http://puma.uni-kassel.de/user/jaeschke/securityPUMA RSS feed for /user/jaeschke/security2013-05-20T10:20:14+02:00http://puma.uni-kassel.de/bibtex/27be2b4bf0987c4d18adf7243eae690c0/jaeschkejaeschke2012-12-21T10:15:28+01:00access analysis attribute concept control exploration fca formal security <span class="authorEditorList"><a href="/author/Obiedkov">Sergei Obiedkov</a>, <a href="/author/Kourie">Derrick G. Kourie</a>, und <a href="/author/Eloff">J.H.P. Eloff</a>. </span><em>Computers and Security</em> <em>28(1–2):2--7</em> (<em>2009</em>)Fri Dec 21 10:15:28 CET 2012Computers and Security1–22--7Building access control models with attribute exploration282009access analysis attribute concept control exploration fca formal security The use of lattice-based access control models has been somewhat restricted by their complexity. We argue that attribute exploration from formal concept analysis can help create lattice models of manageable size, while making it possible for the system designer to better understand dependencies between different security categories in the domain and, thus, providing certain guarantees for the relevance of the constructed model to a particular application. In this paper, we introduce the method through an example.http://puma.uni-kassel.de/bibtex/2283f8a780ac47746cc3031ad47bfdf9c/jaeschkejaeschke2012-10-22T14:46:13+02:00analysis concept example fca formal grundschutz gshb security <span class="authorEditorList"><a href="/author/Becker">Klaus Becker</a>, <a href="/author/Stumme">Gerd Stumme</a>, <a href="/author/Wille">Rudolf Wille</a>, <a href="/author/Wille">Uta Wille</a>, und <a href="/author/Zickwolff">Monika Zickwolff</a>. </span><em>Knowledge Engineering and Knowledge Management Methods, Models, and Tools, </em><em>Volume 1937 von Lecture Notes in Computer Science, </em><em>Springer, </em><em>Berlin/Heidelberg, </em>(<em>2000</em>)Mon Oct 22 14:46:13 CEST 2012Berlin/HeidelbergKnowledge Engineering and Knowledge Management Methods, Models, and Tools352--365Lecture Notes in Computer ScienceConceptual Information Systems Discussed through an IT-Security Tool19372000analysis concept example fca formal grundschutz gshb security Conceptual Information Systems are based on a formalization of the concept of ‘concept’ as it is discussed in traditional philosophical logic. This formalization supports a human-centered approach to the development of Information Systems. We discuss this approach by means of an implemented Conceptual Information System for supporting IT security management in companies and organizations.http://puma.uni-kassel.de/bibtex/2a20d5aa858b63fcf5d2daf908fec874f/jaeschkejaeschke2012-04-16T14:44:05+02:00captcha cirg collective computing intelligence ocr recaptcha security social <span class="authorEditorList"><a href="/author/von Ahn">Luis von Ahn</a>, <a href="/author/Maurer">Benjamin Maurer</a>, <a href="/author/McMillen">Colin McMillen</a>, <a href="/author/Abraham">David Abraham</a>, und <a href="/author/Blum">Manuel Blum</a>. </span><em>Science</em> <em>321(5895):1465--1468</em> (<em>2008</em>)Mon Apr 16 14:44:05 CEST 2012Science58951465--1468reCAPTCHA: Human-Based Character Recognition via Web Security Measures3212008captcha cirg collective computing intelligence ocr recaptcha security social CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are widespread security measures on the World Wide Web that prevent automated programs from abusing online services. They do so by asking humans to perform a task that computers cannot yet perform, such as deciphering distorted characters. Our research explored whether such human effort can be channeled into a useful purpose: helping to digitize old printed material by asking users to decipher scanned words from books that computerized optical character recognition failed to recognize. We showed that this method can transcribe text with a word accuracy exceeding 99%, matching the guarantee of professional human transcribers. Our apparatus is deployed in more than 40,000 Web sites and has transcribed over 440 million words.http://puma.uni-kassel.de/bibtex/23c8aa0e647903603ddce90c1642b89b2/jaeschkejaeschke2010-10-11T15:39:09+02:00captcha image recognition security web <span class="authorEditorList"><a href="/author/Zhu">Bin B. Zhu</a>, <a href="/author/Yan">Jeff Yan</a>, <a href="/author/Li">Qiujie Li</a>, <a href="/author/Yang">Chao Yang</a>, <a href="/author/Liu">Jia Liu</a>, <a href="/author/Xu">Ning Xu</a>, <a href="/author/Yi">Meng Yi</a>, und <a href="/author/Cai">Kaiwei Cai</a>. </span><em>CCS &#039;10: Proceedings of the 17th ACM conference on Computer and communications security, </em><em>Seite 187--200. </em><em>New York, NY, USA, </em><em>ACM, </em>(<em>Oktober 2010</em>)Mon Oct 11 15:39:09 CEST 2010New York, NY, USACCS '10: Proceedings of the 17th ACM conference on Computer and communications securityoct187--200Attacks and design of image recognition CAPTCHAs2010captcha image recognition security web We systematically study the design of image recognition CAPTCHAs (IRCs) in this paper. We first review and examine all existing IRCs schemes and evaluate each scheme against the practical requirements in CAPTCHA applications, particularly in large-scale real-life applications such as Gmail and Hotmail. Then we present a security analysis of the representative schemes we have identified. For the schemes that remain unbroken, we present our novel attacks. For the schemes for which known attacks are available, we propose a theoretical explanation why those schemes have failed. Next, we provide a simple but novel framework for guiding the design of robust IRCs. Then we propose an innovative IRC called Cortcha that is scalable to meet the requirements of large-scale applications. It relies on recognizing objects by exploiting the surrounding context, a task that humans can perform well but computers cannot. An infinite number of types of objects can be used to generate challenges, which can effectively disable the learning process in machine learning attacks. Cortcha does not require the images in its image database to be labeled. Image collection and CAPTCHA generation can be fully automated. Our usability studies indicate that, compared with Google's text CAPTCHA, Cortcha allows a slightly higher human accuracy rate but on average takes more time to solve a challenge.http://puma.uni-kassel.de/bibtex/20efc5c0ef9a17c35402c654ff76247b0/jaeschkejaeschke2010-10-11T15:30:59+02:00attack automation home rfid security sensor <span class="authorEditorList"><a href="/author/Srinivasan">Vijay Srinivasan</a>, <a href="/author/Stankovic">John Stankovic</a>, und <a href="/author/Whitehouse">Kamin Whitehouse</a>. </span><em>UbiComp &#039;08: Proceedings of the 10th international conference on Ubiquitous computing, </em><em>Seite 202--211. </em><em>New York, NY, USA, </em><em>ACM, </em>(<em>2008</em>)Mon Oct 11 15:30:59 CEST 2010New York, NY, USAUbiComp '08: Proceedings of the 10th international conference on Ubiquitous computing202--211Protecting your daily in-home activity information from a wireless snooping attack2008attack automation home rfid security sensor In this paper, we first present a new privacy leak in residential wireless ubiquitous computing systems, and then we propose guidelines for designing future systems to prevent this problem. We show that we can observe private activities in the home such as cooking, showering, toileting, and sleeping by eavesdropping on the wireless transmissions of sensors in a home, even when all of the transmissions are encrypted. We call this the Fingerprint and Timing-based Snooping (FATS) attack. This attack can already be carried out on millions of homes today, and may become more important as ubiquitous computing environments such as smart homes and assisted living facilities become more prevalent. In this paper, we demonstrate and evaluate the FATS attack on eight different homes containing wireless sensors. We also propose and evaluate a set of privacy preserving design guidelines for future wireless ubiquitous systems and show how these guidelines can be used in a hybrid fashion to prevent against the FATS attack with low implementation costs.