},
   month = {September},
   year = {2003}
}

Abstract

In multi-hop wireless networks, every node is expected to forward packets for the benefit of other nodes. Yet, if each node is its own authority, then it may selfishly deny packet forwarding in order to save its own resources. Some researchers have proposed to introduce an incentive mechanism in the network that motivates the nodes to cooperate. In this paper, we address the question of whether such an incentive mechanism is necessary or cooperation between the nodes exists in the absence of it. We define a model in a game theoretic framework and identify the conditions under which cooperative strategies can form an equilibrium. As the problem is somewhat involved, we deliberately restrict ourselves to a static configuration.

From Fault-Tolerance to Security and Back

F. Gaertner and L. Buttyán and K. Kursawe

IEEE Distributed Systems Online, vol. 4, no. 9, 2003.

@article {
   author = {Felix Gaertner and Levente Buttyán and Klaus Kursawe},
   title = {From Fault-Tolerance to Security and Back},
   journal = { IEEE Distributed Systems Online},
   volume = {4},
   number = {9},
   year = {2003}
}

Abstract

Hardware and Software Security I

I. Zs. Berta and I. Berta

Elektrotechnika, vol. 2003/10, 2003, pp. 4.

@article {
   author = {István Zsolt BERTA and István Berta},
   title = {Hardware and Software Security I},
   journal = {Elektrotechnika},
   volume = {2003/10},
   year = {2003},
   pages = {4}
}

Abstract

Hardware and Software Security II

I. Zs. Berta and I. Berta

Elektrotechnika, vol. 2003/11, 2003, pp. 4.

@article {
   author = {István Zsolt BERTA and István Berta},
   title = {Hardware and Software Security II},
   journal = {Elektrotechnika},
   volume = {2003/11},
   year = {2003},
   pages = {4}
}

Abstract

Lightweight Authentication Protocols for Low-Cost RFID Tags

I. Vajda and L. Buttyán

2nd Workshop on Security in Ubiquitous Computing, in conjunction with Ubicomp 2003, October, 2003.

@inproceedings {
   author = {István VAJDA and Levente Buttyán},
   title = {Lightweight Authentication Protocols for Low-Cost RFID Tags},
   booktitle = {2nd Workshop on Security in Ubiquitous Computing, in conjunction with Ubicomp 2003},
   month = {October},
   year = {2003}
}

Abstract

Providing security in low-cost RFID tags is a challenging task because tags are highly resource constrained and cannot support strong cryptography. Special lightweight algorithms and protocols need to be designed that take into account the limitations of the tags. In this paper, we propose a set of extremely lightweight tag authentication protocols. We also provide an analysis of the proposed protocols.

Limitations of users when using malicious terminals

I. Vajda and I. Zs. Berta

Third Central European Conference on Cryptography (Tatracrypt'03), 2003.

@misc {
   author = {István VAJDA and István Zsolt BERTA},
   title = {Limitations of users when using malicious terminals},
   howpublished = {Third Central European Conference on Cryptography (Tatracrypt'03)},
   year = {2003}
}

Abstract

Mobility Helps Security in Ad Hoc Networks

S. Capkun and J. P. Hubaux and L. Buttyán

4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003), June, 2003.

@inproceedings {
   author = { and and Levente Buttyán},
   title = {Mobility Helps Security in Ad Hoc Networks},
   booktitle = {4th ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2003)},
   month = {June},
   year = {2003}
}

Abstract

Contrary to the common belief that mobility makes security more diﬃcult to achieve, we show that node mobility can, in fact, be useful to provide security in ad hoc networks. We propose a technique in which security associations between nodes are established, when they are in the vicinity of each other, by exchanging appropriate cryptographic material. We show that this technique is generic, by explaining its application to fully self-organized ad hoc networks and to ad hoc networks placed under an (oﬀ-line) authority. We also propose an extension of this basic mechanism, in which a security association can be established with the help of a “friend”. We show that our mechanism can work in any network conﬁguration and that the time necessary to set up the security associations is strongly inﬂuenced by several factors, including the size of the deployment area, the mobility patterns, and the number of friends; we provide a detailed investigation of this inﬂuence.

Report on a Working Session on Security in Wireless Ad Hoc Networks

L. Buttyán and J. P. Hubaux

ACM Mobile Computing and Communications Review (MC2R), vol. 7, no. 1, March, 2003.

@article {
   author = {Levente Buttyán and },
   title = {Report on a Working Session on Security in Wireless Ad Hoc Networks},
   journal = {ACM Mobile Computing and Communications Review (MC2R)},
   volume = {7},
   number = {1},
   month = {March},
   year = {2003}
}

Keywords

ad hoc networks, security, authentication, routing, intrusion detection, cooperation

Abstract

SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks

S. Capkun and L. Buttyán and J. P. Hubaux

Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003), ACM, October, 2003.

@inproceedings {
   author = { and Levente Buttyán and },
   title = {SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks},
   booktitle = {Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003)},
   publisher = {ACM},
   month = {October},
   year = {2003}
}

Keywords

ad hoc networks, security, hash chains, hash trees, secure routing, wormhole detection, topology control

Abstract

In this paper we present SECTOR, a set of mechanisms for the secure veriﬁcation of the time of encounters between nodes in multi-hop wireless networks. This information can be used notably to prevent wormhole attacks (without requiring any clock synchronization), to secure routing protocols based on last encounters (with only loose clock synchronization), and to control the topology of the network. SECTOR is based primarily on distance-bounding techniques, on one-way hash chains and on Merkle hash trees. We analyze the communication, computation and storage complexity of the proposed mechanisms and we show that, due to their ef- ﬁciency and simplicity, they are compliant with the limited resources of most mobile devices.

Self-Organized Public-Key Management for Mobile Ad Hoc Networks

S. Capkun and L. Buttyán and J. P. Hubaux

IEEE Transactions on Mobile Computing, vol. 2, no. 1, January-March, 2003.

@article {
   author = { and Levente Buttyán and },
   title = {Self-Organized Public-Key Management for Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {2},
   number = {1},
   month = {January-March},
   year = {2003}
}

Keywords

ad hoc networks, security, key management, PGP

Abstract

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and to node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories are not well-suited for securing ad hoc networks. In this paper, we propose a fully self-organized public-key management system that allows users to generate their publicprivate key pairs, to issue certificates, and to perform authentication regardless of the network partitions and without any centralized services. Furthermore, our approach does not require any trusted authority, not even in the system initialization phase.

Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks

L. Buttyán and J. P. Hubaux

ACM/Kluwer Mobile Networks and Applications, vol. 8, no. 5, October, 2003.

@article {
   author = {Levente Buttyán and },
   title = {Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks},
   journal = {ACM/Kluwer Mobile Networks and Applications},
   volume = {8},
   number = {5},
   month = {October},
   year = {2003}
}

Abstract

2002

A Formal Analysis of Syverson`s Rational Exchange Protocol

L. Buttyán and S. Capkun and J. P. Hubaux

Proceedings of IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June, 2002.

@inproceedings {
   author = {Levente Buttyán and and },
   title = {A Formal Analysis of Syverson`s Rational Exchange Protocol},
   booktitle = {Proceedings of IEEE Computer Security Foundations Workshop},
   address = {Cape Breton, Nova Scotia, Canada},
   month = {June},
   year = {2002}
}

Keywords

rational exchange, game theory, Nash equilibrium

Abstract

In this paper, we provide a formal analysis of a rational exchange protocol proposed by Syverson. A rational exchange protocol guarantees that misbehavior cannot generate benefits, and is therefore discouraged. The analysis is performed using our formal model, which is based on game theory. In this model, rational exchange is defined in terms of a Nash equilibrium.

A game theoretical approach to optimizing of protection against DoS attacks

B. Bencsáth and I. Vajda

presented on the Second Central European Conference on Cryptography (Hajducrypt), Július, 2002, (no proceedings).

@misc {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {A game theoretical approach to optimizing of protection against DoS attacks},
   howpublished = {presented on the Second Central European Conference on Cryptography (Hajducrypt)},
   month = {Július},
   year = {2002},
   note = {(no proceedings)}
}

Abstract

CVE-2002-0399

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399, 2002.

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-2002-0399},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399},
   year = {2002}
}

Abstract

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

Eliminating Man-in-the-Middle attacks of Malicious Terminals

L. Buttyán and I. Zs. Berta and I. Vajda

Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest, 2002.

@misc {
   author = {Levente Buttyán and István Zsolt BERTA and István VAJDA},
   title = {Eliminating Man-in-the-Middle attacks of Malicious Terminals},
   howpublished = {Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest},
   year = {2002}
}

Abstract

Communication with a remote partner is considered over an insecure network, where the user can gain access only to a terminal, which cannot be trusted: an attacker is assumed to be able to fully control the terminal, so the user must consider the terminal as a potential attacker. Surprisingly many terminals belong to this class.

Assuming such an environment the problem of sending authentic messages is considered. Various cryptographic algorithms exist for algorithmic protection, however to run such highly complex algorithms, the user must rely on the computational power of an insecure terminal. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic power, their lack of user interface (i.e. lack of direct access to its input/output channels) enables man-in-the middle attack from the terminal. Therefore involving a smart card cannot eliminate the basic problem, because any protocol between the user and the smart card would rely - once again - on the insecure terminal. It might seem obvious that the user should give all security goals up as hopeless.

We have come to the conclusion that the user is unable to send authentic messages to the card, so in case of untrusted terminals the signature of the card does not prove that the message originates from the user. This is why the authenticity of plaintext messages from insecure terminals cannot be guaranteed.

However the user as a human being has additional resources that can be exploited to increase the security level of the system. The user is an excellent 'biometric device'. Biometric data (e.g. speech, video, handwriting) carry the information content (plaintext) together with the identity of the sender, which is far more difficult to counterfeit than plaintext content. Moreover the human user has limited but trusted algorithmic capabilities too, having some secure memory and computational power.

Apart from encapsulating the identity of the user and the content of the message, biometric messages (or multimedia messages) also have structure. If the structure is violated, the message has obviously been tampered with.

Second Central European Conference on Cryptography (HajduCrypt) 2002, Debrecen, Hungary, 2002.

@misc {
   author = {István Zsolt BERTA and István VAJDA},
   title = {Message Authentication using Smart Card and Biometry},
   howpublished = {Second Central European Conference on Cryptography (HajduCrypt) 2002, Debrecen, Hungary},
   year = {2002}
}

Abstract

Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal.

This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. The authors show various algorithms from literature and history that do solve the problem of authentic messaging from untrusted terminals. Unfortunately, most of these are impractical for commercial use.

The authors highlight that while the human being is a very poor computer, it is an excellent biometric device. Several biometric media encapsulate the content of the message and the identity of the sender, such as speech, video and handwriting. The authors suggest, that such media is far more difficult to counterfeit than plaintext. The authors analyze this additional protection provided by biometry.

In the protocol proposed by the authors, the user sends messages in a biometric format, and strengthens biometry with simple algorithmic authenticators. The smart card functions in this protocol as a secure time gate ensuring, that the attacker has extremely little time to counterfeit both the biometric and the algorithmic protection on the message.

The authors claim, that with the proper calibration of the biometric method and the time gate of the smart card, their protocol is strong enough for practical use.

Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph

L. Buttyán and S. Capkun and J. P. Hubaux

Proceedings of The ACM New Security Paradigms Workshop 2002, Norfolk, Virginia Beach, USA, September, 2002, pp. 8.

@inproceedings {
   author = {Levente Buttyán and and },
   title = {Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph},
   booktitle = {Proceedings of The ACM New Security Paradigms Workshop 2002},
   address = {Norfolk, Virginia Beach, USA},
   month = {September},
   year = {2002},
   pages = {8}
}

Keywords

PGP, small worlds, public-key management, self-organization

Abstract

We propose a new approach to securing self-organized mobile ad hoc networks. In this approach, security is achieved in a fully self-organized manner

The problem of sending authentic messages from insecure terminals

I. Zs. Berta

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, BME, 2002.

@inproceedings {
   author = {István Zsolt BERTA},
   title = {The problem of sending authentic messages from insecure terminals},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {BME},
   year = {2002}
}

Abstract

2001

A Mobile Agent Bidirectional One-to-Many Communications Framework

I. Verók

BME, 2001.

@mastersthesis {
   author = {István VERÓK},
   title = {A Mobile Agent Bidirectional One-to-Many Communications Framework},
   school = {BME},
   year = {2001}
}

Abstract

@inproceedings {
   author = {Boldizsár Bencsáth and István VAJDA},
   title = {Collecting randomness from the net},
   booktitle = {Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security 2001},
   publisher = {Kluwer},
   month = {May},
   year = {2001},
   pages = {105-111}
}

Keywords

generation of random values, tests of randomness, good source of random data, private and authentic communication

Abstract

Random data in their work is collected from network time delay measurements and its quality is checked by statistical tests, and a special enhancement, the system of collector-servers is proposed and analyzed

Cryptographic application of programmable smart cards

I. Zs. Berta and Z. Á. Mann

Proceedings of NetWorkshop'2001, 2001.

@inproceedings {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Cryptographic application of programmable smart cards},
   booktitle = {Proceedings of NetWorkshop'2001},
   year = {2001}
}

Abstract

Efficient Multi-Party Challenge-Response Protocols for Entity Authentication

L. Buttyán and A. Nagy and I. Vajda

Periodica Polytechnica, vol. 45, no. 1, April, 2001, pp. 43-64.

@article {
   author = {Levente Buttyán and and István VAJDA},
   title = {Efficient Multi-Party Challenge-Response Protocols for Entity Authentication},
   journal = {Periodica Polytechnica},
   volume = {45},
   number = {1},
   month = {April},
   year = {2001},
   pages = {43-64}
}

Keywords

challenge-response protocols, protocol graph, entity authentication, reflection attack

Abstract

In this paper, we address the problem of multi-party entity authen- tication. We prove that the lower bound on the number of messages of multi-party challenge-response protocols is 2n-1, where n is the num- ber of the participants of the protocol, and propose two protocols that achieve this lower bound. Our protocols are, thus, eÆcient in the sense that they use the minimum number of messages required to solve the multi-party entity authentication problem based on challenge-response principles.

Method for transmitting payment information between a terminal and a third equipment

L. Buttyán and E. Wiedmer and E. Lauper

May, 2001, International Patent Application.

@misc {
   author = {Levente Buttyán and and },
   title = {Method for transmitting payment information between a terminal and a third equipment},
   month = {May},
   year = {2001},
   note = {International Patent Application}
}

Keywords

electronic payment, smart card, authenticated session key establishment

Abstract

Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks

L. Buttyán and J. P. Hubaux

no. DSC/2001/001, EPFL-DI-ICA, January, 2001.

@techreport {
   author = {Levente Buttyán and },
   title = {Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks},
   number = {DSC/2001/001},
   institution = {EPFL-DI-ICA},
   month = {January},
   year = {2001}
}

Keywords

mobile ad hoc networks, routing, cooperation, service availability

Abstract

In mobile ad hoc networks, it is usually assumed that all the nodes belong to the same authority

On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez

M. Hegedüs

BME, 2001.

@mastersthesis {
   author = {Márton HEGEDÜS},
   title = {On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez},
   school = {BME},
   year = {2001}
}

Abstract

On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez

M. Perényi

BME, 2001.

@mastersthesis {
   author = {Márton PERÉNYI},
   title = {On-line tõzsdei kereskedési adatfeldolgozó rendszer fejlesztése és statisztikai elemzések napon belüli kereskedéshez},
   school = {BME},
   year = {2001}
}

Abstract

Programozható chipkártya biztonsági alkalmazásai

I. Berta

BME, 2001.

@mastersthesis {
   author = {István Berta},
   title = {Programozható chipkártya biztonsági alkalmazásai},
   school = {BME},
   year = {2001}
}

Abstract

Rational Exchange -- A Formal Model Based on Game Theory

L. Buttyán and J. P. Hubaux

Proceedings of 2nd International Workshop on Electronic Commerce (WELCOM 2001), Heidelberg, Germany, November, 2001.

@inproceedings {
   author = {Levente Buttyán and },
   title = {Rational Exchange -- A Formal Model Based on Game Theory},
   booktitle = {Proceedings of 2nd International Workshop on Electronic Commerce (WELCOM 2001)},
   address = {Heidelberg, Germany},
   month = {November},
   year = {2001}
}

Keywords

electronic commerce, rational exchnage, fair exchange, formal model, game theory

Abstract

We introduce game theory as a formal framework in which exchange protocols can be modeled and their properties can be studied. We use this framework to give a formal definition for rational exchange relating it to the concept of Nash equilibrium in games. In addition, we study the relationship between rational exchange and fair exchange. We prove that fair exchange implies rational exchange, but the reverse is not true. The practical consequence of this is that rational exchange protocols may provide interesting solutions to the exchange problem by representing a trade-off between complexity and what they achieve. They could be particularly useful in mobile e-commerce applications.

Security of programmable smart cards

I. Zs. Berta

Budapest University of Technology and Economics, 2001.

@mastersthesis {
   author = {István Zsolt BERTA},
   title = {Security of programmable smart cards},
   school = {Budapest University of Technology and Economics},
   year = {2001}
}

Abstract

Programmable smart cards are small security-oriented microcomputers. Although they have been present in the market for many years now, their exact area of application is still subject to research.

The author gives a detailed background about these cards in this paper. A card is not only discussed by itself, but together with its environment: the terminal, the network resources and the user.

A brief overview of today's programmable cards is given, but focus is laid on the Java Card specification, which is one of the most popular smart card programming environments. Various features of the Java Card are discussed, especially those in connection with security, the main power of smart cards.

security, public-key infrastructure, PKI, self-organization, mobile ad hoc networking

Abstract

So far, research on mobile ad hoc networks has been focused primarily on routing issues. Security, on the other hand, has been given a lower priority. This paper provides an overview of security problems for mobile ad hoc networks, distinguishing the threats on basic mechanisms and on security mechanisms. It then describes our solution to protect the security mechanisms. The original features of this solution include that (i) it is fully decentralized and (ii) all nodes are assigned equivalent roles.

2000

A Decentralized Marketplace Composed of Mobile Intelligent Agents

I. Verók

Scientific student circles (TDK), 2000.

@misc {
   author = {István VERÓK},
   title = {A Decentralized Marketplace Composed of Mobile Intelligent Agents},
   howpublished = {Scientific student circles (TDK)},
   year = {2000}
}

Abstract

A Pessimistic Approach to Trust in Mobile Agent Platforms

U. Wilhelm and S. Staamann and L. Buttyán

IEEE Internet Computing, vol. 4, no. 5, September, 2000, pp. 40-48.

@article {
   author = { and and Levente Buttyán},
   title = {A Pessimistic Approach to Trust in Mobile Agent Platforms},
   journal = {IEEE Internet Computing},
   volume = {4},
   number = {5},
   month = {September},
   year = {2000},
   pages = {40-48}
}

Keywords

Abstract

A Bluetooth hálózat optimalizálására egy forgalommérések alapján müködõ algoritmust terveztünk. Ezzel olyan problémára nyújtottunk megoldást, amelyhez az irodalomban eddig nem volt ismert megoldás. Az algoritmus egyszerü szabályok segítségével - kapcsolat felépítése és bontása illetve master-slave szerepcsere - lokális információk alapján egy elõnyösebb hálózati topológiát hoz létre. Az algoritmus megvalósítására protokollt terveztünk, amely tulajdonságait szimulációs környezetben vizsgáltuk. A Bluetooth technológia vizsgálatára egy ad hoc modult alkottunk meg a PLASMA hálózat szimulátorban. A szimuláció során megmutattuk, hogy a paraméterek beállításától függõen az algoritmus alkalmazkodik a forgalmi viszonyok változásához.

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán and J. P. Hubaux

Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC), Boston, MA, USA, August, 2000.

@inproceedings {
   author = {Levente Buttyán and },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   booktitle = {Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC)},
   address = {Boston, MA, USA},
   month = {August},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode nuggets, beans

Abstract

In this paper, we address the problem of service availability in mobile ad-hoc WANs. We present a secure mechanism to stimulate end users to keep their devices turned on, to refrain from overloading the network, and to thwart tampering aimed at converting the device into a ``selfish`` one. Our solution is based on the application of a tamper resistant security module in each device and cryptographic protection of messages.

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán and J. P. Hubaux

no. DSC/2000/025, EPFL-DI-ICA, May, 2000.

@techreport {
   author = {Levente Buttyán and },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   number = {DSC/2000/025},
   institution = {EPFL-DI-ICA},
   month = {May},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode beans

Abstract

Exact decoding error probability for slow frequency hopping

L. Györfi and Á. Jordán and I. Vajda

European Transactions on Telecommunication, vol. 11, no. 2, March/April, 2000, pp. 183-190.

@article {
   author = { and and István VAJDA},
   title = {Exact decoding error probability for slow frequency hopping},
   journal = {European Transactions on Telecommunication},
   volume = {11},
   number = {2},
   month = {March/April},
   year = {2000},
   pages = {183-190}
}

Abstract

Extensions to an Authentication Technique Proposed for the Global Mobility Network

L. Buttyán and C. Gbaguidi and S. Staamann and U. Wilhelm

IEEE Transactions on Communications, vol. 48, no. 3, March, 2000.

@article {
   author = {Levente Buttyán and and and },
   title = {Extensions to an Authentication Technique Proposed for the Global Mobility Network},
   journal = {IEEE Transactions on Communications},
   volume = {48},
   number = {3},
   month = {March},
   year = {2000}
}

Keywords

authentication protocol, global mobility network

Abstract

We present three attacks against the authentication protocol that has been proposed for the so called global mobility network in \cite{kn:Suz97}. We show that the attacks are feasible and propose corrections that make the protocol more robust and resistant against the presented attacks. Our aim is to highlight some basic design principles for cryptographic protocols, the adherence to which would have prevented these attacks.

Handover Analysis in a Wireless Mobile IP Network

12. Távközlési és Informatikai Hálózatok Szeminárium és Kiállítás, 2000, Sopron, Hungary, October 4-6, in Hungarian.

@conference {
   author = {},
   title = {Handover Analysis in a Wireless Mobile IP Network},
   booktitle = {12. Távközlési és Informatikai Hálózatok Szeminárium és Kiállítás},
   year = {2000},
   address = {Sopron, Hungary},
   month = {October 4-6},
   note = {in Hungarian}
}

Abstract

Cikkünkben egy vezeték nélküli Mobile IP hálózaton mértük a bázisállomás-váltások hatását az alkalmazásokra. Elsösorban arra voltunk kiváncsiak, hogy a mobil számítógép mozgása milyen hatással van a folyamatban levö TCP adatkapcsolatokra. Ennek megállapításához egy kísérleti hálózatban periódikusan mozgatott számítógép adatkapcsolatait figyeltük meg, illetve mértük az elérhetö átviteli sebességet. Három különbözö algoritmust vizsgáltunk, melyek a bázisállomás-váltás döntési szakaszának idejét befolyásolják. Az idözítéses, a mohó és a felszólító algoritmusok egyaránt a bázisállomások által periódikusan kibocsátott beacon üzeneteket használják fel, de különböznek egymástól abban, hogy a mobil számítógép mikor dönt a bázisállomás-váltásról. Méréseinkkel kimutattuk, hogy az alkalmazásokra gyakorolt zavaró hatás az idözítéses algoritmus esetén a legnagyobb, és a felszólító algoritmus esetén a legkisebb. Ezt az eredményt a gyakorlatban a megfelelö algoritmus kiválasztásakor figyelembe kell venni. Megfigyeltük továbbá, hogy a leggyorsabb algoritmus használata esetén már a mobilitást kezelö programok belsö késleltetése is számottevö. Ez az észrevételünk felhívja a figyelmet ezen programok optimalizálásának fontosságára.

Home-made methods for enhancing network security (in Hungarian)

B. Bencsáth and S. Tihanyi

Magyar Távközlés, vol. X, no. 4, 2000, pp. 22-27..

@article {
   author = {Boldizsár Bencsáth and Sándor TIHANYI},
   title = {Home-made methods for enhancing network security (in Hungarian)},
   journal = {Magyar Távközlés},
   volume = {X},
   number = {4},
   year = {2000},
   pages = {22-27.}
}

Abstract

Információ- és kódelmélet

L. Györfi and S. Gyõri and I. Vajda

Typotex Kiadó, 2000, 376 p..

@book {
   author = { and Sándor GYÕRI and István VAJDA},
   title = {Információ- és kódelmélet},
   publisher = {Typotex Kiadó},
   year = {2000},
   note = {376 p.}
}

Abstract

Intelligens ügynök az elektronikus kereskedelemban

B. Korossy Khayll

BME, 2000.

@mastersthesis {
   author = {Balázs KOROSSY KHAYLL},
   title = {Intelligens ügynök az elektronikus kereskedelemban},
   school = {BME},
   year = {2000}
}

Abstract

Method for securing communications between a terminal and an additional user equipment

L. Buttyán and E. Wiedmer and E. Lauper

September, 2000, International Patent Application.

@misc {
   author = {Levente Buttyán and and },
   title = {Method for securing communications between a terminal and an additional user equipment},
   month = {September},
   year = {2000},
   note = {International Patent Application}
}

@article {
   author = {Levente Buttyán},
   title = {Removing the financial incentive to cheat in micropayment schemes},
   journal = {IEE Electronics Letters},
   volume = {36},
   number = {2},
   month = {January},
   year = {2000},
   pages = {132-133}
}

Smart Cards - Present and Future

I. Zs. Berta and Z. Á. Mann

Híradástechnika, Journal on C5, 12, 2000.

@article {
   author = {István Zsolt BERTA and Zoltán Ádám Mann},
   title = {Smart Cards - Present and Future},
   journal = {Híradástechnika, Journal on C5},
   month = {12},
   year = {2000}
}

Abstract

Tanulmány a napvilágra került Elender jelszavakról

I. Vajda and B. Bencsáth and A. Bognár

Apr., 2000.

@techreport {
   author = {István VAJDA and Boldizsár Bencsáth and Attila BOGNÁR},
   title = {Tanulmány a napvilágra került Elender jelszavakról},
   month = {Apr.},
   year = {2000}
}

Abstract

http://ebizlab.hit.bme.hu/pub/lrpasswd.html

Toward Mobile Ad-Hoc WANs: Terminodes

J. P. Hubaux and J. Y. Le Boudec and S. Giordano and M. Hamdi and L. Blazevic and L. Buttyán and M. Vojnovic

no. DSC/2000/006, EPFL-DI-ICA, February, 2000.

@techreport {
   author = { and and and and and Levente Buttyán and },
   title = {Toward Mobile Ad-Hoc WANs: Terminodes},
   number = {DSC/2000/006},
   institution = {EPFL-DI-ICA},
   month = {February},
   year = {2000}
}

Keywords

wireless mobile ad-hoc network, wide area network, terminodes, mobility management, virtual home region, geodesic packet forwarding, beans, security

Abstract

Terminodes are personal devices that provide the functions of both the terminals and the nodes of the network. A network of terminodes is an autonomous, fully self-organized, wireless network, independent of any infrastructure. It must be able to scale up to millions of units, without any fixed backbone nor server. In this paper we present the main challenges and discuss the main technical directions.

Traffic Dependent Bluetooth Scatternet Optimization Procedure

M. Felegyhazi and Gy. Miklós

US patent, May, 2000, Nr: 09/666529.

@misc {
   author = {Mark Felegyhazi and György Miklós},
   title = {Traffic Dependent Bluetooth Scatternet Optimization Procedure},
   howpublished = {US patent},
   month = {May},
   year = {2000},
   note = {Nr: 09/666529}
}

Abstract

Virtuális magánhálózatok kiépítése és auditálása

B. Bencsáth

BME, 2000.

Dolgozatunkban egy vezeték nélküli hálózaton mértük a Mobile IP szabvány egyes teljesítményjellemzõit. Elsõsorban arra voltunk kiváncsiak, hogy a handoverek milyen hatással vannak a TCP-t használó alkalmazásokra. Az eredményekbõl azt a következtetést vonhatjuk le, hogy a Mobile IP fõleg a lassú handover vagyis a hordozhatóság kezelésére alkalmas, mert belsõ késleltetései nagyok. Gyakori handoverek esetén a Mobile IP-t használó TCP alkalmazások átviteli sebessége a nagy csomagvesztés miatt rohamosan csökken. A jövõben várható a cellák méretének csökkenése. Átmérõjük egészen néhány tíz méterig lecsökkenhet [HAA98]. Vegyünk egy példát, ahol a cellák 30 méter átmérõjûek és a felhasználó 1 m/s sebességgel halad, közben laptopjával kapcsolódik az Internetre. Ekkor percenként két handover történik. Az átviteli sebesség kétharmadára csökken ahhoz képest, mintha egyhelyben állna, azaz megállapíthatjuk, hogy a Mobile IP-t nem a gyakori handover kezelésére tervezték. Már léteznek javaslatok a szabvány kiegészítésére gyors cellaváltás esetén [RAM99], [MAL99], [MCA99]. A jövõben ezekkel fogunk foglalkozni.

Closed User Groups in Internet Service Centres

L. Buttyán and S. Staamann and A. Coignet and E. Ruggiano and U. Wilhelm and M. Zweiacker

Proceedings of DAIS`99, Helsinki, June, 1999.

@inproceedings {
   author = {Levente Buttyán and and and and and },
   title = {Closed User Groups in Internet Service Centres},
   booktitle = {Proceedings of DAIS`99},
   address = {Helsinki},
   month = {June},
   year = {1999}
}

Keywords

Access Control, Authorisation, Closed Users Groups, Middleware, CORBA, Security

Abstract

The paper presents a model for end-user directed access control to services in Internet service centres that, beside the classical Internet services (e.g., e-mail), offer a multitude of new services (e.g., on-line conferencing and auctioning) over the Internet. The model is based on the concept of closed user groups. The main idea is that at creation time each service instance and its components are assigned to a user group previously formed by a subset of the end-users, and access control is performed for access attempts through checking the group assignment of the accessed resource against the group memberships of the authenticated accessing end-user. Access control is directed by the end-users through the management of group memberships. We describe the concept of closed user groups, the management of group memberships, the enforcement of access control, and the realisation with off-the-shelf software for a middleware based service environment, which is haracterised by the use of CORBA, Java, and WWW technology.

CVE-1999-1496

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496, 1999.

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-1999-1496},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496},
   year = {1999}
}

Abstract

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

Formal methods in the design of cryptographic protocols (state of the art)

L. Buttyán

no. SSC/1999/38, EPFL-DI-ICA, November, 1999.

@techreport {
   author = {Levente Buttyán},
   title = {Formal methods in the design of cryptographic protocols (state of the art)},
   number = {SSC/1999/38},
   institution = {EPFL-DI-ICA},
   month = {November},
   year = {1999}
}

Keywords

cryptographic protocols, formal methods, verification, specification

Abstract

This paper is a state of the art review of the use of formal methods in the design of cryptographic rotocols.

Internetes értékpapír-megbízásokat kezelõ rendszer

D. Labanc

1999.

@mastersthesis {
   author = {Dániel LABANC},
   title = {Internetes értékpapír-megbízásokat kezelõ rendszer},
   year = {1999}
}

Abstract

Hozzáférésvédelem (dinamikus jelszavak segítségével),

Rejtjelezés,

Digitális aláírás,

Kulcsgondozás, kulcsok tárolása és generálása.

A fentiek bemutatására példaalkalmazásokat készítünk a kártyához tartozó Visual Basic alapú fejlesztõkörnyezet segítségével. Beszámolunk azirányú tapasztalatainkról, hogy kis (32 kilobyte EEPROM, 1 kilobyte SRAM) erõforráskészlettel rendelkezõ eszközön mennyiben lehet kihasználni a magas szintû nyelv és programozási környezet által biztosított lehetõségeket. Felmérjük a kártya képességeit, korlátait, s ezen korlátok ismeretében próbáljuk értékelni, hogy a jelen technológia milyen alkalmazásokat tesz lehetõvé, s milyen változások, fejlõdési irányok várhatóak a jövõben.

Problem areas of the security aspects of network operating systems

B. Bencsáth and S. Tihanyi

Scientific student groups (TDK) 1999, 1999.

@misc {
   author = {Boldizsár Bencsáth and Sándor TIHANYI},
   title = {Problem areas of the security aspects of network operating systems},
   howpublished = {Scientific student groups (TDK) 1999},
   year = {1999}
}

Abstract

SmartCardos mobiltelefonokkal megvalósított biztonságos elektronikus fizetõeszköz

I. Kiss

BME, 1999.

@mastersthesis {
   author = {István KISS},
   title = {SmartCardos mobiltelefonokkal megvalósított biztonságos elektronikus fizetõeszköz},
   school = {BME},
   year = {1999}
}

Abstract

Toward a Formal Model of Fair Exchange - a Game Theoretic Approach

L. Buttyán and J. P. Hubaux

no. SSC/1999/39, EPFL-DI-ICA, December, 1999.

@techreport {
   author = {Levente Buttyán and },
   title = {Toward a Formal Model of Fair Exchange - a Game Theoretic Approach},
   number = {SSC/1999/39},
   institution = {EPFL-DI-ICA},
   month = {December},
   year = {1999}
}

Keywords

fair exchane protocol, formal model, game theory, electronic commerce

Abstract

A fair exchange protocol is a protocol, in which two (or more) mutually suspicious parties exchange their digital items in a way that neither party can gain an advantage over the other by misbehaving. Many fair exchange protocols have been proposed in the academic literature, but they provide rather different types of fairness. The formal comparison of these proposals remained difficult, mainly, because of the lack of a common formal framework, in which each can be modelled and formal fairness definitions can be given. In this paper, we propose to use game theory for this purpose. We show how to represent fair exchange protocols with game trees and give three definitions of fairness using standard game theoretic notions. We are not aware of any other work that uses the apparatus of game theory for modelling fair exchange protocols.

1998

@inproceedings {
   author = { and and István VAJDA},
   title = {Analysis of Protocol Sequences for Slow Frequency Hopping},
   booktitle = {Proceedings of the 1998 International Zürich Seminar on Broadband Communication (IEEE Catalog No.98TH8277)},
   year = {1998},
   pages = {237-242}
}

Abstract

CrySTINA: Security in the Telecommunications Information Networking Architecture

S. Staamann and U. Wilhelm and L. Buttyán

no. SSC/98/4, EPFL-DI-ICA, January, 1998.

@techreport {
   author = { and and Levente Buttyán},
   title = {CrySTINA: Security in the Telecommunications Information Networking Architecture},
   number = {SSC/98/4},
   institution = {EPFL-DI-ICA},
   month = {January},
   year = {1998}
}

Keywords

security, CORBA, TINA, DPE, interoperability

Abstract

TINA specifies an open architecture for telecommunication services in the broadband, multimedia, and information era. Its characteristics most relevant for security are a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce the TINA-C architecture, analyse it with regard to security and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.

Internetes telebanki szolgáltatás és a szerver oldali adatbiztonsága

Á. Csernitzky

BME, 1998.

@mastersthesis {
   author = {Ádám Csernitzky},
   title = {Internetes telebanki szolgáltatás és a szerver oldali adatbiztonsága},
   school = {BME},
   year = {1998}
}

Abstract

On the distribution of Hamming correlation of cyclically permutable subsets of RS codes

Á. Jordán and I. Vajda

Proceedings of the II. International Workshop on Optimal Codes'98, Sazopol,Bulgaria, June 9-15, 1998, pp. 144-150.

@inproceedings {
   author = { and István VAJDA},
   title = {On the distribution of Hamming correlation of cyclically permutable subsets of RS codes},
   booktitle = {Proceedings of the II. International Workshop on Optimal Codes'98},
   address = {Sazopol,Bulgaria},
   month = {June 9-15},
   year = {1998},
   pages = {144-150}
}

Abstract

On the Hamming correlation distribution of SFH signature sequence sets

Á. Jordán and I. Vajda

roceedings of the IEEE ISSSTA '98 (IEEE Fifth International Symposium on Spread Sectrum Techniques & Applications), Sun City, South Africa, September 2-4, 1998, pp. 676-680.

@inproceedings {
   author = { and István VAJDA},
   title = {On the Hamming correlation distribution of SFH signature sequence sets},
   booktitle = {roceedings of the IEEE ISSSTA '98 (IEEE Fifth International Symposium on Spread Sectrum Techniques & Applications)},
   address = {Sun City, South Africa},
   month = {September 2-4},
   year = {1998},
   pages = {676-680}
}

Abstract

On the Problem of Trust in Mobile Agent Systems

U. Wilhelm and S. Staamann and L. Buttyán

Proceedings of Internet Society`s Symposium on Network and Distributed System Security, San Diego, CA, USA, March, 1998.

@inproceedings {
   author = { and and Levente Buttyán},
   title = {On the Problem of Trust in Mobile Agent Systems},
   booktitle = {Proceedings of Internet Society`s Symposium on Network and Distributed System Security},
   address = {San Diego, CA, USA},
   month = {March},
   year = {1998}
}

Keywords

trust, mobile agent, tamper proof environment

Abstract

Systems that support mobile agents are increasingly being used on the global Internet. Security concerns dealing with the protection of the execution environment from malicious agents are extensively being tackled. We concentrate on the reverse problem, namely how a mobile agent can be protected from malicious behaviour of the execution environment, which is largely ignored. We will identify the problem of trust as the major issue in this context and describe a trusted and tamper-proof hardware that can be used to divide this problem among several principals, each of which has to be trusted with a special task. We show that the presented approach can be used to mitigate an important problem in the design of open systems.

Protecting the Itinerary of Mobile Agents

U. Wilhelm and S. Staamann and L. Buttyán

Proceedings of ECOOP Workshop on Mobile Object Systems: Secure Internet Mobile Communications, Brussels, Belgium, June, 1998.

@inproceedings {
   author = { and and Levente Buttyán},
   title = {Protecting the Itinerary of Mobile Agents},
   booktitle = {Proceedings of ECOOP Workshop on Mobile Object Systems: Secure Internet Mobile Communications},
   address = {Brussels, Belgium},
   month = {June},
   year = {1998}
}

Keywords

mobile agent protection

Abstract

Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach

S. Staamann and U. Wilhelm and L. Buttyán

no. SSC/98/4, EPFL-DI-ICA, January, 1998.

@techreport {
   author = { and and Levente Buttyán},
   title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
   number = {SSC/98/4},
   institution = {EPFL-DI-ICA},
   month = {January},
   year = {1998}
}

Keywords

security, TINA

Abstract

The article presents the first results of the CrySTINA project. We analyze and structure the security problem domain in the TINA-C architecture and present our approach to provide the necessary security functionality in the form of self-contained application-independent security services and security mechanisms as part of the DPE functionality. The DPE is assumed to be basically provided by CORBA products. Therefore, we introduce the CORBA security specification and investigate if and how the identified TINA security services can be implemented using the CORBA security functionality.

Security in TINA

S. Staamann and U. Wilhelm and L. Buttyán

Proceedings of IFIP-SEC`98, Wienna-Budapest, August, 1998.

@inproceedings {
   author = { and and Levente Buttyán},
   title = {Security in TINA},
   booktitle = {Proceedings of IFIP-SEC`98},
   address = {Wienna-Budapest},
   month = {August},
   year = {1998}
}

S. Staamann and U. Wilhelm and A. Schiper and L. Buttyán and J. P. Hubaux

Proceedings of TINA`97, November, 1997.

@inproceedings {
   author = { and and and Levente Buttyán and },
   title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
   booktitle = {Proceedings of TINA`97},
   month = {November},
   year = {1997}
}

Keywords

security, TINA

Abstract

1996

Data Security Issues of Computer Networks (in Hungarian)

L. Buttyán

Magyar Távközlés, vol. VII., no. 4., April, 1996, pp. 11-19..

I. Vajda

Journal on Communications, vol. XLV, March, 1994, pp. 2-9.

Problems of Control and Information Theory, vol. 9, no. 4, 1979, pp. 287-296.

L. Györfi and Z. Györfi and I. Vajda

Studia Scientiarum Mathematicarum Hungarica, vol. 12, 1977, pp. 233-244.