Archive for September, 2012

The Anti-Spoofing Techniques within a TSF

The TSF allows for the use of dynamic recognition techniques (like our new techniques) since
there is no requirement of binding to real-world identities. Because participating users can
be recognised and not easily spoofed, a user can rely on his/her own observations to compute
its trustworthiness. However, the recognition is so low for non-participating users (who use
no added anti-spoofing protection) that it is not possible to compute an explicit trust value
in the senders based on past local interactions. Still, the TSF is useful due to its
collaboration feature, which is used to reduce uncertainty by making the knowledge of trusted
peers available to the anti-spam tool. For example, the collaboration features of the TSF may
also improve Bayesian filters – the TSF allowing the trustworthiness of collaborators to be
explicitly computed and evolve dynamically. So that if a misclassification due to the Bayesian
filter occurs, the incriminated email along with its correct classification (spam or non-spam)
may be pushed as a recommendation to other users. Based on the trust value of the recommender,
the receiver could add the embedded email to its local corpus of spam or anti-spam email
according to the embedded correct classification. Then, the Bayesian filter may be retrained in
order to be improved.

Concerning the implementations details of ER, if we take the example of the email system where
simple text email addresses are used for recognition, the ER process is mapped to:

  1. a new email is received;
  2. the text email address is compared to already stored email addresses;
  3. if this is a new email address, this one is optionally stored for convenience if replies are sent to this email address;
  4. the email is delivered in the Inbox folder of the user’s email client.

In our system, it is changed to the steps described in Fig. 1

Fig. 1: ER/TSF Global View



, , , , ,

Leave a comment

Threshold Signature of the On-line Certificate

Each member in the coalition checks the validity of the Config_Cert_Request message, looks
in its CRL and BL tables if no member of the coalition is malicious nor his public key is
revoked. If this holds, then each member starts the threshold signature protocol providing an
‘On-line Joint IP address and Public Key Certificate’ for the requester. The member of the
coalition with the lowest IP address will act as the combiner of the partial signatures, replies to
the requester by a Config_Cert_Reply message, and has in addition the task to inform all
nodes by a Config_Advert message that an IP address has been attributed to the node in
question. Then, all nodes increment its Requester Counter (RC) and delete this address from
the FAT and save it in the PAT. Hence, a new coming node will not have the possibility of
choosing this address.

If a malicious node has been discovered among the coalition members, a Config_Alert message
is sent to the honest members of the coalition and to the new joining node. This message
includes the list of approved malicious members and/or the list of approved revoked public
keys. The algorithm for this processing is shown in Figure 1.

The new joining node checks the correctness of this information by means of the On-line
Certificate Authority’s public key. Hence, it will be able to isolate the misbehaving nodes
(either the node sending the Config_Alert message or nodes appearing in this message).
Subsequently, the requester performs a new coalition selection while excluding the malicious

Figure 1:  Processing a certification request by a co-signer

, , , , , , ,

Leave a comment

The Benefits of Internet Marketing

Here are some examples of the time and cost-saving benefits of using the Internet to
market your products or services:

  • The Internet is the widest channel of communication available to small
    businesses. It can help level the playing field for small businesses on a
    limited budget that seek to compete in large markets. No other
    communications medium enables you to operate a business from your home,
    while giving a small business the appearance of a larger, more established
  • Marketing your product or service online offers the opportunity for increased
    communication with your target market through techniques such as
    interactive websites, email newsletters, online surveys and forms, blogs, and
    discussion groups. The Internet allows you to collect immediate feedback from
    your client base with little out-of-pocket expense.
  • Print marketing materials and advertising strategies can be expensive to
    produce and traditionally have a short shelf life. Internet marketing techniques
    such as websites, banner ads and email newsletters, can be produced at a
    reasonable cost, can contain more timely information than print brochures, and
    can be immediately and cost-effectively updated as your business

Finding success online is no different from finding it offline. Choosing the right product or
service and designing an appropriate online and offline marketing mix are key to
successful Internet marketing.

, , , , , , , ,

1 Comment

Supporting NAT with active FTP mode

To support active mode FTP traffic from clients, you need to configure an
additional wildcard virtual server and apply an FTP profile to it. We create
this virtual server so the BIG-IP system can detect the ephemeral data port
which the client opens, and rewrite it to the SNAT address/available
ephemeral port. The BIG-IP system also listens on the address/port (that it
rewrites) and translates it to the actual address/port to which the client is

The first task in this section is to create a FTP profile.

To create the FTP profile

  • On the Main tab, expand Local Traffic, and then click Profiles. The HTTP Profiles screen opens.
  • On the Menu bar, from the Services menu, click FTP.
  • Click the Create button.
  • In the Name box, type a name. In our example, we type LSN-ftp.
  •  Configure any of the settings as applicable for your configuration. In our example, we leave the defaults.
  • Click Finished.

Next we create the virtual server.

To create the wildcard virtual server

  1. On the Main tab, expand Local Traffic, and then click Virtual Servers.
  2. Click the Create button.
  3. In the Name box, type a name. We type FTP_wildcard.
  4. In the Destination row, click the Network option button.
  5. In the Address box, type
  6. In the Mask box, type
  7. In the Service Port box, type 21 or select FTP from the list.
  8. Leave the Type list set to Standard.
  9. From the FTP Profile list, select profile you created in the preceding procedure. In our example, we select LSN-ftp.
  10. Optional: From the VLAN and Tunnel Traffic (or VLAN Traffic in some versions) list, select Enabled on.
    From the Available list, select the appropriate VLANs and then click the Add (<<) button.
  11. From the SNAT Pool list, select the SNAT Pool you created in Creating the SNAT Pool. In our example, we select LNS-snat-pool.
  12. Click Finished.

, , , , , , , , , , , ,

Leave a comment

Using XML Signature

A digital signature is a cryptographic value that enables a recipient to verify the source and validity of
an incoming message. XML Signature defines an XML syntax for digital signatures.

When you enable SOAP header processing for a particular virtual service, the ACE XML Gateway
validates XML signatures in incoming messages received at the interface defined by the object. If a
signature does not match the element that is signed, the message is rejected.

Signature validity may not alone ensure message integrity—the signature could have been generated
using any certificate, including one issued by an untrusted source. If using XML Signature as part of
your implementation strategy, you should also specify which Certificate Authorities you want to be
trusted, and direct the ACE XML Gateway to accept only signatures generated with certificates issued
by those trusted CA.

Enabling header processing causes signatures to be validated if present in an incoming message (and
causes messages with invalid signatures to be blocked), but it doesn’t require a message to have a

The final step in configuring XML Signature, therefore, is specifying the elements of the incoming
message that must be signed. In the policy configuration, you can require a signature covering one or
more of:

  • the message timestamp (a common practice in Web service implementations).
  • the first element below the SOAP body.
  • a particular element you specify by XPath. Each XPath expression you specify must resolve to a
    signed XML element whose signature must be valid for the ACE XML Gateway to accept the

, , , , , , , ,

Leave a comment


Unlike traditional client-server distributed storage systems, where storage space is
supplied only by servers, Wuala is a P2P system, with more than 110 million
stored files, where each node can be supplier and client at the same time. The main
reason of the success of Wuala is the guaranteed high resource availability (99.99%
guarantee of file availability). Each new user is immediately allowed to use 1 GB of
free storage space. Moreover, users may buy more storage space and possibly sell their
own local disk space.

The distributed architecture of Wuala is based on Chord, probably the most diffused P2P
overlay scheme adopting the Distributed Structured Model (DSM) i.e., implementing a DHT
to store data or, in general, information about resources. In Chord, like in every other
decentralized structured overlay schemes, the responsibility of storing data (fragments,
in our case, or general information about shared resources) is uniformly distributed among

In Chord each data block is identified by a unique key (a m-bit hash of the block’s name)
and described by a value (typically a pointer to the block’s owner). Each node n is
assigned a random identifier in the same space of keys, and it is responsible for storing
key/value pairs for a limited subset of the entire key space. Each node maintains a
routing table with up to m entries, called the finger table. A scalable lookup algorithm
based on finger tables is defined for contacting a successor in this kind of network.
It can be proved that, with high probability, the number of nodes that must be contacted
to find a successor in a network composed by N nodes is O(logN).

With respect to the traditional Chord structure, illustrated above, Wuala defines three
node classes: Super Nodes, responsible for message routing in the whole network, Storage
Nodes, whose duty is to provide at least 1 GB disk space for storing data, and Client
Nodes, which publish and retrieve files.

, , , , , , , , ,

Leave a comment


Digital watermarking has been used since the 1990s in an impressive variety of business applications,
including broadcast monitoring, deterrence of pre-release leaks of movies and music through forensic
content tracking, rights management, remote triggering of devices and counterfeit deterrence.
Watermarking is a proven, scalable and widely deployed technology that identifies content accurately,
reliably, and quickly. The technology has already been integrated in both traditional and digital workflows in
multiple industries.

Digital watermarking involves a simple process of embedding imperceptible digital information into all forms
of content, including images, documents, audio and video. Because the watermark is imperceptible, it will
not interfere with consumers’ enjoyment of the content they consume. Once embedded, the watermark
persists with the content through manipulation, copying, compression, file conversions and virtually any
other transformation that digital content can undergo. The watermark can carry information that allows the
content itself to “communicate” where it comes from, who owns it, how it may be used, and whatever other
information the holder of copyright wishes to convey. A watermark may also be used to trigger predefined
automatic actions, including linking to websites or other interactive experiences.

The persistence of digital watermarks is important, because online content is routinely copied, shared,
transformed and re-purposed in an increasing variety of ways, which means that identifiers and metadata
carried by the container of the content (file headers, bit streams, etc.) can easily be damaged or lost as
content is disseminated across the web. A watermark persists as an intrinsic part of the content,
independent of the container or how it is packaged, and it is easily detectable by devices – from enterprise
servers to the smallest consumer handhelds – equipped with a reader application. The watermark’s
persistence in the content itself means that it is always present and fully functional as an identifier,
independent of packaging, distribution channels, platforms or devices that deliver the content to the

Another key characteristic of digital watermarking is its ability to identify content at the level of individual
items. Unique identifiers can be embedded in every instance or copy of a particular piece of content. For
example, the distributor of a movie can watermark each individual copy of that movie with its own unique
identifiers, so that the digital path that each copy takes as it travels among organizations, individuals and
devices can be traced. The same mechanism can be used to distinguish between trailers and full-length
copies of a film. Such features become especially useful when content identification is used for tracking,
auditing and reporting, and can provide important insights into usage patterns and consumer behavior in
highly specific contexts.

, , , , , , , , , ,

Leave a comment

%d bloggers like this: