Contents -- Preface -- Editors -- Part 1 Security in Internet -- Chapter 1 Security Issues in the TCP/IP Suite Prabhaker Mateti -- 1.1. Introduction -- 1.2. Attack Techniques -- 1.2.1. Sniffing -- 1.2.2. Buffer Overflow -- 1.2.3. Spoofing -- 1.2.4. Poisoning -- 1.2.5. Illegal Packets -- 1.2.6. Finger Printing a System -- 1.2.7. Storms -- 1.2.8. Denial of Service -- 1.2.9. Distributed Denial of Service -- 1.3. ARP Poisoning -- 1.4. ICMP Exploits -- 1.5. IPv4 Exploits -- 1.5.1. IP Address Spoofing -- 1.5.1.1. Detection of IP Spoofing -- 1.5.1.2. Prevention of IP Spoofing -- 1.5.2. IP Fragment Attacks -- 1.6. Routing Exploits -- 1.7. UDP Exploits -- 1.8. TCP Exploits -- 1.8.1. TCP Sequence Number Prediction -- 1.8.2. Closing Connections -- 1.8.3. TCP Reset Attack -- 1.8.4. Low-Rate/Shrew TCP Attacks -- 1.8.5. ACK Tricks -- 1.8.6. Illegal Segments: SYN+FIN -- 1.8.7. Simultaneous Connections -- 1.8.8. Connection Hijacking -- 1.8.9. Connection Flooding -- 1.9. DNS Exploits -- 1.9.1. Protocol Refresher -- 1.9.2. Security Threats of the Protocol -- 1.9.2.1. DNS Zone Transfers -- 1.9.2.2. DNS Cache Poisoning -- 1.9.2.3. DNS Forgery -- 1.9.2.4. Domain Hijack -- 1.9.3. DNS Infrastructure -- 1.9.3.1. Server Software -- 1.9.3.2. Denial of Service Attack -- 1.9.3.3. Reconnaissance -- 1.9.4. DNSSEC -- 1.9.5. Best Practices -- 1.9.6. New Developments -- 1.10. Covert Channels -- 1.11. Traffic Scrubbing -- 1.12. Conclusion -- Acknowledgements -- References -- Chapter 2 New Internet Threats: An Overview of Spam Email and Spyware Ming-Wei Wu, Yennun Huang and Sy-Yen Kuo -- 1. New Internet Threats -- 1.1. Spam email: A new form of denial-of-service -- 1.2. Spyware: A new form of zero-day exploit -- 2. An Overview of Spam Email and Spyware -- 2.1. Analysis of related anti-spam solutions -- 2.1.1. Munging -- 2.1.2. Listing -- 2.1.3. Filtering -- 2.1.4. Shaping.

2.1.5. Pricing -- 2.1.6. Challenging -- 2.1.7. Identity-hopping (aliasing) -- 2.2. Analysis of spyware interfaces -- 2.2.1. Web beacons -- 2.2.2. Drive-by downloads -- 2.2.3. One-click plug-ins -- 2.2.4. Startup file -- 2.2.5. Startup registry -- 2.2.6. Startup folder Startup folder -- 2.2.7. Environmental variable: Path -- 2.2.8. Service: DLL -- 2.2.9. Service: BHO -- 2.2.10. Service: Shell -- 2.2.11. Kernel driver and module -- 3. Discussion and Summary -- 3.1. Fighting spam email requires a multi-faceted approach -- 3.2. Fighting spyware requires a stateful approach -- References -- Chapter 3 Securing Multimedia and VoIP Content with the Secure Real-time Transport Protocol Michael Oehler -- 3.1. Introduction -- 3.2. Multimedia Protocols and the Network Stack -- 3.3. Real-time Transport Protocol -- 3.4. Secure RTP -- 3.4.1. SRTP Implicit Packet Index -- 3.4.2. Receiver's Implicit Index Estimation -- 3.4.3. Session Key Derivation -- 3.5. Key Stream Generation -- 3.6. Security Services -- 3.6.1. Encryption -- 3.6.2. Message Authentication and Data Integrity -- 3.6.3. Replay Protection -- 3.7. Overall Processing for SRTP -- 3.8. Remarks -- Acknowledgments -- References -- Part 2 Security in Distributed Systems -- Chapter 4 Cover-Free Families and Their Applications San Ling, Huaxiong Wang and Chaoping Xing -- 4.1. Introduction -- 4.2. Bounds -- 4.3. Constructions -- 4.3.1. Constructions from error-correcting codes -- 4.3.2. Constructions from perfect hash families -- 4.3.3. Constructions from designs -- 4.4. Applications -- 4.4.1. Key distribution in networks -- 4.4.2. Antijamming systems -- 4.4.3. Secure multicast -- 4.4.4. Broadcast authentication -- 4.4.5. Secret sharing schemes -- 4.5. Conclusions -- References.

Chapter 5 Group Rekeying in Multi-Privileged Group Communications for Distributed Networking Services Guojun Wang, Jie Ouyang, Hsiao-Hwa Chen and Minyi Guo -- 1. Introduction -- 2. Preliminaries -- 2.1. System descriptions -- 2.1.1. One-dimensional data stream -- 2.1.2. Multi-dimensional data stream -- 2.2. Logical key hierarchy -- 2.3. Requirements of the rekeying schemes for multi-privileged group communications -- 3. The Existing Key Management Schemes -- 3.1. Multi-group key management scheme (MGKMS) -- 3.1.1. Key graph construction -- 3.1.2. Rekeying algorithm -- 3.1.3. Summary -- 3.2. Hierarchical access control key management scheme (HACKMS) -- 3.2.1. Key graph construction -- 3.2.2. Summary -- 3.3. Dynamic access control scheme (DACS) -- 3.3.1. Key graph construction -- 3.3.2. Rekeying algorithm -- 3.3.3. Summary -- 3.4. Distributed key management scheme (DKMS) -- 3.4.1. Key graph construction -- 3.4.2. Rekeying algorithm -- 3.4.3. Summary -- 4. Our Proposed Scheme -- 4.1. Identification of a key -- 4.2. Rekeying algorithm -- 4.2.1. Single user join -- 4.2.2. Single user leave -- 4.2.3. Single user switch -- 4.2.4. Batch update operation -- 5. Conclusion -- Acknowledgments -- References -- Chapter 6 Access Control Policy Negotiation for Remote Hot-Deployed Grid Services Jinpeng Huai, Wei Xue, Yunhao Liu and Lionel M. Ni -- 1. Introduction -- 2. Background and Related Works -- 2.1. Access Control -- 2.2. Policy Language -- 3. Access Control Policy Language -- 3.1. Notations -- 3.2. Definition of Authorization Policies -- 4. Negotiation Procedure & Meta-Policies -- 5. CROWN.ST Prototype Implementation -- 6. Complexity Analysis -- 7. Performance Evaluation -- 8. Conclusions and Future Works -- References -- Appendix -- Part 3 Security in Pervasive Computing.

Chapter 7 Low-Cost Radio Frequency Identification Security Yang Xiao, Larissa Klimpel, Kaveh Ghaboosi and Jingyuan Zhang -- 7.1. Introduction -- 7.2. RFID Security and Privacy Issues -- 7.3. General Techniques for Security Solutions -- 7.4. Specific Security Solutions -- 7.4.1. Faraday Cage -- 7.4.2. Blocker Tag -- 7.4.3. Hash-Based and Randomized Access Controls, Silent Tree Walking -- 7.4.3.1. Hash-Based Access Control -- 7.4.3.2. Randomized Access Control -- 7.4.3.3. Silent Tree Walking -- 7.4.4. Authentication of Readers -- 7.4.5. Anti-Counterfeiting of RFID -- 7.5. Conclusions -- References -- Chapter 8 Energy Consumption of Key Distribution in 802.15.4 Beacon Enabled Cluster with Sleep Management Jelena Mišić -- 8.1. Introduction -- 8.2. An overview of 802.15.4 beacon enabled MAC -- 8.3. Symmetric-key key establishment protocol -- 8.4. Analytical model of the cluster with SKKE -- 8.4.1. Analysis of node's packet queue -- 8.5. Medium behavior and packet service time -- 8.6. Performance evaluation -- 8.7. Conclusion -- References -- Chapter 9 Securing Wireless Networks Using Device Type Identification Cherita Corbett, Raheem Beyah and John Copeland -- 9.1. Introduction -- 9.2. Current Approaches -- 9.3. Wireless Network Interface Card -- 9.4. Opportunities for Distinction -- 9.4.1. Software/Hardware Split -- 9.4.2. Implementation of 802.11 Services -- 9.4.3. Configuration of the Wireless Network Interface Card -- 9.4.4. Acceleration Software/Hardware -- 9.5. Scanning -- 9.6. An Approach to Device Type Identification -- 9.6.1. Rationale for Spectral Analysis -- 9.6.2. Signal Representation -- 9.6.3. Power Spectrum Density -- 9.6.4. Comparing Spectra -- 9.7. Device Identification using Scanning -- 9.7.1. Experimental Setup -- 9.7.1.1. Client Setup -- 9.7.1.2. Data Collection -- 9.7.2. Statistical Analysis -- 9.7.3. Spectral Analysis.

9.7.3.1. Qualitative Results -- 9.7.3.2. Quantitative Results -- 9.7.3.3. Discussion -- 9.8. Conclusion -- References -- Part 4 Security in Sensor Networks -- Chapter 10 Security in Distributed Sensor Network Time Synchronization Services Fei Hu, Ramesh Vaithiyam Krishnaram and Sunil Kumar -- 1. Introduction -- 1.1. Introduction to Time Synchronization in WSN -- 2. WSN Time Synchronization Protocols: Classification1 -- 2.1. Internal Synchronization Principles -- 2.2. Application-Dependent Features -- 2.3. Major Time Synchronization Protocols -- 2.3.1. Reference Broadcast Synchronization (RBS) Protocol -- 2.3.2. Time-Diffusion Synchronization Protocol -- 2.3.3. TPSN - Timing-sync Protocol for Sensor Networks -- 2.3.4. FTSP - Flooding Time Synchronization Protocol -- 3. Time Synchronization Security -- 3.1. Background -- 3.2. Delay Attack -- 3.3. Authentication Issues -- 3.4. Using Hardware Security Characteristics -- 3.5. Enhance Security through Redundancy and Reliability -- 3.6. Attacks on Underwater WSN Synchronizations -- 4. Conclusions -- References -- Chapter 11 Key Management in Wireless Sensor Networks Yu-Kwong Kwok -- 11.1. Introduction -- 11.2. Key Predistribution -- 11.3. Key Predistribution with Deployment Knowledge -- 11.4. Key Establishment -- 11.5. Discussions and Future Work -- 11.6. Concluding Remarks -- Acknowledgments -- References -- Chapter 12 Secure Network Programming in Wireless Sensor Networks Tassos Dimitriou and Ioannis Krontiris -- 12.1. Introduction -- 12.2. Network Programming -- 12.3. Problem Definition -- 12.4. Basic Solution -- 12.5. An r-time Signature Scheme -- 12.5.1. Choosing the right parameters -- 12.6. Building a Secure Program Image -- 12.6.1. Memory requirements -- 12.6.2. Time requirements -- 12.6.3. Updating the public key -- 12.7. Conclusions -- References -- Part 5 Security in Ad Hoc Networks.

Chapter 13 Bootstrapping Security in Mobile Ad Hoc Networks Using Identity-Based Schemes Katrin Hoeper and Guang Gong.