|
2nd International Conference on Information Systems Security (ICISS 2006)
17-21 December 2006 Centre for Distributed Computing, Jadavpur University, India. Center for Secure Information Systems, George Mason University, USA. Birla Institute of Technology, Mesra ,Ranchi | |||||||||||
|
Tutorials
There will be four tutorials of three hour each organized in two tracks on 17 -18 December 2006.
Tutorials will be organized at the the Kolkata Extension Center of Birla Institute of Technology, Mesra, Ranchi, India (Address: Southend Conclave, 1582, Rajdanga Main Road, Kolkata - 700 107). It is located opposite Siemens Building, on the Gariahat - EM Bypass Connector..
Participants who have registered for the conference will have complimentary registration for the tutorials. Since seats are limited, participants are requested to indicate their choice of tutorials latest by 7th December, 2005.
Special registration for "tutorials only" (for resident Indians) is offered, on a first come first served basis, with the following fees:
Fees for attending tutorials INR. 600 only.
For tutorials, please contact the tutorial chairs:
Mr. P.P.Pal (Email: pinak@isical.ac.in )
Mr. R.T. Goswami (Email: rtgoswami@bitmesra.ac.in).
Tentative Schedule
To Be Decided
 |
Dr. Nasir Memon |
Professor, Computer and Information Science at Polytechnic University, New York |
|
Digital Image Forensics Abstract In the analog world, an image (a photograph) has generally been accepted as a “proof of occurrence” of the depicted event. In today’s digital age, the creation and manipulation of digital images are made simple by digital processing tools that are easily and widely available. As a consequence, the authenticity of images, analog or digital, cannot be taken for granted. Digital image forensics, in this context, is concerned with uncovering some underlying fact about an image or video and focuses mainly on two types of problems. The first is the source identification problem where the aim is to determine through what means a given image was generated and then associating it with a class of sources that have common characteristics or matching it to a specific source. The second problem is determining whether a given image has undergone any form of modification or processing after it was initially acquired. This tutorial covers many techniques developed to address the above two types of problems. The first part focuses on two aspects of source camera identification. The first aspect involves source camera-model identification. The image features that capture the characteristics of each camera are described, and experimental results obtained for digital cameras and cell-phone cameras are provided. The second aspect concerns establishing an association between a given image and a potential source digital camera based on sensor imperfections. The second part describes techniques developed for identifying images generated by a computer graphics renderer. The descriptive features of computer graphics are laid out and differences with digital camera images are discussed. In the third part, image tampering and techniques to detect doctored images are discussed along with experimental results.
| ||
 |
Dr. Partha Pal | Division Scientist, BBN Technologies |
|
Making Information Systems Survive Cyber-Attacks Abstract Experience teaches us that attack prevention cannot be absolute—some attacks will succeed, new attacks will always be found. It turns out that intrusion detection is not accurate either—some attacks will go undetected or will not be detected early enough. But more and more aspects of our daily lives and national security are becoming critically dependent on information systems. What can be done to defend our information systems against cyber-attacks, which is effectively an arms race that is inherently asymmetric and favors the adversary? The only approach that seems to hold promise is to build survivable systems—systems that keep continue to work despite ongoing attacks. But survivable systems do not “happen” automagically—and everything labeled as “survivable” may not in fact be so survivable after all. In this tutorial, we will navigate our ways through the past epochs of cyber-defense to explain what survivability really means, and how does one develop—i.e., design, implement and validate—survivable systems. We will start with the problems and explain the challenges in making a distributed information system survive adversarial attacks. Then we will describe general principles for a survivable system design, give examples of survivability architecture, and present a case study of how a pathfinder survivable system was developed, internally tested and was finally taken to a proving ground for multiple rounds of red-team exercises. The resulting system, which combined a number of COTS and research-grade technologies, withstood multiple hours of attacks by sophisticated red teams who were given full knowledge, and often inside access to the defended system. To contrast this, consider the fact that it takes on the order of minutes for the adversary to completely disrupt the undefended version of the same system. Expected audience includes system architects and analysts, distributed systems developers and service providers, stakeholders in critical information systems (defense, critical infrastructure etc), and researchers interested in advancing cyber-defense.
| ||
 |
Dr. Ravi Mukkamala |
Professor, Department
of Computer Science,
Old Dominion University,
Norfolk, Virginia,
USA |
|
A Tutorial on Public Key Infrastructure (PKI) Abstract Today, digital certificates are being used as a valid form of user credentials in almost all e-transactions, especially in e-commerce. PKI is a standard for a trusted third-party to vouch for the credentials of an entity. In that sense it provides information assurance and identity managementwith regard to clients to service providers. In this tutorial, we discuss several aspects of PKI including the details of the infrastructure, the issues in managing certificate authority (CA), different types of certificates and their format, certificate verification, path validation, certificate revocation, and the application of certificates in several applications. In addition to the standard PKI, we look at the alternate forms of PKI such as SPKI and wireless PKI. The tutorial considers both the practical aspects of PKI as well as research issues in PKI and related areas. | ||
| Dr. Subhamoy Maitra |
Associate Professor, Indian Statistical
Institute
| |
|
Cryptographic Techniques In Wireless Sensor Networks Abstract Secured communication among the sensor nodes is one of the most challenging problems in the areas of sensor networks and cryptography. Consider a scenario where N number of sensor nodes need to communicate among themselves where the geographical positioning of the nodes may or may not be decided a priori. The first requirement is to set up a common secret key between any two nodes. The simplest option is to maintain different secret keys for each of the pairs. Then each of the nodes needs to store N-1 keys. Given (i) the huge number of sensor nodes generally deployed, (ii) the memory constraint of the sensor nodes, this solution is not practical. In this direction we will first discuss on-line key exchange based on public key framework. Very recently implementations of ECC and RSA on 8-bit CPUs have been proposed. We will present a brief outline of public key frameworks, e.g., RSA and ECC and then discuss how they can be efficiently implemented in constrained hardware. We will also note that implementation of public key frameworks in constrained hardware is not very fast and it may be interesting to explore key predistribution strategies based on combinatorial design. Basic ideas of combinatorial designs and their applications to key predistribution strategies will be discussed. Once the secret key set up is completed, we need efficient private key cryptosystems for actual communications. We will explain some existing stream and block ciphers and then study how they can be efficiently implemented on low end hardwares. We will present the implementation of well known stream cipher RC4 on low end devices. Further we will explore the performance of AES (block cipher accepted by NIST) on low end hardware.
| ||
|
Home Call For Papers Registration Author Instructions Committees Tutorials Proceedings Location Accommodation Sponsors |
|
Indian Statistical institute, Kolkata, India
Center For
Distributed Computing Jadavpur University Center for Secure Information Systems, George Mason University, Fairfax, VA
Mesra Ranchi |
