Security and Privacy on the Internet (60-564)

UNIVERSITY OF WINDSOR

Lecture Notes:

MANET Simulation Use Firefox or Chrome to download this power-point file.

Notes on Installation of NS2_ Windows Notes on Installation of Windows_ Linux

Surveys

S.No.	Title	Reference Papers	Names
1	Intrusion Detection System for Mobile Ad Hoc Networks – A Survey Report	[1] Aleksander Byrski1 and Marco Carvalho: Agent- Based Immunological Intrusion Detection System for Mobile Ad-Hoc Networks. (2008) http://www.springerlink.com.ezproxy.uwindsor.ca/content/j41l856754175068/fulltext.pdf accessed on Nov. 12, 2009 [2] Shukor Abd Razak, Steven Furnell, Nathan Clarke, and Phillip Brooke: A Two-Tier Intrusion Detection Systemfor Mobile Ad Hoc Networks – A Friend Approach (2006) http://www.springerlink.com.ezproxy.uwindsor.ca/content/y216646691427603/fulltext.pdf access on Nov. 15, 2009 [3] Farhan A.F. , Zulkhairi D. , M.T. Hatim: Mobile Agent Intrusion Detection System For Mobile Ad Hoc Networks: A Non-overlapping Zone Approach (2008) http://ieeexplore.ieee.org.ezproxy.uwindsor.ca/stamp/stamp.jsp?tp=&arnumber=4655310&isnumber=4655300 accessed on Nov. 21, 2009 [4] Shukor Abd Razak, Normalia Samian, Mohd. Aizaini Ma’arof, S. M. Furnell, N. L. Clarke, P. J. Brooke: A Friend Mechanism for Mobile Ad Hoc Networks (2009) http://www.mirlabs.org/jias/razak.pdf access on Nov. 22, 2009	Faisal Mahmood
2
3
2007 Survey	IDS for wireless network Report Presentation	1. R. Goss, M. Botha, R. Solms, “Utilizing fuzzy logic and neural networks for effective, preventative intrusion detection in a wireless environment”, Proceedings of the 2007 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries SAICSIT '07, October 2007, Publisher: ACM Press 2. E. Derrick, R. Tibbs, L. Reynolds, “Investigating new approaches to data collection, management and analysis for network intrusion detection”, Proceedings of the 45th annual southeast regional conference ACM-SE 45, March 2007, Publisher: ACM Press 3. L. Tan, T. Sherwood, “A high throughput string matching architecture for intrusion detection and prevention”, Proceedings of the 32nd International Symposium on Computer Architecture (ISCA’05), Page(s):112 - 122, 4-8 June 2005	Adnan, Md Ashif et al

Fall 2009

Assignment 1, Project 1

No.	Title	Reference Papers	Names	Date of Presentation
No.	Assignment Project	Reference Papers	Names	Date of Presentation
1	VulnerabilityScan&Attacks Presentation	[1] Nmap Home Page http://nmap.org/ accessed on Oct 16, 2009. [2]Nessus Home Page http://www.nessus.org/nessus/ accessed on Oct 16, 2009. [3]Metasploit Home Page http://www.metasploit.com/ accessed on Oct 16, 2009.	Li Chun
2	TrueCrypt: Analysis and Implementation	[1] “TrueCrypt Free Open Source On-The-Fly Encryption”, http://www.truecrypt.org/docs/ [2] Bruce Schneier, “Bruce Schneier: Twofish”, http://www.schneier.com/twofish.html [3] Antoon Bosselaers, “The RIPEMD Page”, 25 August 2004,http://homes.esat.kuleuven.be/~bosselae/ripemd160.html, [4] “Serpent Homepage”, http://www.cl.cam.ac.uk/~rja14/serpent.html [5] Paulo S. L. M. Barreto, “Whirlpool Homepage”, 25 November 2008 http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html [6] William Stalling, Cryptography and Network Security Principles and Practices 4^th Edition, Pearson Education 2006 [7] W. Trappe, L. C. Washington, Introduction to Cryptography with Coding Theory 2^nd Edition, Pearson education 2006 [8] Phillip Rogaway, Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC, 24 September 2004,http://www.cs.ucdavis.edu /~rogaway/papers/offsets.pdf [9] Luther Martin, Voltage Superconductor: Under standing AES-XTS, http://superconductor.voltage.com/ 2009/07/understanding-aesxts-part-1.html [10] http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, page 16 [11] B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, “Twofish: A 128 bit block Cipher”, NIST AES Submission, June 15^th 1997 [12] Morris Dworkin, CSRC Cryptography Toolkit, December 4 2001, http://csrc.nist.gov/archive/aes/index.html	Daniel Denomme
3	a) Use Firefox or Chrome to download: IDS using SAX and WIRESHARC b) Use any browser to download the pdf file: IDS using SAX and WIRESHARC ProjectPresentation	[1] Book Network Defense and Countermeasures: Principles and Practices, Chuck Easttom. Prentice Hall, 2006. accessed on Sept 26/ 27/ 28/ 29, 2009 [2] Appendix B. SAX 2.0 Features and Properties, O’Reilly. http://docstore.mik.ua/orelly/xml/jxml/appb_01.htm accessed on Sept 30, 2009 [3] Class notes 0360564 Intrusion detection http://web2.uwindsor.ca/courses/cs/aggarwal/cs60564/materials.htm accessed on Sept 30, 2009 [4] What is network intrusion system? http://www.linuxsecurity.com/resource_files/intrusion_detection/network-intrusion-detection.html#1.1 accessed on Oct 01, 2009 [5] Architecture http://www.linuxsecurity.com/resource_files/intrusion_detection/network-intrusion-detection.html#2. accessed on Oct 01, 2009 [6] Policy and prevention http://www.linuxsecurity.com/resource_files/intrusion_detection/network-intrusion-detection.html#3. accessed on Oct 02, 2009 [7] IDS and firewalls http://www.linuxsecurity.com/resource_files/intrusion_detection/network-intrusion-detection.html#7. accessed on Oct 5, 2009 [8] Intrusion detection Systems - Wikipedia http://en.wikipedia.org/wiki/Intrusion-detection_system accessed on Oct 03, 2009 [9] Intrusion and intrusion detection John McHugh, Alan Christie, and Julia Allen Software Engineering Institute, CERT Coordination Center http://www.cs.virginia.edu/~jones/IDS-research/Papers.html accessed on Oct 05/ 06, 2009 DOWNLOAD Sax2 Intrusion detection System (freeware) 3.1 http://www.tucows.com/preview/601069 accessed on Oct 02, 2009 WIRESHARK (freeware) http://www.wireshark.org/download.html accessed on Oct 01, 2009 Colasoft Packet Builder 1.0 (freeware) http://www.colasoft.com/packet_builder/ accessed on Sept. 25, 2009	Faisal Mahmood
4	a) Use Firefox or Chrome to download: Smurf Attack b) Use any browser to download the pdf file: Smurf Attack Project1 c) Use Firefox or Chrome to download: Presentation	[1] Smurf attack, from Wikipedia: http://en.wikipedia.org/wiki/Smurf_attack as of [2] smurf.c, [Online document] Available: http://personal.telefonica.terra.es/web/alexb/e/smurf.c [3] The Internet Control Message Protocol, from Wikipedia: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol [4] Ping, from Wikipedia: http://en.wikipedia.org/wiki/Ping [5] The ICMP Header. [Online document] Available: http://blog.csdn.net/xuhx/archive/2008/04/16/2297266.aspx [6] How a Broadcast Address Works. [Online document] Available: http://learn-networking.com/network-design/how-a-broadcast-address-works [7] Denial-of-service attack, from Wikipedia: http://en.wikipedia.org/wiki/Denial-of-service_attack [8] Nemesis Packet Injection Tool Suite. [Online document] Available: http://nemesis.sourceforge.net/ [9] Manpage of NEMESIS-ICMP. [Online document] Available: http://nemesis.sourceforge.net/manpages/nemesis-icmp.1.html [10] Wireshark. [Online document] Available: http://www.wireshark.org/ [11] Securing Cisco Routers with No IP Directed-Broadcast. [Online document] Available: http://learn-networking.com/network-security/securing-cisco-routers-with-no-ip-directed-broadcast [12] Craig A. Hugen, The latest in denial of service attacks: "Smurfing". Description and information to minimize effects. [Online document] Available: http://www.pentics.net/denial-of-service/white-papers/smurf.cgi	Farhan Sajjad
5	a) E-mailCapturing&Encryption b) Use Firefox or Chrome to download: Presentation	The GNU Privacy Guard - GnuPG.org. Web. <http://www.gnupg.org/>. "Enigmail: Download Enigmail." Enigmail: A simple interface for OpenPGP email security. Web. <http://enigmail.mozdev.org/download/index.php>. "How to encrypt your email - Downloads - Lifehacker." Lifehacker, tips and downloads for getting things done. Web. <http://lifehacker.com/180878/how-to-encrypt-your-email>. "Overview of PGP." The International PGP Home Page. Web. <http://www.pgpi.org/doc/overview/>. "The comp.security.pgp FAQ." Top Level page for www.pgp.net at cam.ac.uk.pgp.net [08040909]. Web. <http://www.pgp.net/pgpnet/pgp-faq/>. "Pretty Good Privacy." WWW.GAMERS.ORG. Web. <http://www.gamers.org/~tony/pgp.html>. "How PGP works." The International PGP Home Page. Web. <http://www.pgpi.org/doc/pgpintro/#p1>. "What is WPA security?" Belkin : WPA. Web. <http://en-us-support.belkin.com/app/answers/detail/a_id/34>. "WPA Wireless Security for Home Networks." Microsoft Corporation. Web. <http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx>. "Cracking_wpa." Aircrack-ng. Web. <http://aircrack-ng.org/doku.php?id=cracking_wpa>. "Openwall wordlists collection for password recovery, password cracking, and password strength checking." Openwall Project - Information Security software for open environments. Web. <http://www.openwall.com/wordlists/>. "Packet Sniffing - Part 1 (wiretaps, protocol decoding and surveillance)." SuraSoft - Keeping your computer safe! AntiSpyware & Security Information. Web. <http://www.surasoft.com/articles/packetsniffing.php>. FrontPage - The Wireshark Wiki. Web. <http://wiki.wireshark.org>.	Mohit Sud
6	ManInTheMiddle Presentation		John Ouimet and Kyle Newman
7	OpenVPNSecureBridgeImplementation	A method to prevent source address spoofing in TCP/IP based networks so as to reduce the risk of Denial of Service (DoS) attacks on any host in the network: Background. (n.d.). Retrieved October 16, 2009, from IP.com Prior Art Database: http://www.priorartdatabase.com/IPCOM/000021778/ Arpi. (2004, August 5). Linux Kernel Mailing Lists. Retrieved October 16, 2009, from how to read /proc/net/arp properly: http://linux.derkeiler.com/Mailing-Lists/Kernel/2004-08/1302.html Bart De Schuymer, N. F. (2003, November 9). ebtables/iptables interaction on a Linux-based bridge. Retrieved October 17, 2009, from Ebtables: http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html darkness. (2006, March 3). Selectively firewalling OpenVPN users. Retrieved October 14, 2009, from darkness: http://darkness.codefu.org/wordpress/2006/03/03/228 Difference in Hub, Switch, Bridge, & Router. (2004, November 20). Retrieved October 16, 2009, from Nutt.net: http://www.nutt.net/2004/11/20/difference-in-hub-switch-bridge-router/comment-page-1/ Feilner, M. (2006). OpenVPN: Building and Integrating Virtual Private Networks. Birmingham: PACKT Publishing. Luk, P. (2009, August 19). Using linux ethernet bridge to counter arp posioning. Retrieved October 9, 2009, from Peter Luk's Blog: http://staff.ie.cuhk.edu.hk/~sfluk/wordpress/?p=535 OpenVPN on Sourceforge. (n.d.). Retrieved October 14, 2009, from Sourceforge: http://sourceforge.net/projects/openvpn/ OpenVPN Technologies. (n.d.). Howto. Retrieved October 5, 2009, from OpenVPN: http://www.openvpn.net/index.php/open-source/documentation/howto.html OpenVPN Technologies. (n.d.). OpenVPN. Retrieved October 5, 2009, from Ethernet Bridging: http://www.openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html RTNETLINK (Linux Manual Pages). (1999, 04 30). Snyder, J. (n.d.). BR-NF Packet Flow. Retrieved October 17, 2009, from Ebtables: http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png Various. (2004, September 21). RARP support disapeard in kernel 2.6.x ? Retrieved October 16, 2009, from Linux Kernel Mailing Lists: http://linux.derkeiler.com/Mailing-Lists/Kernel/2004-09/6619.html	David Michael Andrews
8	MIMAttack_Assignment	Man in the Middle attack from http://www.owasp.org/index.php/Man-in-the-middle_attack About Secure socket layer from Wikipedia (http://en.wikipedia.org/wiki/SSL) Ettercap information from http://ettercap.sourceforge.net/ Winpcap information can be read at http://en.wikipedia.org/wiki/WinPcap#WinPcap MITM attack document wiki by http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attack Attack on SSL using MITM document http://www.docstoc.com/docs/11837353/A-Real-Life-Man-in-the-Middle-Attack-on-SSL	Rajashekar Rao Bandari
9	FeaturesOfNetcat_Assignment Project	[1] Brian Baskin, Netcat Power Tools, Syngress Publishing Inc, Burlington, MA, 2008. [2] Netcat: the TCP/IP swiss army: http://nc110.sourceforge.net [3] Netcat. From Wikipedia: http://en.wikipedia.org/wiki/Netcat [4] Ncat Users’ Guide: http://nmap.org/ncat/guide/index.html [5] Mati Aharoni, Netcat Security: http://www.webpronews.com/topnews/2003/10/20/netcat-security [6] Nmap - Free Security Scanner For Network Exploration & Security Audits: http://nmap.org/ [7] Nmap. From Wikipedia: http://en.wikipedia.org/wiki/Nmap [8] NetCat Tutorial: http://www.securitydocs.com/library/3376	Jeffrey M. Kurcz
9	FeaturesOfNetcat_Assignment Project		Jeffrey M. Kurcz
10	TCPSYNFlood-DoS	[1] Wikipedia: Transmission Control Protocol http://en.wikipedia.org/wiki/Transmission_Control_Protocol, Accessed October 9, 2009 [2] Wireshark http://www.wireshark.org/about.html, Accessed October 9, 2009 [3] Engage Security http://www.engagesecurity.com/products/engagepacketbuilder, Accessed October 9, 2009 [4] Internet server unavailable because of malicious SYN attacks http://support.microsoft.com/default.aspx?scid=KB;en-us;142641&, Accessed October 17, 09 [5] How To: Harden the TCP/IP Stack http://msdn.microsoft.com/en-us/library/aa302363.aspx, Accessed October 15, 2009 [Figure 2] File:Tcp synflood.png http://en.wikipedia.org/wiki/File:Tcp_synflood.png, Accessed October 15, 2009 [Figure 8] Internet server unavailable because of malicious SYN attacks http://support.microsoft.com/default.aspx?scid=KB;en-us;142641&, Accessed October 17, 2009	Seung Jae Won
11	PortScanning/Vulnerability Scanning/PenetrationTest/NIDS	1. Overview of Metasploit taken from http://en.wikipedia.org/wiki/Metasploit 2. Overview of Snort taken from http://en.wikipedia.org/wiki/Snort_(software) 3. Windows Exploit summary taken from: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx Downloads: 4. Nmap: http://nmap.org/download.html 5. Nessus 4: http://www.nessus.org/download/ 6. Metasploit: http://www.metasploit.com/framework/download/ 7. Snort: http://www.snort.org/downloads/ 8. WinPcap: http://www.winpcap.org/install/default.htm 9. Sun VirtualBox: http://www.virtualbox.org/wiki/Downloads 10. Windows SP2 ISO image: http://msdn05.e-academy.com/uwindsor_cs/index.cfm?loc=main	Imran Ahmed

Fall 2007

SURVEY Requirements:

It is to be a survey of recent developments, based on the papers selected by you.

n ISSUES TO BE STUDIED:

n Introduction to the field of research in the area

n the basic new ideas, stated in the papers

n the methods of testing and validating the ideas in each of the three papers

n your own thoughts about weaknesses of the papers and your suggestions about strengthening security, along with a chosen example to illustrate your ideas.

NO PLAGIARISM WHATSOEVER

Please write the survey in your own words.
Short quotations (in quotation marks along with the reference and page number of the reference) may be used, where necessary.
Please do not copy any part of text or figure from any paper or book.
If you want to give any figure from a paper or a book in your Report, you need permission of the authors.
You are not to do any copyright violations

Plagiarism will result in forfeiture of grades even after

graduation.

Assignment 3

No.	Title	Name
1	Presentation	Aktaruzzaman
2	Presentation	Alam Mohammad
3	Presentation	Amar Patel
4	Presentation	Aqila Dissanayake
5	Presentation	Ashif Adnan
6	Presentation	Da Teng
7	Presentation	Dou Wang
8	Presentation	Hassan Chowdhury
9	Presentation	Li Xiaoming
10	Presentation	Moazzami Katayoon
11	Presentation	Mokbel Mohammad
12	Presentation	Olaekan Kadri
13	Presentation	Debashis Roy
14	Presentation	Shi Jiaying
15	Presentation	Shushan Zhao
16	Presentation	Singh Rachita
17	Presentation	Valon Sejdini
18	Presentation	Xin Wu
19	Presentation	Xu Yufei
20	Presentation	Ying Chen
21	Presentation	Fadi Farhat

Survey (Presentation Date: 25/11/2007)

S.No.	Title	Reference Papers	Names
1	IDS for wireless network Report Presentation	1. R. Goss, M. Botha, R. Solms, “Utilizing fuzzy logic and neural networks for effective, preventative intrusion detection in a wireless environment”, Proceedings of the 2007 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries SAICSIT '07, October 2007, Publisher: ACM Press 2. E. Derrick, R. Tibbs, L. Reynolds, “Investigating new approaches to data collection, management and analysis for network intrusion detection”, Proceedings of the 45th annual southeast regional conference ACM-SE 45, March 2007, Publisher: ACM Press 3. L. Tan, T. Sherwood, “A high throughput string matching architecture for intrusion detection and prevention”, Proceedings of the 32nd International Symposium on Computer Architecture (ISCA’05), Page(s):112 - 122, 4-8 June 2005	Adnan, Md Ashif, Alam, Mohammad Omair and AKM, Aktaruzzaman
2	Man-in-the-Middle attack, peforming both a passive and an active attack Project 2 Presentation	??	Bobek, Robert,
3	a research report on the 802.11 specification Project 2 Presentation	1. IEEE Computer Society, IEEE-SA Standards Board, Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. 1999, Reaffirmed June 2003. IEEE-SA Standards Board. [http://standards.ieee.org/getieee802/download/802.11-1999.pdf]. Accessed Nov. 18, 2007. 2. IEEE Computer Society, IEEE-SA Standards Board, Telecommunications and information exchange between systemsLocal and metropolitan area networksSpecific requirementsPart 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specificationsAmendment 1: High-speed Physical Layer in the 5 GHz band. 1999, Reaffirmed June 2003. [http://standards.ieee.org/getieee802/download/802.11a-1999.pdf]. Accessed Nov. 18, 2007. 3. IEEE Computer Society, IEEE-SA Standards Board, Supplement to IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: Higher-Speed Physical Layer Extension in the 2.4 GHz Band. 1999, Reaffirmed June 2003. [http://standards.ieee.org/getieee802/download/802.11b-1999.pdf]. Accessed Nov. 18, 2007. 4. IEEE Computer Society, IEEE-SA Standards Board, IEEE Standard for Information technologyTelecommunications and information exchange between systemsLocal and metropolitan area networksSpecific requirementsPart 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specificationsAmendment 4: Further Higher-Speed Physical Layer Extension in the 2.4 GHz Band. 2003. [http://standards.ieee.org/getieee802/download/802.11g-2003.pdf]. Accessed Nov. 18, 2007.	Ruston, Matthew
4	Mobile Agent for Securing Web Service Report Presentation	1. Zhang, Junqi; Wang, Yan; Varadharajan, Vijay; "Mobile Agent and Web Service Integration Security Architecture" , IEEE International Conference on Service-Oriented Computing and Applications, 2007. SOCA '07, 19-20 June 2007, page 172-179. 2. Hyun Sik Hwang; Hyuk Jin Ko; Kyu Il Kim; Ung Mo Kim; Dong Soon Park; "Agent-Based Delegation Model for the Secure Web Service in Ubiquitous Computing Environments", International Conference on Hybrid Information Technology, 2006. ICHIT '06. Volume 1, Nov. 2006, page 51-57. 3. Maamar, Z.; Mostefaoui, S.K.; Yahyaoui, H.; "Toward an agent-based and context-oriented approach for Web services composition", IEEE Transactions on Knowledge and Data Engineering, Volume 17, Issue 5, May 2005, page 686-697.	Debashis, Roy, Moazzami, Katayoon, Rachita, Singh
5	Mobile IP Project 2 Presentation Presentation	1. Mobile IP: A Solution for Transparent, Seamless Mobile Computer Communications J. Redi a, P. Bahl b a Dept.of Electrical and Computer Engineering, Boston University, redi@acm.org b Microsoft Research, Redmond, WA, bahl@microsoft.com 2. Mobile IP Resources Neda Document Number: 103-101-04 Doc. Revision: 1.1 Payman Arabshahi Neda Communications, Inc. 17005 SE 31st Place Bellevue, WA 98008 3. MOBILE NETWORKING THROUGH MOBILE IP, CHARLES E. PERKINS, Sun Microsystems	Sejdini, Valon, Chowdhury, Hasan, Li, Xiaoming
6	Firewall Report Presentation Presentation	1. An embedded firewall based on network processor Quan Huang; Shengke Qiu; Shicun Qin; Cheng Cao; Embedded Software and Systems, 2005. Second International Conference on 16-18 Dec. 2005 Page(s):7 pp. 2. Mobile personal firewall Ying Qiu; Jianying Zhou; Feng Bao; Personal, Indoor and Mobile Radio Communications, 2004. PIMRC 2004. 15th IEEE International Symposium on Volume 4, 5-8 Sept. 2004 Page(s):2866 - 2870 Vol.4 3. Personal firewall for Pocket PC 2003: design & implementation Susilo, W.; Ang, R.J.; McDonald, C.A.G.; Jianyong Huang; Advanced Information Networking and Applications, 2005. AINA 2005. 19th International Conference on Volume 2, 28-30 March 2005 Page(s):661 - 666 vol.2	Ying, Chen, Dou, Wang, Jiaying, Shi
7	Protecting Ad Hoc Networks in real-time Report Presentation	1. A. Fourati and K. Al Agha, “An IDS First Line of Defense for Ad Hoc Networks”, In IEEE WCNC'07: Wireless Communications and Networking Conference, Hong Kong, China, p.p. 2619 - 2624, March 2007. 2. X. Su and R. Boppana, “On Identifying Malicious Nodes in Ad Hoc Networks”,International Conference on Communications and Mobile Computing Proceedings of the 2007 international conference on Wireless communications and mobile computing, Honolulu, Hawaii, USA, p.p. 254 - 259, 2007. 3. L. Stamouli, P.G. Argyroudis and H. Tewari, “Real-time intrusion detection for ad hoc networks”, Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks, p.p. 374 - 380, June 2005.	Farhat, Fadi,
8	Attack – Smurf Report Presentation	[1] Luo Hongli and Shyu Mei-Ling, Protection of QoS for Multimedia Transmission against Denial of Service Attacks, Proceedings of seventh IEEE International Symposium on Multimedia, 2005 [2] Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, DDoS defense by Offense, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications SIGCOMM, 2006 [3] Yun Huang, Xianjun Geng, Andrew B. Whinston Defeating DDoS Attacks by Fixing the Incentive Chain, ACM Transactions on Internet Technology (TOIT), 2007	Dissanayake, Aqila, Olalekan, Habib Kadri
9	Security and wireless sensor networks Report Presentation	1. Anthony D. Wood, Lei Fang, John A. Stankovic, Tian He . "SIGF: A Family of Configurable, Secure Routing Protocols for Wireless Sensor Networks",October 2006 Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks SASN '06 Publisher: ACM Press 2. Tim Leinm\|ller, Christian Maihvfer, Elmar Schoch, Frank Kargl "Improved Security in Geographic Ad hoc Routing through Autonomous Position Verification", September 2006 Proceedings of the 3rd international workshop on Vehicular ad hoc networks VANET '06 Publisher: ACM Press 3. Nael Abu-Ghazaleh, Kyoung-Don Kang, Ke Liu ,"Wireless network security II: Towards resilient geographic routing in WSNs ",October 2005 Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks Q2SWinet '05 Publisher: ACM Press	Xin, Wu, Da, Teng, Yufei, Xu
10	New Improvement on Ad hoc Network Security Report Presentation	1. Jin, Lu; Zhang, Zhongwei; Zhou, Hong; "Deliberation and Implementation of Adaptive Fuzzy Logic Based Security Level Routing Protocol for Mobile Ad Hoc Network", Consumer Communications and Networking Conference, 2007. CCNC 2007. 2007 4th IEEE Jan. 2007 Page(s):479 - 483. 2. Selma Boumerdassi;Papa Kane Diop;Iric Renault;Anne Wei; ''A new two-message authentication protocol for RFID sensor networks",ACM International Conference Proceeding Series; Vol. 115,Proceedings of the 3rd international workshop on Middleware for pervasive and ad-hoc computing table of contents Grenoble, France, Pages: 1 - 7. 3. Ghalwash ;Youssif; Hashad; Doss; "Self Adjusted Security Architecture for Mobile Ad Hoc Networks (MANETs)", 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007), 2007,icis, pp. 682-687.	Patel, Amar, Zhao, Shushan, Mokbel, Fadel Mohammad

Assignment 2, Project 1

No.	Title	Reference Papers	Names	Date of Presentation
No.	Assignment Project	Reference Papers	Names	Date of Presentation
1	Eavesdropping attack, over Wi-Fi Presentation Simulating Eavesdropping Attack over Wireless Network Project Files	1. M. Domenico, A. Calandriello, G. Calandriello and A. Lioy. Dependability in Wireless Networks: Can We Rely on WiFi?. IEEE Security and Privacy, 5(1):23-29, 2007 2.http://www.tscmvideo.com/eavesdropping/eavesdropping-device.html 3. LucidLink, the network security products company, WiFiTheft.com, wifi.weblogsinc.com, WarDriving.com, Wigle.net, www.intelligentedu.com 4. Wikipedia encyclopedia. 5. http://www.sciam.com/article.cfm 6. Eavesdropping on Wi-Fi, chapter 6 page 122	Fadi Farhat	8 November
2	Denial of Service (DoS) attack with UDP Flood in wire network Denial of Service (DoS) attack with UDP Flood	1. Distributed Denial of Service Attacks Felix Lau,Stuart H. Rubin,Michael H. Smith,Ljiljana Trajkovic,Simon Fraser University of Burnaby, BC, Canada 2. Measuring Denial Of Service Jelena Mirkovic,Peter Reiher,Alefiya Hussain,Sonia Fahmy,Stephen Schwab,Roshan Thomas,Calvin Ko University of Delaware 3. Distributed Denial of Service:Taxonomies of Attacks, Tools and Countermeasures Stephen M. Specht,Ruby B. Lee Princeton University	Valon Sejdini , Hasan Chowdhury, Xiaoming Li	13 November
3	TCP SYN Flood DoS Attack Experiments in Wireless Network Presentation TCP SYN Flood DoS Attack Experiments in Wireless Network Project Files	1. Carnegie Mellon University's Computer Emergency Response Team. http://www.cert.org/ 2. ftp://info.cert.org/pub/cert_advisories/CA96.26.ping 3. ftp://info.cert.org/pub/cert_advisories/CA96.21.tcp_syn_flooding 4. SYN Flood DoS Attack Experiments http://www.niksula.hut.fi/~dforsber/synflood/result.html 5. TCP Header Format http://www.scit.wlv.ac.uk/rfc/rfc7xx/RFC7932.gif 6. Transmission Control Protocol Specification http://www.nic.funet.fi/pub/doc/rfc/rfc793.txt 7. Wireshark User's Guide http://www.wireshark.org/docs/ 8. http://www.winpcap.org 9. http://wiki.wireshark.org/CaptureSetup 10. TCP SYN Flooding Attacks and Remedies http://www.networkcomputing.com/unixworld/security/004/004.txt.html 11. http://en.wikipedia.org/wiki/Nmap	Ashif Adnan, Aktar-uz-zaman, Alam Mohammad	13 November
4	Disassociation Attack: DoS Attack in 802.11 Wireless Network Presentation Attacking and Detection: DoS in Wireless Network by Injecting Disassociation Frames through Data Link Layer	1. “Host AP driver for Intersil Prism2/2.5/3” [Online] Available: http://hostap.epitest.fi 2. S. Anderson “A Linux Wireless Access Point HOWTO” chapter 4, v0.1, 2003, June 6, [Online] Available: http://oob.freeshell.org/nzwireless/hostap.html 3. Source Location for downloading Hostap-0.0.4 driver, [Online], Available: http://hostap.epitest.fi/releases/ 4. Source Location for downloading libwlan-0.1, [Online] Available: http://wirelessexposed.blogspot.com/2007/03/hakcing-tools-at-your-disposal.html 5. Pablo Brenner “A Technical Tutorial on the IEEE 802.11 Protocol” 1996. Breeze.com 6. Allison H. Scogin “Disabling a Wireless Network via Denial of Service” Technical Report MSU-070424 7. http://www.intel.com/support/wireless/wlan/sb/CS-025325.htm	Yufei Xu, Xin Wu and Da Teng	13 November
5	System Penetration with Metasploit Framework and nmap Presentation System Penetration with Metasploit Framework	1. Peltier, J. “Metasploit Tuorial – A New Day for System Exploits”. The Ethical Hacker Network. URL:http://www.ethicalhacker.net/content/view/29/24/ 2. Saita, Anne. ”Windows image flaw now 'extremely critical'. Information Security Magazine. Dec 29, 2005.URL:http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1154914,00.html 3. “Computer Security”.Wikepedia: The Free Encyclopedia. URL: http://en.wikipedia.org/wiki/Computer_security 4. “Software Bug”. Wikepedia: The Free Encyclopedia. URL: http://en.wikipedia.org/wiki/Computer_bug 5. “Microsoft Security Bulletin MS06-001”. Microsoft Tech Net. URL: http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx 6. “Exploit (computer security)”.Wikepedia: The Free Encyclopedia. URL: http://en.wikipedia.org/wiki/Exploit_(computer_security)	Robert Bobek	15 November
6	Fragmentation Attack on a Wireless Network Fragmentation Attack on a Wireless Network	1.Jason Anderson, An Analysis of Fragmentation Attacks, http://www.ouah.org/fragma.html; March 15, 2001 (as of Nov 04, 07) 2.spoonfork, Understanding IP Fragmentation, http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=4005; October 16, 2001 (as of Nov 04, 07) 3.Thomas Lopatic, NT Fragmentation Attack http://insecure.org/sploits/NT.no_first_fragment.IP_frag.attack.html; 10 July 1997 (as of Nov 04, 07) 4.William K. Hollis , http://digital.net/~gandalf/Rose_Frag_Attack_Explained.htm (as of Nov 04, 07) 5.http://nemesis.sourceforge.net/#unix (as of Nov 04, 07) 6.http://www.wireshark.org (as of Nov 04, 07) 7.http://www.snort.org (as of Nov 04, 07) 8.http://www.winpacp.org (as of Nov 04, 07) 9.MS00-029: Windows Hangs with Fragmented IP Datagrams, http://support.microsoft.com/default.aspx?scid=kb;en-us;259728&sd=tech, Article ID: 259728, Revision: 8.3, May 12, 2007 (as of Nov 04, 07) 10.http://www.cisco.com/warp/public/707/cisco-sa-19980910-pix-cbac-nifrag.shtml (as of Nov 04, 07) 11.G. Ziemba Alantec D. Reed Cybersource P. Traina cisco Systems, Category: Informational http://community.roxen.com/developers/idocs/rfc/rfc1858.html; October 1995 (as of Nov 04, 07) 12.Mogul, J., "Simple and Flexible Datagram Access Controls for Unix-based Gateways", Digital Equipment Corporation, March 1989. 13. http://www.packetfactory.net/projects/nemesis/.	Amar B. Patel, Mohammed Fadel Mokbel, Shushan Zhao	15 November
7	Xmas Tree Scan Wireless Jamming (DoS) attack Presentation Xmas Scan Detection with Snort Using CommView and Nmap Project Files	Kumar, Sanjeev., Smurf-based Distributed Denial of Service (DDoS) attack amplification in Internet, Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on 1-5 July 2007 P.25 25, 2007. Mirkovic, Jelena., Reiher, Peter., A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, Volume 34 Issue	Aqila Dissanayake Olalekan Kadri	15 November
8	ARP Spoofing and Man in the Middle attack using Ettercap ARP Spoofing and Man in the Middle attack using Ettercap	1. ARP spoofing, http://www.webopedia.com/TER/ A/ARP_spoofing.html 2. ARP spoofing, http://en.wikipedia.org/wiki/ARP_spoofing 3. Wireless Man in the Middle Attack Part I, http://blogs.ittoolbox.com/wireless/networks/archives/wireless-man-in-the-middle-attack-part-i-7422 4. Wireless Access Point and ARP Poisoning, http://www.packetnexus.com/docs/arppoison.pdf 5. Xarp 0.1, http://www.governmentsecurity.org/ archive/t9274.html 6. ARPwatch, http://www.securityfocus.com/tools/142 7. Nmap, http://en.wikipedia.org/wiki/Nmap 8. An Ettercap Primer , https://www2.sans.org/ reading_room/whitepapers/tools/1406.php?portal=9b1a0c905186c3963b683660224c6b0b 9. ETTERCAP – An Easy Tutorial, http://www.openmaniak.com/ettercap.php	Debashish Roy ,Rachita Singh,Katayoon Moazzami	20 November
11	Attacking a Wireless Network via De-authentication + Wireless Attack – DoS	1. Allison H. Scogin, Disabling a Wireless Network via Denial of Service, Technical Report MSU-070424. 2. S. Harris, CISSP Certification, 2nd Edition, McGraw-Hill/Osborne, Emeryville, CA, 2003, p. 873. 3. Basic Digital Forensic Investigation Concepts, http://www.digitalevidence. org/di_basics.html (current Mar 1, 2007). 4. M. S. Gast, 802.11 Wireless Networks: The Definitive Guide, 2nd Edition, OReilly Media, Inc., Sebastopol, California, 2005. 5. R. Power, 2000 CSI/FBI Computer Crime and Security Survey, Computer Security Journal, vol. 16, no. 2, 2000, pp. 33-49. 6. A. S. Tanenbaum, Computer Networks, 4th Edition, Prentice Hall, Upper Saddle River, New Jersey, 2003. 7. http://salis.iisc.ernet.in/soho/hostap_documentation1.htm, 2007 for hostap installation 8. http://www.wirelessdefence.org/Contents/Void11Installation.htm, 2007 for void11 installation	Dou Wang, JiaYing Shi, Ying Chen	20 November
12	Wired SYN Flooding as a DoS Attack Wired TCP SYN Flooding and Snort IDS Project Files	1. Clayton Bolz, W. Romney, Brandon L. Rogers, from Brigham Young University, Provo, UT. Safely train security engineers regarding the dangers presented by denial of service attacks, Conference On Information Technology Education Proceedings of the 5th conference on Information technology education, 2004 2. Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao from the Department of Computer Science and Software Engineering, The University of Melbourne, Australia. Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Computing Surveys (CSUR), Volume 39, Issue 1 (2007).	Matthew Ruston	20 November

Assignment 1 on Privacy

S.No.	Title	Reference Papers	Names	Date of Presentation
1	Analysis of privacy risks and measurement of privacy protection in web services complying with privacy policy PresentationSlides	1. Yee, G., “Visual Analysis of Privacy Risks in Web Services”, IEEE International Conference on Web Services, pp. 671-678, July. 2007. 2. Yee, G., Korba, L.,”Privacy policy compliance for Web services”, IEEE International Conference on Web Services, pp. 158-165, July. 2004. 3. Yee, G., “Measuring Privacy Protection in Web Services”, International Conference on Web Services, pp. 647–654, Sept. 2006.	Adnan, Md Ashif, Alam, Mohammad Omair and AKM, Aktaruzzaman	Thurs, October 11
2	HTTP COOKIES: EXPLOITING THE USER PresentationSlides	1. Kristol, M. D., “HTTP Cookies: Standards, Privacy, and Politics“, ACM Transactions on Internet Technology, vol. 1, no. 2, pp. 151-198, Nov. 2001. 2. Chan, T.S. A., "Mobile Cookies Management on a Smart Card", Communications of the ACM, vol. 48, no. 11, pp. 38-43, Nov. 2005.	Bobek, Robert,	Thursday, October 4
3	Enriching Privacy in Personalized Search PresentationSlides	1. Xeuhua S., Bin, T. and ChenXiang, Z., “Privacy Protection in Personalized Search”, ACM SIGIR Forum, vol. 41, no. 1, pp. 4-17, June 2007. 2. Xu, Y., Wang, K., Zhang, B., and Chen, Z., “Privacy-Enhancing Personalized Web Search”, Proceedings of the 16th international conference on World Wide Web, pp. 591-600, May. 2007.	Ruston, Matthew	October 16
4	Mobile RFID Privacy Protection PresentationSlides	1. Lee, H. and Kim, J., "Privacy threats and issues in mobile RFID", The First International Conference on Availability, Reliability and Security, pp. 510-514, 2006. 2. Kim, I. J., Choi, E.Y., and Lee, D. H., ”Secure Mobile RFID system against privacy and security problems", Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, pp. 67-72, 2007. 3. Kim, S. C., Yeo, S. S. and Kim, S. K., "MARP: Mobile Agent for RFID Privacy Protection”, Seventh Smart Card Research and Advanced Application IFIP Conference (CARDIS '06), Lecture Notes in Computer Science, pp. 300-312, 2006.	Debashis, Roy, Moazzami, Katayoon.	October 16
5	Internet Privacy issues, Modified SSL to the rescue PresentationSlides	1. Rabinovitch, E., “Protect your Users against the lates web-based threat: Malicious Code on Caching servers”, IEEE Communication Magazine, vol. 45, no. 3, pp. 20-22, March. 2007. 2. Earp, J.B., Anton, A.I., Aiman-Smith, L. and Stufflebeam, W.H., “Examining Internet Privacy Policies Within the Context of User Privacy Values”, IEEE Transactions on Engineering Management vol. 52, no. 2, pp. 227-237, May. 2005. 3. My Dad's computer, A conversation with internet security expert- William R. Cheswick (2005) in IEEE Spectrum[/list]	Olalekan, Habib Kadri	October 9
6	Privacy protection of grid service in distributed architectures PresentationSlides	1. Smith, M., Engel, M., Friese, T., Freisleben, B., Koenig, G.A., and Yurcik, W., “Security issues in on-demand grid and cluster computing,” Sixth IEEE International Symposium on Cluster Computing and the Grid Workshops, vol. 2, p. 24, 2006. 2. Porras, P.A., “Privacy-Enabled Global Threat Monitoring”, IEEE Security & Privacy Magazine, vol. 4, no. 6, pp. 60-63, Nov.-Dec. 2006. 3. Jiong, Y., Yuanda, C., Yonggang, L., and Tan, L., “Research on Security Architecture and Privacy Policy of Grid Computing System”, First International Conference on Semantics, Knowledge and Grid, p. 3, Nov. 2005.	Jiaying, Shi	October 11
7	Privacy in e-commerce PresentationSlides	1. Odlyzko, A., “privacy in e-commerce: Privacy and the clandestine evolution of e-commerce”, Proceedings of the Ninth international conference on Electronic commerce, vol. 258, pp. 3-6, Aug. 2007. 2. Moores, T., “Do consumers understand the role of privacy seals in e-commerce?” Communications of the ACM, vol. 48, no. 3, pp. 86-91, March. 2005. 3. Berendt, B., G\|nther, O., and Spiekermann, S., “Privacy in e-commerce: stated preferences vs. actual behavior”, Communications of the ACM, vol. 48, no. 4, pp. 101-106, April 2005	Sejdini, Valon, Chowdhury, Hasan, Li, Xiaoming	October 9
8	Privacy in Electronic Voting PresentationSlides	1. Keller M. A., Mertz, D., Hall J.L. and Urken, A., “Privacy issues in an electronic voting machine”, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pp. 33-34, 2004. 2. Mercuri, T. R. and Jean, C. L., “The code of elections”, Communications of the ACM, vol. 47, no. 10, pp. 52-57, Oct. 2004.	Groves, Chris	Thursday, October 4
9	Privacy in Email System PresentationSlides	1. Armour, Q., Elazmeh, W., El-Kadri, N., Japkowicz, N., and Matwin, S., “Privacy Compliance Enforcement in Email”, Advances in Artificial Intelligence, Berlin: Springer, 2005, pp. 194-204. 2. Schlegel, R. and Vaudenay, S., “Enforcing Email Addresses Privacy Using Tokens”, Lecture Notes in Computer Science, vol. 3822, pp. 91-100, 2005. 3. Butler, K., Enck, W., Plasterr, J., Traynor, P. and McDaniel, P., “Privacy Preserving Web-Based Email”, Lecture Notes in Computer Science, vol. 4332, 2006.	Ying Chen, Dou Wang	Thursday, October 4
10	Achilles Heel in the Philosophy of Prometheus Boundless Security PresentationSlides	1. Paine, C., Joinson, N. A., Buchanan, T. and Reips, U., “Privacy and Self-Disclosure Online”, Conference on Human Factors in Computing Systems, pp. 1187-1192, Apr. 2007. 2. Flinn, S. and Stoyles, S., “Omnivore:Risk Management through Bidirectional Transparency”, Proceedings of the 2004 workshop on New security paradigms, p. 9, Sep. 2004. 3. Grande D. E. R. and Zorzo, D. S.,”Privacy Protection Without Impairing Personalization by Using the Extended System MASKS and the Extended Contextualized P3P Privacy Policies”, Proceedings of the 12th Brazilian symposium on Multimedia and the web WebMedia”, p. 10, Nov. 2006.	Mokbel, Fadel Mohammad	Thursday, October 4
11	Privacy management mechanisms PresentationSlides	1. Razavi, N. M. and Iverson, L., “A grounded theory of information sharing behavior in a personal learning space", Proceedings of the 20th anniversary conference on Computer, pp. 459–468, 2006. 2. Jason, I., Jennifer, D., Lederer, S. and Landay, J. A.,"Privacy risk models for designing privacy-sensitive ubiquitous computing systems", Proceedings of the 2004 conference on Designing interactive systems: processes, practices, methods, and techniques, pp. 91-100, 2004.	Farhat, Fadi, Singh, Rachita	October 11
12	DRM and Google’s Threat to Privacy PresentationSlides	1. Conti, G., “Recipes for disaster: Googling considered harmful”, Proceedings of the 2006 workshop on New security paradigms NSPW '06, pp. 67-76, 2006. 2. “Vicarious Infringement Creates a Privacy Ceiling” Tsai , J. Y., Cranor, L. F. and Craver, S., Proceedings of the ACM workshop on Digital rights management DRM '06, pp. 9-18, 2006.	Dissanayake, Aqila	October 9
13	source-location privacy in wireless sensor network PresentationSlides	1. Kamat, P., Zhang, Y., Trappe, W. and Ozturk, C., “Enhancing Source-Location Privacy in Sensor Network Routing”, Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, pp. 599-608, June 2005. 2. Zhang, L.,”A self-adjusting directed random walk approach for enhancing source-location privacy in sensor network routing”, Proceedings of the 2006 international conference on Wireless communications and mobile computing, pp. 33-38, 2006. 3. Ozturk, C., Zhang, Y. and Trappe, W., ”Source-location privacy in energy-constrained sensor network routing”, Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks SASN '04, pp. 88-93, Oct. 2004.	Xin, Wu, Da, Teng, Yufei, Xu	Tuesday, October 9
14	Protecting Privacy in Mobile Ad-hoc Networks PresentationSlides	1. Zhang, Y., Liu, W. and Lou, W., “Anonymous Communications in Mobile Ad Hoc Networks”, Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp 1940-1951, 2005. 2. Jacobsson, M. and Niemegeers, I., “Privacy and Anonymity in Personal Networks”, Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 130-135, 2005. 3. Doetzer, F.,”Privacy Issues in Vehicular Ad Hoc Networks”, Workshop on Privacy Enhancing Technologies, May-Jun. 2005.	Patel, Amar, Zhao, Shushan	October 16

WINTER 2006

Selected Snort Signatures

IMPORTANT: PLEASE SEND the problems, that you may have encountered and the solutions you found while working on your project, to me so that these may be used to update the following three FAQs:

FAQ for Snort on Windows: compiled by Mr. Tarik El Amsy.

FAQ for Snort on Linux:: compiled by Mr. Abu Naser Mohammed Mazher Uddin.

Common FAQ for MySQL: to be compiled by Mr. Ejelike Ositadimma.

SURVEYS

Group No.

Names

Selected Papers

Tahira Farid, Anitha Prahladachar

PRESENTATION: Saturday, 8^th April 2006

PRESENTATION

REPORT

1. Yuxia Lin, A. Hamed Mohsenian Rad, Vincent W. S. Wong, Joo-Han Song,” Experimental Comparisons between SAODV and AODV Routing Protocols,” Proceedings of the 1st ACM workshop on Wireless Multimedia Networking and Performance modeling, WMuNeP Oct 2005

2. Perkins, C.E.; Royer, E.M,” Ad-hoc On-Demand Distance Vector Routing,” Proceedings of the Second IEEE Workshop on Mobile Computing Systems and Applications, WMCSA ’99

3. Pirzada, A.A.; McDonald, C,” Secure Routing with the AODV Protocol,” Proceedings of the Asia-Pacific Conference on Communications, Oct 3-5, 2005

4. Bhargava, S.; Agrawal, D.P.,” Security Enhancements in AODV protocol for Wireless Ad Hoc Networks,” Vehicular Technology Conference Oct 7-11, 2004, IEEE VTS 54th Vol. 4

Abu Naser Mohammed Mazher Uddin, Md Shamual Farhanur Rahaman

PRESENTATION: Saturday, 8^th April 2006

PRESENTATION

REPORT

1. Holgersson, J.; Soderstrom, E.; “Web service security - vulnerabilities and threats within the context of WS-security”, The 4th Conference on Standardization and Innovation in Information Technology, 2005. 21-23 Sept., 2005 Page(s):138 – 146

2. Nasution, B.B.; Kendall, E.A.; Khan, A.I.; “Algorithm Exchange of a Security Control System for Web Services Applications”, Proceedings of the 38th Annual Hawaii International Conference on System Sciences, 2005. HICSS '05. 03-06 Jan. 2005 Page(s):167a - 167a

3. Carminati, B.; Ferrari, E.; Hung, P.C.K,”Web Service Composition: A Security Perspective,” Web Information Retrieval and Integration, 2005. WIRI '05. Proceedings. International Workshop on Challenges in 08-09 April 2005 Page(s):248 – 253, Digital Object Identifier 10.1109/WIRI.2005.36

4. Rao, G.S.V.R.K ,”Threats and security of Web services - a theoretical short study,”

Communications and Information Technology, 2004. ISCIT 2004. IEEE International

Symposium on Volume 2, 26-29 Oct. 2004 Page(s):783 - 786 vol.2, Digital Object Identifier 10.1109/ISCIT.2004.1413823

El Amsy, Tarik and Duan, Lihua, Muhammad Naushin Hasan

PRESENTATION: Monday, 10^th April 2006

PRESENTATION

REPORT

Authentication Protocols for Mobile Networks

[Aydemir05] O. Aydemir and A. Selguk, “A strong user authentication protocol for GSM”, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, pp.150-153, 2005.

[Kim03] H. Kim and H. Afifi, “Improving mobile authentication with new AAA protocols,” Proc. IEEE Int. Conf. on Communications, Vol.1, pp. 497-501, May 2003.

[Liang04] W. Liang and W. Wang, “A lightweight authentication protocol with local security association control in mobile networks”, IEEE Military Communications Conference(MILCOM 2004), Vol. 1, pp. 225-231, 2004.

[Long04] M. Long, C. J. Wu, and J. D. Irwin, “Localized authentication for wireless LAN inter-networking roaming”, IEEE Wireless Communications and Networking Conference (WCNC), Vol.1, pp. 264-267, 2004

Ejelike Ositadimma and Radjabalipour Bahman

PRESENTATION: Monday, 10^th April 2006

PRESENTATION

REPORT

Electronic Cash: Security and Privacy

[1] Xiaosong Hou; Chik How Tan, "A new electronic cash model," Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on , vol.1, no.pp. 374- 379 Vol. 1, 4-6 April 2005

[2] Bo Meng; Qianxing Xiong, "Research on electronic payment model," Computer Supported Cooperative Work in Design, 2004. Proceedings. The 8th International Conference on , vol.1, no.pp. 597- 602 Vol.1, 26-28 May 2004

[3] Byler, R. What is money?. In Proceedings of the 2nd Annual Conference on Mid-South College Computing (Little Rock, Arkansas, April 02 - 03, 2004). ACM International Conference Proceeding Series, vol. 61. Mid-South College Computing Conference, Little Rock, Arkansas, 200-209. 2004.

[4] Peha, J. M. and Khamitov, I. M. PayCash: a secure efficient Internet payment system. In Proceedings of the 5th international Conference on Electronic Commerce (Pittsburgh, Pennsylvania, September 30 - October 03, 2003). ICEC '03, vol. 50. ACM Press, New York, NY, 125-130. 2003.

Vic Ho, Kashif Saeed

PRESENTATION: Saturday, 8^th April 2006

PRESENTATION

REPORT

"Multilevel Secure Database system":

[1] A dynamic method for handling the inference problem in multilevel secure databases
Chen, X.; Wei, R.; Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on Volume 1, 4-6 April 2005 Page(s):751 - 756 Vol. Digital Object Identifier 10.1109/ITCC.2005.7

[2] A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems

Rjaibi, W; Bird, P.; Proceedings of the 30th VLDB Conference, Toronto, Canada, 2004. Page(s): 1010-1020

[3] An Introduction to Multilevel Secure Relational Database Management Systems

Rjaibi, W; Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research (CASCON), October 5-7, 2004, Markham, Ontario, Canada. Page(s): 232-241

[4] Toward a Multilevel Secure Relational Data Model

Sushil, J ; Ravi, S.; ACM Sigmod International Conference on Management Data, Denver, Colorado. May 1991, Page(s): 50-59

Shamsul Wazed and

Quazi Rahman

PRESENTATION

REPORT

Secure Protocol in Wireless Sensor Networks

[1] N. Aboudagga, M.T. Refaei, M. Eltoweissy, L. DaSilva and J. Quisquater, “Authentication Protocols for Ad Hoc Networks : Taxonomy and Research Issues,” in Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks, Quebec, Canada, 2005, pp. 96-104.

[2] W. Du, R. Wang and P. Ning, “An Efficient Scheme for Authentication Public Keys in Sensor Networks,” In Proceeding of 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), IL, USA, 2005, pp. 58-67.

[3] H. Cam, S. Ozdemir, D. Muthuavinashiappan and P. Nair, “Energy Efficient Security Protocol for Wireless Sensor Networks,” Vehicular Technology Conference, 2003, vol. 5, pp. 2981-2984.

[4] C. Karlof and D. Wagner, “Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures”, in Proceedings of the 1st IEEE International Workshop on Sensor Network Protocols and Applications, Anchorage, AK, 2003.

Zillur Rahman, S S Ahmedur Rahman, Lawangeen Khan

PRESENTATION

REPORT

"Data Mining-based Intrusion Detection Systems"

1. Bruce D. Caulkins USA, Joohan Lee, Morgan Wang,” PacketVsSessionBasedModelingForID,” Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)

2. Chang-Tien Lu, Arnold P. Boedihardjo, Prajwal Manalwar,” Exploiting Efficient Data Mining Techniques to Enhance Intrusion Detection Systems,”

3. Animesh Patcha and Jung-Min Park,” Detecting Denial-of-Service Attacks with Incomplete Audit Data,”

4. Daniel Barbara, Julia Couto, Sushil Jadodia, Ningning Wu,”ADAM: A Detecting Intrusions by Data Mining,” Proceedings of the IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, 5-6 June 2001

Assignment II and Project

Group No.	Names	Assignment	Project	Additional material
1	Tahira Farid, Anitha Prahladachar	Snort Signatures	BASE	Base Presentation
2	Abu Naser Mohammed Mazher Uddin, Md Shamual Farhanur Rahaman	Snort Signatures	SAM	SAM Presentation
3	El Amsy, Tarik Duan, Lihua	Signature-based Attacks	IDS Center	Appendices IDScenterPresentation
4	Ejelike Ositadimma Bahman	SnortReport and Signatures		SnortReport Presentation
5	Vic Ho, Kashif Saeed	Signature-based Attacks	Barnyard	BarnyardPresentation
6	Shamsul Wazed and Quazi Rahman	10 Snort Signatures	Activworx Security Center	ASCPresentation
7	Muhammad Naushin Hasan, Dorian Stoilescu	10 Snort Rules	Snort Snarf	SnortSnarf Presentation
8	Zillur Rahman, S S Ahmedur Rahman, Lawangeen Khan	Selected Signatures	ACID	ACIDPresentation

ASSIGNMENT ON SECURITY ISSUES FOR DESIGN OF SYSTEMS FOR PRIVACY

S.No.	Title	Authors	Comments
1	Security Policy for Banking Organization using Smartcard	Anitha Prahladachar Tahira Farid	Comments 2_3
2	A proposed Policy Document and Technical specification for a university’s student information system, ensuring almost complete privacy and security at individual level	Uddin, Abu Rahaman, Shamual	Comments 3_4
3	Security and Privacy Planning for WalMart	Lihua Duan, El Amsy Tarik	Comments 4_5
4	Electronic Passports: Security and Privacy Issue	Ejelike Ositadimma,Bahman Radjabalipour	Comments 5_6
5	Security and Privacy Policy in Health Insurance Company	Chun-Hsien (Vic) Ho, Kashif Saeed	Comments 6_7
6	Maintaining of Secured Owner-Controlled Clinical Data	Md. Shamsul Wazed, Quazi Rahman	Comments 7_8
7	Policy and Planning for Owner-Controlled Transactional Framework for Credit Cards	Muhammad Hasan, Dorian Stoilesc	Comments 8_1
8	Security and Privacy Policy of ZAK Airlines for Smart Card Technology	Zillur Rahman, S S Ahmedur Rahman, Lawangeen Khan	Comments 1_2

FALL 2004

LIST OF SURVEY PAPERS

S.No.	Report	Presentation
1	Area of Standardization for Securing Adhoc Networks	Standardization for Securing Adhoc N/W
2	Defensive Measures for DoS Attacks	Defensive Measures for DoS Attacks
3	DDoS Attacks and Pushback	DDoS Attacks and Pushback
4	Secure Protocols for Adhoc Networks	Secure Protocols for Adhoc Networks
5	IDS: Systems and Models	IDS: Systems and Models
6	IEEE 802.11i Standard	IEEE 802.11i Standard

Project-II :

S.No.	Report	Presentation
1	Ettercap Vs. Ethereal	Ettercap Vs. Ethereal
2	KFSensor Vs. Honeyd Honeypot Systems	KFSensor Vs. Honeyd Honeypot Systems
3	Hush Mail Vs. Secure Mail	Hush Mail Vs. Secure Mail
4	NeWT Security Scanner Vs. GFI Languard	NeWT Security Scanner Vs. GFI Languard

Project-I :

S.No.	Report	Presentation
1	Shadow Security Scanner	Shadow Security Scanner
2	Microsoft Baseline Security Analyzer	Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer Test Results
3	Retina Network Security Scanner	Retina Network Security Scanner
4	HijackThis	HijackThis
5	Internet Periscope	Internet Periscope
6	FineCrypt 8.1	FineCrypt 8.1
7	Wireless Network Security: NoCat	Wireless Network Security: NoCat
8	Spybot - S&D	Spybot - S&D
9	SecureEMail	SecureEMail
10	Snort	Snort
11	Sam Spade	Sam Spade
12	KFSensor Honeypot & IDS	KFSensor:Honeypot & IDS

WINTER 2004

Project-I :

1	Report on ETHEREAL	Presentation on ETHEREAL
2	Report on ANALYZER	ABSENT
3	Report on GFI LANguard	Presentation on GFI LANguard
4	Report on NESSUS	Presentation on NESSUS
5	Report on CommView	Presentation on CommView
6	Presentation on SpyWareBlaster	Presentation on SpyWareBlaster
7	Presentation on Netcat	Presentation on Netcat

Project II:

1	Presentation on Security Space Security Audit vs. SAINT
1	Presentation on Security Space Security Audit vs. SAINT
2	Presentation on ISSSecurityScanner vs. Retina

Survey :

S.No.	REPORTS	PRESENTATION
1	Methodology of IDS Testing	Methodology of IDS Testing
2	Measures against Propagation of Viruses	Measures against Propagation of Viruses
3	Secure Inter-domain Routing	Secure Inter-domain Routing
4	Classification & Detection of Worms	Classification & Detection of Worms
5	Simulation of Attacks	Simulation of Attacks