PKI Scalability Issues

This report surveys different PKI technologies such as PKIX and SPKI and the issues of PKI that affect scalability. Much focus is spent on certificate revocation methodologies and status verification systems such as CRLs, Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation, OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure

A Survey of Access Control Models in Wireless Sensor Networks

Copyright 2014 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/)Wireless sensor networks (WSNs) have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.Peer reviewe

The Applications of Blockchain To Cybersecurity

A blockchain is a decentralized public ledger facilitating secure transactions between untrusted network nodes. It has garnered significant recognition for its pivotal role in cryptocurrency systems, where it ensures secure and decentralized transaction records. Over the past decade, blockchain has attracted considerable attention from various industries, as it holds the potential to revolutionize multiple sectors, including cybersecurity. However, this field of study is relatively new, and numerous questions remain unanswered regarding the effectiveness of blockchain in cybersecurity. This research adopted a qualitative research design to investigate the current implementations of blockchain-based security and their applicability in the current cybersecurity context. Additionally, this work explored the mechanisms employed by blockchain to uphold the security triad. Findings indicate that blockchain exhibits substantial potential in addressing existing challenges in cybersecurity, particularly those related to the Internet of Things, data integrity and ownership, and network security. Nonetheless, widespread adoption faces limitations due to technological immaturity, high-cost complexity, and regulatory hurdles. Therefore, utilizing blockchain-based solutions in cybersecurity necessitates a thorough analysis of their applicability to an organization\u27s specific needs, a clear definition of implementation goals, and careful navigation of challenges

Blockchain based Decentralized Applications: Technology Review and Development Guidelines

Blockchain or Distributed Ledger Technology is a disruptive technology that provides the infrastructure for developing decentralized applications enabling the implementation of novel business models even in traditionally centralized domains. In the last years it has drawn high interest from the academic community, technology developers and startups thus lots of solutions have been developed to address blockchain technology limitations and the requirements of applications software engineering. In this paper, we provide a comprehensive overview of DLT solutions analyzing the addressed challenges, provided solutions and their usage for developing decentralized applications. Our study reviews over 100 blockchain papers and startup initiatives from which we construct a 3-tier based architecture for decentralized applications and we use it to systematically classify the technology solutions. Protocol and Network Tier solutions address the digital assets registration, transactions, data structure, and privacy and business rules implementation and the creation of peer-to-peer networks, ledger replication, and consensus-based state validation. Scaling Tier solutions address the scalability problems in terms of storage size, transaction throughput, and computational capability. Finally, Federated Tier aggregates integrative solutions across multiple blockchain applications deployments. The paper closes with a discussion on challenges and opportunities for developing decentralized applications by providing a multi-step guideline for decentralizing the design of traditional systems and implementing decentralized applications.Comment: 30 pages, 8 figures, 9 tables, 121 reference

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

NEW CAMPUS LIFE CENTER FIRE PROTECTION EVALUATION

This project report is a fire and life safety evaluation of a newly constructed building. The new Campus Life Center (CLC) building is located on the campus of Emory University in Atlanta, Georgia. The CLC is a student center where students, staff, and guests can gather to socialize, study, eat and attend conferences. The prescriptive requirements were based on the Georgia State Fire Codes, adopted on January 2014 and served as code of record for this facility. Occupant classification was established from both International Building Code (IBC) and Life Safety Code (LSC), NFPA 101, to determine construction type, interior finish and egress requirements. Building elements such as walls, doors, and floors were identified and verified that the elements met the construction type and interior finish requirements as specified in the building codes. Egress component widths were verified and exceeded the capacity width needed for the classified occupancy densities in the building. Incoming fire water line provided sufficient capacity for the automatic wet-sprinkler system without the need for a fire pump based on the calculated demand of the remote sprinkler area. This facility is equipped with an addressable fire alarm – mass notification system. The system was installed to monitor the automatic wet-sprinkler system, provide automatic and manual detection, and notify occupants of an emergency event including, fire, weather, and active shooter in the building. The smoke management design in this building was based on powering down mechanical equipment to reduce smoke movement throughout the building. A performance-based analysis was performed and documented in this report. A computer-generated movement model was created to determine occupant evacuation. The total time for all occupants to egress the building is defined as the required safe escape time (RSET) and was six-minutes. Tenability was established by a set value limit of visibility, temperature and the amount of carbon monoxide in a given space for occupants to safely escape during a fire event. Two design fires were selected and analyzed using fire dynamics simulator (FDS) and SmokeView. The first design fire was located on the second level, centrally positioned in a double story, 30-feet tall space with a concentrated assembly occupancy. The design fire was modeled in the space with stackable polypropylene chairs with steel frame as the fuel source. It took less than 200 seconds to evacuate this space. During that time there was no issues with getting close to untenable conditions while the fire grew in this space. The second design fire was located in the University Emporium, also located on the second level. In the mercantile occupancy, the store shelves with paper and plastics products were the main fuel source for the fire. Tenable conditions became close to their limit for occupants to egress the space. At 30-seconds, occupants were able to evacuate this space but not the entire floor. Recommendations based on the prescriptive and performance-based analysis for this student center are to provide clear pathways throughout the emporium so occupants can leave under 30-seconds. In commons area, furniture placement during functions that support large occupant capacities should be analyzed to limit queuing in egress pathways. Smoke detection in the double high space would provide earlier notification to occupants in other parts of the building

Viiteraamistik turvariskide haldamiseks plokiahela abil

Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain näib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapõhiseid rakendusi peetakse vähem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hõbekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tõhusal käsitlemisel. Üldiselt käsitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapõhiste rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapõhine võrdlusmudel (PV), mis järgib TJ-e domeenimudelit. Järgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kõrgema taseme võrdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. Mõlemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapõhiste rakenduste TJ-es. Lisaks koostasime veebipõhise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapõhine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dünaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vähendab traditsiooniliste ja plokiahelapõhiste rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applications’ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applications’ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352

Trade-offs between Distributed Ledger Technology Characteristics

When developing peer-to-peer applications on distributed ledger technology (DLT), a crucial decision is the selection of a suitable DLT design (e.g., Ethereum), because it is hard to change the underlying DLT design post hoc. To facilitate the selection of suitable DLT designs, we review DLT characteristics and identify trade-offs between them. Furthermore, we assess how DLT designs account for these trade-offs and we develop archetypes for DLT designs that cater to specific requirements of applications on DLT. The main purpose of our article is to introduce scientific and practical audiences to the intricacies of DLT designs and to support development of viable applications on DLT

FIRE PROTECTION ANALYSIS PROJECT – 9220 ZANZIBAR LANE MAPLE GROVE, MN

This report contains an analysis of the life safety and fire protection features of a four-story apartment building in Maple Grove, Minnesota. The report is a part of the final project intended to meet the requirements for the Culminating Experience of the California Polytechnic Master of Science Fire Protection Engineering Program. The apartment building chosen for the analysis is a mixed-use four-story wood-framed structure. The first floor of this structure includes office space for building management, a meeting space, and various electrical and mechanical spaces as well as apartments. There are exit stairways on each end of the structure extending up all four floors, and a center stairway extending up only to the second floor. There is a parking garage in the basement that is comprised of cinder block walls, steel girders for support above, and metal pan with poured concrete for the garage ceiling. The building is fully sprinklered throughout. This report contains analysis of the prescriptive code requirements as well as the fire protection and life safety features of the apartment structure. Topics discussed include means of egress, fire suppression system, fire alarm and detection and structural fire protection. This report evaluates the International Code Council model building and fire codes and the National Fire Protection Associations codes and standards as a prescriptive code analysis for this multi-tenant apartment building. The building is found to be in compliance with the documented codes and standards in effect at the time of building design and assembly. This report also contains a performance-based evaluation. The performance-based evaluation included in Section 7 of the report describes two design fire scenarios to determine the capability of occupants to safely evacuate in the event of the fire scenario. Both fire scenarios are evaluated for performance-based analysis. Three potential scenarios are as follows: 1) An occupancy-specific design fire scenario that is representative of a typical fire for the occupancy; 2) A fire that starts in a normally unoccupied room that may endanger large numbers of occupants; 3) The most severe fire resulting from the largest possible fuel load characteristic of the normal operation of the building. Selected Design Fire Scenario 1: The design fire involves a kitchen fire in a fourth story apartment unit adjacent to an east egress stairwell. This kitchen fire is based on unattended oil on a cook top igniting and enveloping the combustible kitchen elements, spreading to the living room and dining room. The projected heat release rate maximizes at 4.0 MW with a time to peak following the incipient phase estimated at 136 seconds. This fire scenario also includes fire sprinkler heads located as documented on the design drawings, as well as a fire scenario with the apartment door open and closed to evaluate the impact on smoke spread into the hallway which is a common access egress path. Tenability criteria with all safety features engaged was not exceeded at any point during the simulation for this design fire. The available safe egress time (ASET) exceeded the model run time of 450 seconds. Selected Design Fire Scenario 2: The second design fire involves a fire within the trash room on the first floor, which is adjacent to the center stairway, the elevator, and in close proximity to the east stairway. The fire assumes plastic, wood, and other cellulose materials such as cardboard with a projected maximum heat release rate of 4.5 MW with a t2 ramp up curve equivalent to 0.047 kW/s2. An additional issue is the trash chute that extends up all four floors. This is a metal lined chute with a temperature-dependent release mechanism. The room is equipped with smoke detection and fire sprinklers, in addition to the fusible link for the trash chute. The fire is contained within the room for the duration of the fire scenario and the fusible link to the trash chute activates at 165° F. All egress paths in the vicinity of this space maintain tenability during the 9-minute FDS run time of the model