Giving You back Control of Your Data: Digital Signing Practical Issues and the eCert Solution

As technologies develop rapidly, digital signing is commonly used in eDocument security. However, unaddressed issues exist. An eCertificate system represents the problem situation, and therefore is being used as case study, in a project called eCert, to research for the solution. This paper addresses these issues, explores the gap between current tools and the desired system, through analysis of the existing services and eCertificate use cases, and the identified requirements, thereby presenting an approach which solves the above problems. Preliminary results indicate that the recommendation from this research meets the design requirements, and could form the foundation of future study of solving digital signing issues

Encryption – use and control in E-commerce

The author describes how cryptography can be used to address modern business requirements such as identity protection, secure web access and digital signatures. Article by Robert Bond (Head of Innovation & Technology Group, Hobson Audley and Fellow of SALS). Published in Amicus Curiae - Journal of the Institute of Advanced Legal Studies and its Society for Advanced Legal Studies. The Journal is produced by the Society for Advanced Legal Studies at the Institute of Advanced Legal Studies, University of London

Performance Considerations for an Embedded Implementation of OMA DRM 2

As digital content services gain importance in the mobile world, Digital Rights Management (DRM) applications will become a key component of mobile terminals. This paper examines the effect dedicated hardware macros for specific cryptographic functions have on the performance of a mobile terminal that supports version 2 of the open standard for Digital Rights Management defined by the Open Mobile Alliance (OMA). Following a general description of the standard, the paper contains a detailed analysis of the cryptographic operations that have to be carried out before protected content can be accessed. The combination of this analysis with data on execution times for specific algorithms realized in hardware and software has made it possible to build a model which has allowed us to assert that hardware acceleration for specific cryptographic algorithms can significantly reduce the impact DRM has on a mobile terminal's processing performance and battery life.Comment: Submitted on behalf of EDAA (http://www.edaa.com/

Data security in theory and practice Possibile security holes

There are no enterprises which would not use computers to fulfill their administrative tasks. Computers became part of everyday administration, or, better to say: they became part of everyday life. This is why our age is called 'information age'. Both the amount of digital data and our dependency from these data has been growing intensively so digital data is high-valued as resource. Data owners and/or managers must, or at least ought to, protect their data from stealing or tampering with. Luckily standard communication protocols and methods have been developed for this purpose, they only ought to be used. If not, that will result in a high level of risk. We, at Óbuda University, have been using a computer based system called Neptun for about ten years to manage the scholar records of the students. In this paper I show some possible motivations and technical solutions why and how one could gain unauthorized access to such a system.

Federated authentication and authorisation for e-science

The Grid and Web service community are defining a range of standards for a complete solution for security. The National e-Science Centre (NeSC) at the University of Glasgow is investigating how the various pre-integration components work together in a variety of e-Science projects. The EPSRC-funded nanoCMOS project aims to allow electronics designers and manufacturers to use e-Science technologies and expertise to solve problems of device variability and its impact on system design. To support the security requirements of nanoCMOS, two NeSC projects (VPMan and OMII-SP) are providing tools to allow easy configuration of security infrastructures, exploiting previous successful projects using Shibboleth and PERMIS. This paper presents the model in which these tools interoperate to provide secure and simple access to Grid resources for non-technical users