9,868 research outputs found
Calculating and Evaluating Trustworthiness of Certification Authority
In a public key infrastructure trust model, a trust is transferred along a set of certificates, issued by certificate authorities (CAs) considered as trustfully third parties, providing a trust chain among its entities. In order to deserve this trustworthiness, a CA should to apply the rigorous procedures for generating keys, checking the identities, and following reliable security practices. Any deficiency in these procedures may in?uence its trustworthiness. In this context, some authorities could be weaker than others. Then, relying parties (RPs) and certificate holders (CHs) need a mechanism to evaluate CA trustworthiness. In this paper, we provide them this mechanism to have information about its trustworthiness. In fact, we propose a trust level calculation algorithm that is based on three parameters which are the CA reputation, the quality of procedures described in the certi?cate policy and its security maturity level
Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker
A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the Certification Authority (CA), the certificate holder (or subject) and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However on the Internet, PKI technology is currently facing many obstacles that slow down its global adoption. In this paper, we argue that most of these obstacles boil down to one problem, which is the trust issue, i.e. how can an RP trust an unknown CA over the Internet? We demonstrate that the original X.509 trust model is not appropriate for the Internet and must be extended to include a new entity, called the Trust Broker, which helps RPs make trust decisions about CAs. We present an approach to assess the quality of a certificate that is related to the quality of the CA’s policy and its commitment to it. The Trust Broker, which is proposed for inclusion in the 2016 edition of X.509, could follow this approach to give RPs trust information about CAs. Finally, we present a prototype Trust Broker that demonstrates how RPs can make informed decisions about certificates in the context of the Web, by using its services
A high-level semiotic trust agent scoring model for collaborative virtual organisations
In this paper, we describe how a semiotic ladder, together with a supportive trust agent, can be used to address “soft” trust issues in the context of collaborative Virtual Organisations (VO). The intention is to offer all parties better support for trust (as reputation) management including the reduction of risk and improved reliability of VO e-services. The semiotic ladder is intended to support the VO e-service lifecycle through the articulation of e-trust at various levels of system abstraction, including trust as measurable confidence. At the social level, reputation and reliability measures of e-trust are the relevant dimensions as regards choice of VO partner and are also relevant to the negotiation of service level agreements between the VO partners. By contrast, at the lower levels of the trust ladder, e-trust measures typically address the degree to which secure sign on and message level security conforms to various tangible technological security protocols. The novel trust agent provides the e-service consumer with an objective measure of the trustworthiness of the e-service at run-time, just prior to its actual consumption. Specifically, VO e-service consumer confidence level is informed, by leveraging third party objective evidence. This evidence comprises a set of Corporate Governance (CG) scores. These scores are used as a trust proxy for the "real" owner of the VO. There are also inherent limitations associated with the use of CG scores. These are duly acknowledged
Towards ensuring scalability, interoperability and efficient access control in a multi-domain grid-based environment
The application of grid computing has been hampered by three basic challenges:
scalability, interoperability and efficient access control which need to be optimized before a full-scale
adoption of grid computing can take place. To address these challenges, a novel architectural model
was designed for a multi-domain grid based environment (built on three domains). It was modelled
using the dynamic role-based access control. The architecture’s framework assumes that each domain
has an independent local security monitoring unit and a central security monitoring unit that monitors
security for the entire grid. The architecture was evaluated using the Grid Security Services
Simulator, a meta-query language and Java Runtime Environment 1.7.0.5 for implementing the
workflows that define the model’s task. In terms of scalability, the results show that as the number of
grid nodes increases, the average turnaround time reduces, and thereby increases the number of
service requesters (grid users) on the grid. Grid middleware integration across various domains as
well as the appropriate handling of authentication and authorisation through a local security
monitoring unit and a central security monitoring unit proved that the architecture is interoperable.
Finally, a case study scenario used for access control across the domains shows the efficiency of the
role based access control approach used for achieving appropriate access to resources. Based on the
results obtained, the proposed framework has proved to be interoperable, scalable and efficiently
suitable for enforcing access control within the parameters evaluated.Department of HE and Training approved lis
HiTrust: building cross-organizational trust relationship based on a hybrid negotiation tree
Small-world phenomena have been observed in existing peer-to-peer (P2P) networks which has proved useful in the design of P2P file-sharing systems. Most studies of constructing small world behaviours on P2P are based on the concept of clustering peer nodes into groups, communities, or clusters. However, managing additional multilayer topology increases maintenance overhead, especially in highly dynamic environments. In this paper, we present Social-like P2P systems (Social-P2Ps) for object discovery by self-managing P2P topology with human tactics in social networks. In Social-P2Ps, queries are routed intelligently even with limited cached knowledge and node connections. Unlike community-based P2P file-sharing systems, we do not intend to create and maintain peer groups or communities consciously. In contrast, each node connects to other peer nodes with the same interests spontaneously by the result of daily searches
Recommended from our members
MobileTrust: Secure Knowledge Integration in VANETs
Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy
NEW SECURE SOLUTIONS FOR PRIVACY AND ACCESS CONTROL IN HEALTH INFORMATION EXCHANGE
In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing of patients’ health information.
The first solution allows secure HIE among different healthcare providers while focusing primarily on the privacy of patients’ information. It allows patients to authorize a certain type of health information to be retrieved, which helps prevent any unintentional leakage of information. The privacy solution also provides healthcare providers with the capability of mutual authentication and patient authentication. It also ensures the integrity and auditability of health information being exchanged. The security and performance study for the first protocol shows that it is efficient for the purpose of HIE and offers a high level of security for such exchanges.
The second framework presents a new cloud-based protocol for access control to facilitate HIE across different HCOs, employing a trapdoor hash-based proxy signature in a novel manner to enable secure (authenticated and authorized) on-demand access to patient records. The proposed proxy signature-based scheme provides an explicit mechanism for patients to authorize the sharing of specific medical information with specific HCOs, which helps prevent any undesired or unintentional leakage of health information. The scheme also ensures that such authorizations are authentic with respect to both the HCOs and the patient. Moreover, the use of proxy signatures simplifies security auditing and the ability to obtain support for investigations by providing non-repudiation. Formal definitions, security specifications, and a detailed theoretical analysis, including correctness, security, and performance of both frameworks are provided which demonstrate the improvements upon other existing HIE systems
Trustworthiness of Web Services
Workflow systems orchestrate various business tasks to attain an objective. Web services can be leveraged to handle individual tasks. Before anyone intends to leverage service components, it is imperative and essential to evaluate the trustworthiness of these services. Therefore, choosing a trustworthy service has become an important decision while designing a workflow system. Trustworthiness can be defined as the likelihood of a service functioning as it is intended.
Selection of a service that satisfies business goals involves collecting relevant information such as security mechanisms, reliability, performance and availability. It is important to arrive at total trustworthiness, which incorporates all of the above mentioned multi-facet values relevant to a service. These values can be gathered and analyzed to derive the total trustworthiness of a service. Measuring trustworthiness of a service involves arriving at a suitable value that would help an end-user make a decision for the given business settings.
The primary focus of this thesis is to gather relevant details and measure trustworthiness based on inputs provided by the user. A conceptual model was developed after extensive literature review to identify factors that influence trustworthiness of a service. A mechanism was created to gather concept values for a given service and utilize those values to calculate trustworthiness index value. A proof-of-concept prototype was also developed. The prototype is a web-based application that implements the mechanism to measure the trustworthiness of the service. The prototype was evaluated using a scenario-based analysis method to demonstrate the utility of the trustworthiness mechanism using three different scenarios. Results of the evaluation shows that trustworthiness is a multidimensional concept, the relevant conceptual values can be collected, a trustworthiness index value can be calculated based on the gathered concepts, and a trustworthiness index can be interpreted to select the most relevant service for a given requirement
Etude du concept de confiance pour les infrastructures à clés publiques
Les infrastructures à clés publiques (ICPs) constituent à ce jour un élément majeur de la construction d’espaces sécurisés dans les environnements numériques. L’ICP se base sur un modèle de confiance composé de trois entités, à savoir les autorit´es de certification (ACs), les porteurs de certificat et les entités d´ependantes (EDs). Historiquement, ce modèle de confiance a été conçu pour des cas où les porteurs de certificat et les EDs ont des relations directes avec les ACs (par exemple tous font partie de la même entreprise). Aujourd’hui dans Internet, les EDs n’ont aucune relation directe avec les ACs. Cette nouvelle situation nécessite donc une définition plus précise de la notion de la confiance entre les ACs et les EDs. Nous montrons que l’évaluation de la confiance selon cette définition nécessite des expertises juridiques et techniques. Nous proposons donc de modifier le modèle de confiance à trois entités en ajoutant le rôle de l’expert technique et juridique qui aide les EDs à prendre des décisions sur les certificats
- …