Lightweight security for Internet polls

Alessandro Basso, Francesco Bergadano, Ilaria Coradazzi, Paolo Dal Checco

2004

Abstract

Is it possible to implement practical Internet Polls that fulfill even the weakest security requirements? The technology available today would lead to a negative answer, because of the following practical constraints: standard, unmodified browsers are used, it is not economically possible to distribute cer-tificates or even just user names and passwords, users connect from different workstations, possibly behind firewalls, proxies and address translation nodes. In this paper, we define an innovative notion of Internet Poll security, namely “Security against Massive Falsification”, and we present a method that we con-sider to be secure with respect to this definition. We discuss the security prop-erties of the method with respect to existing techniques, and then propose a public challenge for testing the strength of our claim.

References

  1. M. Blum, L. A. von Ahn, and J. Langford, The CAPTCHA Project, Completely Automatic Public Turing Test to tell Computers and Humans Apart, www.captcha.net, Dept. of Computer Science, Carnegie-Mellon University, November 2000.
  2. S.M.Bellovin, Security Problems in the TCP/IP protocol suite, Computer Communication Review, AT&T Bell Laboratories, 1989.
  3. Steven M. Bellovin, A Technique for Counting NATted Hosts, AT&T Labs Research, 2000.
  4. F. Bergadano, D. Gunetti and C. Picardi, User Authentication through Keystroke Dynamics, ACM Transactions on Information and System Security (ACM TISSEC), 5(4), 2002.
  5. Allison L. Coates, Richard J. Fateman and Henry S. Baird, Pessimal Print: A Reverse Turing Test, Sixth International Conference on Document Analysis and Recognition (ICDAR 2001), Seattle, Washington, September 10-13 2001.
  6. K.Egevang, P.Francis, The IP Network Address Translator (NAT), RFC-1631, May 1994.
  7. R.Fielding, J.Mogul, H.Frystyk, L.Masinter, P.Leach, T.Berners-Lee, Hypertext Transfer Protocol HTTP 1.1, RFC-2616, June 1999.
  8. D.Kristol, L.Montulli, HTTP State Management Mechanism, Request for Comments RFC2965, October 2000.
  9. Albert Ludwing, Ip Address Spoofing, Univ. Freiburg, www.ks.uni.freiburg.de/inetwork/papers/ipspoofingPaper.pdf
  10. G. Mori and J. Malik, Breaking a Visual CAPTCHA, UC Berkeley, http://www.cs.berkeley.edu/mori/gimpy/gimpy.html
  11. Joon S.Park, Ravi Sandhu, AreeLatha Ghanta, RBAC on the web by secure cookies, security XIII:Status and prospects, Kluwer, 2000.
  12. Eran Reshef, Izhar Bar-Gad, Web Application Security, Sanctum Inc., settembre 2000.
  13. S. V. Rice, G. Nagy, and T. A. Nartker, OCR: An Illustrated Guide to the Frontier, Kluwer Academic Publishers, 1999.
  14. Marco de Vivo, Gabriela O. de Vivo, Roberto Koeneke, Germinal Isern, Internet Vulnerabilities Related to TCP/IP and T/TCP, ACM SIGCOMM Computer Communication Review, January 1999.
Download


Paper Citation


in Harvard Style

Basso A., Bergadano F., Coradazzi I. and Dal Checco P. (2004). Lightweight security for Internet polls . In Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004) ISBN 972-8865-17-1, pages 46-55. DOI: 10.5220/0001402600460055


in Bibtex Style

@conference{egcdmas04,
author={Alessandro Basso and Francesco Bergadano and Ilaria Coradazzi and Paolo Dal Checco},
title={Lightweight security for Internet polls},
booktitle={Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004)},
year={2004},
pages={46-55},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001402600460055},
isbn={972-8865-17-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004)
TI - Lightweight security for Internet polls
SN - 972-8865-17-1
AU - Basso A.
AU - Bergadano F.
AU - Coradazzi I.
AU - Dal Checco P.
PY - 2004
SP - 46
EP - 55
DO - 10.5220/0001402600460055