Escolar Documentos
Profissional Documentos
Cultura Documentos
Security (IJS)
Edited By
Computer Science Journals
www.cscjournals.org
Editor in Chief Dr. Wei Wang
This work is subjected to copyright. All rights are reserved whether the whole or
part of the material is concerned, specifically the rights of translation, reprinting,
re-use of illusions, recitation, broadcasting, reproduction on microfilms or in any
other way, and storage in data banks. Duplication of this publication of parts
thereof is permitted only under the provision of the copyright law 1965, in its
current version, and permission of use must always be obtained from CSC
Publishers. Violations are liable to prosecution under the copyright law.
©IJS Journal
Published in Malaysia
CSC Publishers
Editorial Preface
This is the sixth issue of volume three of The International Journal of Security
(IJS). The Journal is published bi-monthly, with papers being peer reviewed
to high international standards. The International Journal of Security is not
limited to a specific aspect of Security Science but it is devoted to the
publication of high quality papers on all division of computer security in
general. IJS intends to disseminate knowledge in the various disciplines of
the computer security field from theoretical, practical and analytical research
to physical implications and theoretical or quantitative discussion intended
for academic and industrial progress. In order to position IJS as one of the
good journal on Security Science, a group of highly valuable scholars are
serving on the editorial board. The International Editorial Board ensures that
significant developments in computer security from around the world are
reflected in the Journal. Some important topics covers by journal are Access
control and audit, Anonymity and pseudonym, Computer forensics, Denial of
service, Network forensics etc.
The coverage of the journal includes all new theoretical and experimental
findings in the fields of computer security which enhance the knowledge of
scientist, industrials, researchers and all those persons who are coupled with
computer security field. IJS objective is to publish articles that are not only
technically proficient but also contains information and ideas of fresh interest
for International readership. IJS aims to handle submissions courteously and
promptly. IJS objectives are to promote and extend the use of all methods in
the principal disciplines of computer security.
IJS editors understand that how much it is important for authors and
researchers to have their work published with a minimum delay after
submission of their papers. They also strongly believe that the direct
communication between the editors and authors are important for the
welfare, quality and wellbeing of the Journal and its readers. Therefore, all
activities from paper submission to paper publication are controlled through
electronic systems that include electronic submission, editorial panel and
review system that ensures rapid decision with least delays in the publication
processes.
Editor-in-Chief (EiC)
Dr. Wei Wang
Norwegian University of Science and Technology (NTNU)(Norway)
Pages
1 - 10 A Secure Communication Model for Voting Application Using
Multiple Mobile Agents
Dattatraya Adane, Shailesh Sathe
S.R.Sathe srsathe@yahoo.com
Computer Science and Engineering Department,
Visvesvaraya National Institute of Technology,
Nagpur, INDIA.
Abstract
1. INTRODUCTION
Mobile agents are programs that can migrate from host to host in a network, at times and
to places of their own choice. The state of the running program is saved, transported to the new
host, and re- stored, allowing the program to continue where it left off. Mobile-agent systems
differ from process migration systems in that the agents move when they choose, typically
through a “jump” or “go” statement, whereas in a process-migration system the system decides
when and where to move the running process (typically to balance CPU load). Mobile agents
differ from “applets”, which are programs downloaded as the result of a user action and executed
from beginning to end on one host. Mobile agents are an effective choice for many applications,
for several reasons [1], including improvements in latency and bandwidth of client-server
applications and reducing vulnerability to network disconnection.
Mobile agents can travel to different hosts and it is often not known beforehand where the
agent will migrate to. When located at an agent platform, the agent may need to communicate
with other agents. The problem of confidential communication between agents is addressed in
this paper with respect to a typical agent model of working. In this model, confidential
communication is especially difficult to achieve as the agent platform cannot be considered as
trustworthy. Privacy during communication can be seen as preventing a third party from being
able to eavesdrop on the communication. In the agent model, this includes the agent platform.
Many solutions have been proposed on protecting mobile software agents against untrustworthy
hosts by providing confidentiality. The proposed solutions can be divided into two categories,
either they protect the data the agent owns or collects, or they provide a solution towards the
protection of the agent’s code. Data protection is, for example, necessary when the agent collects
data during the execution of its task, as this data should only be accessible to authorized entities.
In [2], Karjoth et al. define a number of security properties that define the protection of data
collected by an agent against an attacker. The collected data exists of a chain of encapsulated
small pieces of data and these security properties can be among others: data confidentiality,
forward privacy, forward integrity, or non-repudiability. A number of solutions have been proposed
that offer (a subset of) these properties, see [2], [3], [4], [5]. These solutions are based on public
key encryption, digital signatures, and hash chaining. In [6], flaws in some of these protocols are
identified. The second part of protection of mobile agents against untrustworthy hosts is
protection of the code itself. Protection of the code means providing the code with security
properties such as integrity and confidentiality. When an agent’s code is executed, there should
be a guarantee that the code is executed correctly. Tools like cryptographic traces [10] and proofs
of correctness [4], [11] have been proposed. These solutions are generalized in [12] by using the
concept of reference states. Confidentiality of code can be achieved by using tools as code
obfuscation [13]. Although in theory this is impossible [14], it may provide an adequate level of
protection for a limited amount of time. Furthermore, function hiding provides a cryptographic way
to achieve confidentiality for agent’s code [15], [16], [17].
These solutions provide various levels of protection to an agent against a malicious host,
but the subject of secure communication is not addressed. Tools like protection of computation
results or function hiding can be used to prevent the malicious host from accessing the agent’s
content or actions. However, when the communication between agents is not protected against
the host, the host may still be capable of obtaining relevant information about the agent.
Within the context of the agent privacy model, the problem is defined as providing a
confidential communication between agents, where the confidential data to be communicated is
stored securely in the agent. Beforehand it is not known with whom the agent will communicate.
Confidential communication means that at all time, no third parties can eavesdrop successfully on
the communication, not even the agent platform. The condition that confidential data is stored
securely in the agent is added, because if that is not the case, the agent platform is capable of
reading data even before communication starts and securing the communication would then be
an empty gesture. The condition is added explicitly to the problem statement as it is the starting
position of the problem and will be of great importance to the validity of proposed solutions.
Confidential data that is stored in a software agent is usually protected by means of encryption.
Taking the untrustworthy host into account requires ensuring that at no point in time the data is
available to the host in clear text. Note that within the agent privacy model, it is assumed that
hosts do not conspire. Two solutions are given here that demonstrate the complexity of the
problem.
A first naive approach is having the agent send the stored encrypted data directly to the
communicating partner, and having it transfer in some way the key. The advantage is that at no
time during communication the data appears in clear text. However, each piece of data must be
encrypted separately to avoid one communicating partner from having access to more data than
he is entitled to. Encrypting each block of data separately is very inefficient and impractical, as it
is necessary to transmit a key for each piece of data. The key must be transmitted in a secure
manner, which means that the problem has shifted from protecting the data to a key exchange
problem where many keys (one for each type of data) must be transmitted confidentially. A
simpler solution would be encrypting the data during the setup of the agent using the
communicating partner’s key. However, as in advance it is not known with whom the agent will
communicate, this is not possible. Obviously, this approach to provide confidentiality during
communication is not practical.
In the second approach, each piece of data is encrypted only once to keep the agent as
small as possible in terms of stored data, and at the moment of communication the data is to be
transformed such that only the receiving party is able to decrypt the message. Here, we describe
this approach for the case where all encryptions are done using a public key algorithm. A similar
solution can be described for a symmetric algorithm. The public key of the agent is used to
encrypt the information, and its private key is used to decrypt it. Figure 1 shows the procedure for
encrypting information for storage in the agent and making the data ready to be sent to the
communicating partner. The first step is to encrypt the data that must be kept confidential using
the agent’s public key pk1: Epk1(data). This operation can be performed at the user’s computer
and the result can then be stored in the agent. The moment the agent needs to send this
confidential data to another party, it decrypts the data using its private key sk1. The result of this
operation is plaintext data. Then the data is again encrypted, but this time using the
communicating partner’s public key pk2: Epk2(data). This may also be a session key. At this point
the data is ready to be sent to the communicating partner and this entity can decrypt the data,
because he has access to his private key (this last step is not shown in Figure 1).
The advantage of this second approach is that it is very simple and efficient. All the data
to be stored is encrypted with the same key, and only when needed it is transformed into an
encryption with the appropriate key. It is also an advantage that beforehand it is not known to
whom the agent will talk, because the encryption for the communicating partner occurs at the
time of communication. A third advantage is that no complex key management scheme needs to
be used, because at the moment the data is encrypted to be stored in the agent, only the agent’s
public key is used. Only the moment of data exchange with other parties it is necessary to obtain
the communicating partner’s key. This solution would be sufficient and adequate in a scenario
where the agent is in a trusted environment and where confidentiality is not a priority, but this is
not the case in the agent model. During the transformation from encryption with the agent’s key to
encryption with the communicating partner’s key, the plaintext data is available to the host.
Obviously, this situation should not occur. A second problem is that not only the data is readable
to the host and possibly to other parties at a certain moment, but also the private key of the agent
is accessible to the host during the decryption process. Consequently, the host has access to all
encrypted data stored in the agent. Concluding, this is only an adequate solution to provide
confidential communication in a fully trusted environment.
Our goal is to propose a communication model using mobile agents, with basic data
confidentiality within the model being implemented using one of the existing security solutions, so
as to provide a foundation for secure application development. BRAHMS [7] provides an ideal
way to model and simulate agent behavior. BRAHMS is centered on the concept of “agents.”
Agents’ behaviors are organized into activities, inherited from groups to which agents belong.
Most importantly, activities locate behaviors of people and their tools in time and space, such that
resource availability and informal human participation can be taken into account. A model of
activities doesn’t necessarily describe the intricate details of reasoning or calculation, but instead
captures aspects of the social-physical context in which reasoning occurs. Thus Brahms differs
from other multi-agent systems by incorporating chronological activities of multiple agents,
The paper is organized as different sections. In section 2 we first briefly introduce the
BRAHMS agent simulation and modeling environment. Then we discuss our security scheme for
providing data confidentiality in section 3. Thereafter, we describe our communication model and
show our simulation results using BRAHMS in section 4 which is followed by conclusion.
Brahms [8] can model and simulate work practices. Brahms models are written in the
agent-oriented language. The run-time component - the simulation engine - can execute a
Brahms model, also referred to as a simulation run. A Brahms model can be used to simulate
human-machine systems for what-if experiments, for training, for “user models,” or for driving
intelligent assistants and robots. Brahms is different from task and functional analysis. A
traditional task or functional analysis of work leaves out the logistics, especially how
environmental conditions come to be detected and how problems are resolved. Without
consideration of these factors, it is not possible to accurately model how work and information
actually flows, or to properly design software agents that help automate human tasks or interact
with people as their collaborators. What is wanted is, a model that includes aspects of reasoning
found in an information-processing model, plus aspects of geography, agent movement, and
physical changes to the environment found in a multi-agent simulation. A model of “work practice”
focuses on informal, circumstantial, and located behaviors by which synchronization occurs, such
that the task contributions of humans and machines flow together to accomplish goals. Brahms
makes this kind of models possible. Brahms relates knowledge-based models of cognition (e.g.,
task models) with discrete simulations and the behavior-based subsumption architecture.
Brahms models are written in an agent-oriented language that has a well-defined syntax
and semantics. The Brahms language is a “parsed” language: you write the code and then the
parser generates an internal object representation for the “run-time” component. Using this
language, a Brahms modeler can create Brahms models. The run-time component - the
simulation engine - can execute a Brahms model, also referred to as a simulation.
The Brahms language is structured around the following concepts:
• Agents and Groups
• Objects and Classes
• Beliefs and Facts
• Workframes
• Activities
• Thoughtframes
• Geography
The concepts can be related to one another in the following way:
Groups contain agents which are located and have beliefs that lead them to engage in activities
that are specified by workframes which consists of preconditions of beliefs that lead to actions,
consisting of communication actions, movement actions, primitive actions, other composite
activities, consequences of new beliefs and world facts thoughtframes that consist of
preconditions and consequences.
In this section we briefly describe our encryption scheme [9] based on ElGamal system,
to be used in the communication model. The typical problems in communicating confidential data
through agents are:
a) It is not known beforehand who the agent will communicate with, thus the data cannot be
encrypted with the proper key of communicating partner.
b) The environment in which the agent is working may be untrustworthy. Thus, the data agent
carries, must be kept confidential all the time.
In conventional Client-Server systems the data is usually encrypted with the data owner’s
public key to keep it confidential and when the data is needed in communication it is first
decrypted and then again encrypted using the public key of communication partner or the session
key used during the communication. In an agent environment this is not an acceptable solution as
the data is at one moment unencrypted and accessible by the host (untrusted host on which the
agent resides). In our scheme, the data is first encrypted using the encryption key of the agent. At
the moment data must be exchanged with another party, the data is again encrypted, but this
time with the encryption key of the communicating partner. A decryption process then follows
where the decryption key of the agent is used, such that the overall result is encrypted data,
which can only be deciphered by the communicating party. The process is depicted in Figure 2
below:
The necessary condition for an encryption algorithm to be used in above operation is:
where, PK1 and PK2 are the public keys of the agent and communicating party respectively. SK1
and SK2 are their corresponding private keys. It is assumed that there are more than one secret
keys generated by the agent corresponding to different types of data. Initially the data to be
encrypted is stored at the users computer and in order to encrypt it, the user first generates a key
pair for the agent according to the ElGamal system depending on type of data. The user
*
generates a large random prime p and a generator α of the multiplicative group Z p of the
integers modulo p. The user selects a random integer a1, 1<=a1<= p - 2, and computes :
a1
y1 = α mod p (2)
The agent’s public key is (p, α, y1) and its private key is a1.
The user encrypts the data (represented by parameter m) as follows. He first selects a random
integer k1, 1<= k1 <= p – 2 and computes:
k1 k1
γ1 = α mod p; δ1 = my1 mod p (3)
The cipher text is c1 = (γ1, δ1). This is stored in the agent and can be run on any platform at any
host. At the moment that the agent needs to give the personal data to another entity in the
system, the following process is started. The agent collects the communicating partner’s (from
here on called Bob) public key y2, which is formed in the same way as the user’s public key (y2 =
a2
α mod n). Bob’s private key is a2. It must be noted here that in order to fulfill equation (1), Bob
must use the same generator and prime number for generating its key pair as the user. The agent
encrypts the cipher text c1 using Bob’s public key y2, by the following computations:
k2 k2
γ2 = α mod p; δ2 = δ1y2 mod p (4)
Where, k2, 1 <= k2 <= p - 2, is an integer chosen at random by Bob. The second cipher text c2 is
then formed by the pair (δ2, γ1).
It is now possible to decrypt it once using the agent’s private key:
-a1 k2
m’=( γ1 ) δ2 mod p = my2 mod p (5)
Decryption of m’ (6) should occur at different place than the one where E-E-D operation took
place as decryption of m’ results in the plain text.
Our communication model consists of two Publisher (Voter) agents (PUB1 and PUB2),
one Consumer (vote collector) agent (C2) and a set of servers which are visited by the agents.
We assume a simple scenario with a single voter and single vote collector. The simulation can
however be extended for any number of voters and collectors. The servers are named as THP,
THC, UH1, UH2, UH3 and UH4 respectively. TH indicates trusted host and UH indicates
untrusted host. It is assumed that the platform on which the agents are created and activated are
trusted host and all others are untrusted hosts. Accordingly for agents PUB1 and PUB2
generated on THP server, THP is trusted host. Similarly, for agent C2 generated on THC server,
THC is trusted host. As for this model it assumed that all the servers are part of Nagpur University
and that they are located in the university campus. The complete description about the location of
servers, their physical placement in different buildings of university and their distances is
specified in the BRAHMS geography description file, nm1Geography.b. We then create
appropriate instances of agents from the different servers in the university campus. Agent PUB1
and PUB2 are the voter agents created from THP server and sent on the servers UH1 and UH2
respectively. They wait for the consumer agent on these servers to exchange data. They
continuously sense the environment for the arrival of consumer agent (vote collector) and
exchange their data belief with it when one arrives, with the help of communicate activity of
BRAHMS. Figure 3 gives our general model as implemented in BRAHMS.
UH3
PUB1 UH1
UH4
Path of C2
THP C2
creates
Pub1 and UH2
Pub2 THC
PUB2 creates
C2
The two voter agents are required as one (PUB1) stores the voting preference 0 or 1.
Voting preference 1 indicates voting in favor and 0 indicates otherwise. As per our encryption
scheme, agent PUB1 carries the preference encrypted using public key of voter and PUB2
contains its secret key. The Consumer agent is first supposed to collect information from PUB1
and go to the server where agent PUB2 is stationed. We have simplified this task by ensuring that
C2 visits UH1 first and then it goes to UH2. This ensures correct sequencing of operations of our
composite encryption scheme. The agent C2 first collects encrypted data from PUB1, encrypts it
again using its own public key and goes to UH2 where it sends this doubly encrypted message to
PUB2 for decryption once using the secret key of voter or Publisher, held by it. The message is
the sent back to C2. Thus, what C2 receives is the message which is encrypted in the public key
of consumer (vote collector) which can be easily decrypted at THC once C2 returns back. If
multiple voters are present, then the Collector agent collects multiple encrypted votes from the
voters and go on adding them at untrusted hosts using the homomorphic property of ElGamal as
discussed in section 3. It can also perform addition on its trusted host THC when it returns back
at a latter date if the results of voting are not to be disclosed immediately. As can be seen, the
composite scheme discussed in section 2 is applied successfully and it ensures that the data
possessed by the agents is never in clear. Though the encryption and decryption operations are
performed on untrusted hosts, they are never on clear data. Thus, data confidentiality is ensured.
The ElGamal encryption and decryption operation can be easily implemented as an external Java
activity in BRAHMS. The simulation results using BRAHMS are shown in Figure 4 and Figure 5
respectively. To keep the simulation simple we only show how the different agent movements are
performed over the period of time and how the data exchange between the agents takes place. In
this simple model, C2 has an initial data value 0. First time it encounters PUB1 on UH1, it
receives data value of PUB1 (1) and adds it to its own to get new data value which is 0+1=1. Next
when it encounters PUB2 on UH2, it again receives data value of PUB2 (2) and add it to its own.
Hence the final value at C2 becomes 1+2=3. In BRAHMS it is possible to check the beliefs held
by the agent at different points of time during execution. Figure 5 show the beliefs held by agent
C2 at servers UH1 and UH2 after collecting data from agents PUB1 and PUB2 respectively.
FIGURE 4: Agent movements: Agents PUB1 and PUB2 are launched on UH1 and UH2. Agent C2 roams
around the servers UH4, UH3, UH1, UH2 and returns to THC
Second data
change in C2 at
UH2
First data
change in C2 at
UH1
FIGURE 5: Data Beliefs of agent C2 changes as it visits servers UH1 and UH2
which returns the required keys first. Thus we have three activities getKeys, sayEncrypt and
sayDecrypt. After retrieving the keys, we call the functions from the classes, in the Brahms file
through Java Activity. A typical java activity for calling the encrypt function from the class is as
follows:
agent JAgent {
attributes:
public string nextJavaActivity;
public string performedActivity;
public string text1; // message to be encrypted
public int p;// Set through getKey Activity
public int y; // Set through getKey Activity
public int skey;
public int result;
initial_beliefs:
// the java activity to be executed by the agent for encryption
//complete path where activity files are located
(current.nextJavaActivity = "a.b.nm2.jact.doEncryptionActivity" );
activities:
java sayEncrypt(int d, int p, int result) {
max_duration: 0;
class: "a.b.nm2.jact.doEncryptionActivity" ;
when: start;
} // javacls is the class name to be executed
// In Brahms workframes initiate the activities
workframes:
// Executes the Encrypt java activity provided the nextJavaActivity
// value is known. It is known since we specified it as an initial belief
workframe wf_encrypt {
variables:
forone (int) m;
forone (int) pri;
when(knownval(current.data=m) and knownval(current.p=pri))
// It is assumed that private key pri is obtained using getKeys activity
do {
sayEncrypt (m,pri,out);
// m is data, pri is private key and result is obtained in out
conclude((current.data = out), bc:100, fc:0);
// encrypted data is now current data held by the agent and this belief is
// confirmed 100%
} // end do
} // wf_encrypt
} // JAgent
5. CONCLUSION
It is a major challenge to provide secured Mobile Agent communication. The basic problems of
code mobility restrict the use of conventional security measures to be adopted directly in the
context of mobile agents. The existing solutions are either theoretical or practically infeasible.
There is an urgent need for new, effective and efficient solutions in this area. We have proposed
a basic model for secured communication for voting application, targeting the data security of the
agents using convention security technique. The model uses ElGamal encryption / decryption and
exploits its homomorphic property for the purpose. The composite encryption scheme is
mathematically proven and it can be easily implemented. The BRAHMS environment used by us
provides a realistic view of agents thought processes as they move from host to host. Though we
considered a simple scenario with one voter and only one vote collector, we feel that the idea
could be extended to any number and lay the foundation for a more realistic voting application.
6. REFERENCES
[1] Danny B. Lange and Mitsuru Oshima. “Seven good reasons for mobile agents”.
Communications of the ACM, 42(3):88–89, March 1999.
[2] G. Karjoth, N. Asokan, and G. Glc. “Protecting the computation results of freeroaming agents”.
Mobile agents ’98, Lecture Notes in Computer Science, pages 195–207, 1998.
[3] S. Loureiro, R. Molva, and A. Pannetrat. “Secure data collection with updates”. Proceedings of
the workshop on agents in electronic commerce, pages 121–130, 1999.
[4] B. Yee. “A sanctuary for mobile agents”. Secure Internet Programming, Lecture notes in
computer science, 1603:pages 261–73, 1999.
[5] A. Young and M. Yung. “Sliding encryption: a cryptographic tool for mobile agents”.
Proceedings of Fast Software Encryption Workshop 1997, Springer-Verlag, Lecture Notes in
Computer Science, pages 230–241, 1997.
[6] V. Roth. “On the robustness of some cryptographic protocols for mobile agent protection”.
Mobile Agents 2001, Lecture Notes in Computer Science, pages 1–14, 2001.
[7] http://agentisolutions.com/
[8] http://agentisolutions.com/ Brahms Tutorial (TM01-0002-V1.1)
[9] D.S. Adane and S.R.Sathe, “A Security Model for Data Storing and Data Collecting Agents”.
International Journal of Computer Science and Network Security, IJCSNS, Vol (9), No.4, April
2009.
[10] G. Vigna. “Cryptographic traces for mobile agents. Mobile agents and Security”. Lecture
Notes in Computer Science, pages 137–153, 1998.
[11] I. Biehl, B. Meyer, and S. Wetzel. “Ensuring the integrity of agent-based computations by
short proofs”. Mobile agents, Lecture Notes in Computer Science 1477, pages 183–94, 1998.
[12] F. Hohl. “A framework to protect mobile agents by using reference states”. Proceedings of
the 20th International Conference on Distributed Computing Systems CICDS2000, 2000.
[13] F. Hohl. “Time limited blackbox security: Protecting mobile agents from malicious hosts”.
Mobile agents and security, Lecture notes in computer science, pages 92–113, 1998.
[14] B. Barak and O. Goldreich. “On the (im)possibility of obfuscating programs”. Crypto 2001,
Lecture Notes in Computer Science, pages 1–18, 2001.
[15] C. Cachin, J. Camenisch, J. Kilian, and J. M¨uller. “One-round secure computation and
secure autonomous mobile agents”. Proceedings of the 27th International Colloquium on
Automata, Languages and Programming (ICALP), Lecture notes in Computer Science,
1853:512–23, 2000.
[16] T. Sander and C.F. Tschudin. “Towards mobile cryptography”. Proceedings 1998 IEEE
symposium on security and privacy, pages 215–224, 1998.
[17] S. Loureiro and R. Molva. “Function hiding based on error correcting codes”. In Proceedings
of the CryptTEC’99 International Workshop on Cryptographic Techniques and Electronic
Commerce, pages 92–98, 1999.
About IJS
Information Security is an important aspect of protecting the information
society from a wide variety of threats. The International Journal of Security
(IJS) presents publications and research that builds on computer security and
cryptography and also reaches out to other branches of the information
sciences. Our aim is to provide research and development results of lasting
significance in the theory, design, implementation, analysis, and application
of secure computer systems.
The realm of International Journal of Security (IJS) extends, but not limited,
to the following:
Anonymity Anonymity and pseudonymity
Attacks, security mechanisms, and Code security, including mobile
security service code security
Authorisation Biometrics
Cellular/wireless/mobile/satellite networks Authentication
securi
Public key cryptography and key Confidentiality, privacy, integrity,
management authenticatio
Cryptography and cryptanalysis Data confidentiality issues
Data integrity issues Data recovery
Database security Denial of service
Denial of service attacks and Dependability and reliability
countermeasures
Design or analysis of security protocols Distributed access control
Distributed and parallel systems security Electronic commerce
Formal security analyses Fraudulent usage
Information flow Information hiding and
watermarking
Intellectual property protection Intrusion detection
Key management Multicast security
Network and Internet security Network forensics
Network security performance evaluation Non-repudiation
Peer-to-peer security Prevention of traffic analysis
Privacy protection Computer forensics
Revocation of malicious parties Risk assessment and
management
Secure location determination Secure PHY/MAC/routing
protocols
Secure routing protocols Security group communications
Security in ad hoc networks Security in cellular networks (2G,
2.5G, 3G, B3G,
Security in communications Security in content-delivery
networks
Security in distributed systems Security in domain name service
Security in e-mail Security in high-speed networks
Security in integrated networks Security in integrated wireless
networks
Security in internet and WWW Security in IP networks
Security in mobile IP Security in optical systems and
networks
Security in peer-to-peer networks Security in satellite networks
Security in sensor networks Security in VoIP
Security in wired and wireless integrated Security in Wired Networks
networks
Security in wireless communications Security in wireless internet
Security in wireless LANs (IEEE 802.11 Security in wireless MANs (IEEE
WLAN, WiFi, 802.16 and WiMAX)
Security in wireless PANs (Bluetooth and Security policies
IEEE 802.
Security specification techniques Security standards
Tradeoff analysis between performance Trust establishment
and security
Viruses worms and other malicious code WLAN and Bluetooth security
CFP SCHEDULE
Volume: 4
Issue: 1
Paper Submission: January 31 2010
Author Notification: February 28 2010
Issue Publication: March 2010
CALL FOR EDITORS/REVIEWERS
BRANCH OFFICE 1
Suite 5.04 Level 5, 365 Little Collins Street,
MELBOURNE 3000, Victoria, AUSTRALIA
BRANCH OFFICE 2
Office no. 8, Saad Arcad, DHA Main Bulevard
Lahore, PAKISTAN
EMAIL SUPPORT
Head CSC Press: coordinator@cscjournals.org
CSC Press: cscpress@cscjournals.org
Info: info@cscjournals.org