132,076 research outputs found
Key management in wireless sensor networks
We refer to a distributed architecture consisting of sensor nodes connected by wireless links and organized in a tree shaped hierarchy. We present a paradigm for the management of the cryptographic keys used by nodes to communicate, and we consider the problems connected with key generation, distribution, and replacement. In our paradigm, names are assigned to nodes by using a uniform scheme, which is based on the position of the given node in the node hierarchy. Each node holds a hierarchical key to communicate with its ancestors, and a level key to communicate with its siblings. A single, publicly-known parametric one-way function is used to assign hierarchical keys to nodes, in an iterative procedure that starts from the key of the root of the node hierarchy, and proceeds downwards to the lowest hierarchical levels. A similar procedure is used to generate the level keys. The total memory requirements for key storage are extremely low. The number of keys exchanged in a key replacement process is kept to a minimum. Dynamic access control is fully supported, whereby new nodes can be added to the node hierarchy, and existing nodes can be evicted from the hierarchy
ESPOON: Enforcing Security Policies In Outsourced Environments
Data outsourcing is a growing business model offering services to individuals
and enterprises for processing and storing a huge amount of data. It is not
only economical but also promises higher availability, scalability, and more
effective quality of service than in-house solutions. Despite all its benefits,
data outsourcing raises serious security concerns for preserving data
confidentiality. There are solutions for preserving confidentiality of data
while supporting search on the data stored in outsourced environments. However,
such solutions do not support access policies to regulate access to a
particular subset of the stored data.
For complex user management, large enterprises employ Role-Based Access
Controls (RBAC) models for making access decisions based on the role in which a
user is active in. However, RBAC models cannot be deployed in outsourced
environments as they rely on trusted infrastructure in order to regulate access
to the data. The deployment of RBAC models may reveal private information about
sensitive data they aim to protect. In this paper, we aim at filling this gap
by proposing \textbf{} for enforcing RBAC policies in
outsourced environments. enforces RBAC policies in an
encrypted manner where a curious service provider may learn a very limited
information about RBAC policies. We have implemented
and provided its performance evaluation showing a limited overhead, thus
confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in
Elsevier Computers & Security 2013. arXiv admin note: text overlap with
arXiv:1306.482
A Fault-Tolerant Emergency-Aware Access Control Scheme for Cyber-Physical Systems
Access control is an issue of paramount importance in cyber-physical systems
(CPS). In this paper, an access control scheme, namely FEAC, is presented for
CPS. FEAC can not only provide the ability to control access to data in normal
situations, but also adaptively assign emergency-role and permissions to
specific subjects and inform subjects without explicit access requests to
handle emergency situations in a proactive manner. In FEAC, emergency-group and
emergency-dependency are introduced. Emergencies are processed in sequence
within the group and in parallel among groups. A priority and dependency model
called PD-AGM is used to select optimal response-action execution path aiming
to eliminate all emergencies that occurred within the system. Fault-tolerant
access control polices are used to address failure in emergency management. A
case study of the hospital medical care application shows the effectiveness of
FEAC
A Diffie-Hellman based key management scheme for hierarchical access control
All organizations share data in a carefully managed fashion\ud
by using access control mechanisms. We focus on enforcing access control by encrypting the data and managing the encryption keys. We make the realistic assumption that the structure of any organization is a hierarchy of security classes. Data from a certain security class can only be accessed by another security class, if it is higher or at the same level in the hierarchy. Otherwise access is denied. Our solution is based on the Die-Hellman key exchange protocol. We show, that the theoretical worst case performance of our solution is slightly better than that of all other existing solutions. We also show, that our performance in practical cases is linear in the size of the hierarchy, whereas the best results from the literature are quadratic
An overview of the planned CCAT software system
CCAT will be a 25m diameter sub-millimeter telescope capable of operating in
the 0.2 to 2.1mm wavelength range. It will be located at an altitude of 5600m
on Cerro Chajnantor in northern Chile near the ALMA site. The anticipated first
generation instruments include large format (60,000 pixel) kinetic inductance
detector (KID) cameras, a large format heterodyne array and a direct detection
multi-object spectrometer. The paper describes the architecture of the CCAT
software and the development strategy.Comment: 17 pages, 6 figures, to appear in Software and Cyberinfrastructure
for Astronomy III, Chiozzi & Radziwill (eds), Proc. SPIE 9152, paper ID
9152-10
- …