Optimizing secure communication standards for disadvantaged networks

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Cataloged from PDF version of thesis.Includes bibliographical references (p. 137-140).We present methods for optimizing standardized cryptographic message protocols for use on disadvantaged network links. We first provide an assessment of current secure communication message packing standards and their relevance to disadvantaged networks. Then we offer methods to reduce message overhead in packing Cryptographic Message Syntax (CMS) structures by using ZLIB compression and using a Lite version of CMS. Finally, we offer a few extensions to the Extensible Messaging and Presence Protocol (XMPP) to wrap secure group messages for chat on disadvantaged networks and to reduce XMPP message overhead in secure group transmissions. We present the design and implementation of these optimizations and the results that these optimizations have on message overhead, extensibility, and usability of both CMS and XMPP. We have developed these methods to extend CMS and XMPP with the ultimate goal of establishing standards for securing communications in disadvantaged networks.by Stephen Hiroshi Okano.M.Eng

WoT model for authenticity contents in virtual learning platforms

The following research proposal seeks to bring a model of security software on virtual learning platforms LCMS under all SCORM specifications to ensure the authenticity of content created under concepts of digital signature and identification of protocols and mechanisms to ensure such activities

The Value of User-Visible Internet Cryptography

Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users

Trusted S/MIME Gateways

The utility of Web-based email clients is clear: a user is able to access their email account from any computer anywhere at any time. However, this option is unavailable to users whose security depends on their key pair being stored either on their local computer or in their browser. Our implementation seeks to solve two problems with secure email services. The first that of mobility: users must have access to their key pairs in order to perform the necessary cryptographic operations. The second is one of transition: initially, users would not want to give up their regular email clients. Keeping these two restrictions in mind, we decided on the implementation of a secure gateway system that works in conjunction with an existing mail server and client. Our result is PKIGate, an S/MIME gateway that uses the DigitalNet (formerly Getronics) S/MIME Freeware Library and IBM\u27s 4758 secure coprocessor. This thesis presents motivations for the project, a comparison with similar existing products, software and hardware selection, the design, use case scenarios, a discussion of implementation issues, and suggestions for future work

Sigurnosni protokoli

The Internet, as a computer network, connects millions of people all around the world and gives them a possibility to access a big quantity of data. Throughout the Internet users exchange data using certain protocols and a part of this communication is private or secret. TCP (Transmission Control Protocol) and IP (Internet Protocol) protocols are the kernel of Internet protocol. Everything that is transmitted through the Internet uses these protocols, but they cannot provide security of data transfer. For example, IP packages can be easily changed and their content can be seen by everybody in every moment, even by an unauthorized person. Today the world is already globally connected and the individuals and institutions need privacy and also the protection from identity theft that is today a very frequent aspect of misuse of the Internet. So, we need transparent and flexible tools to fulfill demands of different users and at the same time capable to achieve the assigned degree of security. Security protocols, as the most prominent SSL (Secure Sockets Layers) and TLS (Transport Layer Security), solve a good part of given problems.Internet, kao računarska mreža, povezuje milione ljudi širom sveta i obezbeđuje im pristup velikoj količini informacija. Korisnici preko Interneta razmenjuju podatke na osnovu određenih protokola, a deo te komunikacije je privatnog ili službeno tajnog karaktera. Pri ovoj razmeni, korisnici resursa računarskih sistema, računara u mrežama i samostalnih računara, pre svega žele da budu sigurni da će pristup njihovim podacima i resursima uopšte imati samo oni kojima se pristup dozvoli. Dakle, analogno sigurnosti fizičke imovine korisnici računarskih sistema žele takozvanu računarsku sigurnost. Jezgro Internet protokola predstavljaju TCP (Transmission Control Protocol) i IP (Internet Protocoll) protokoli. Sve što putuje Internetom koristi ove protokole, ali oni ne obezbeđuje sigurnost prenosa podataka. IP paketi se, na primer, mogu lako izmeniti a njihov sadržaj može u bilo kom trenutku da pregleda ma ko, pa i neovlašćena osoba. U svetu koji je danas već globalno povezan, pojedinci i razne institucije imaju potrebe za privatnošću, kao i za zaštitom od krađe identiteta, koja postaje sve češći vid zloupotrebe globalne mreže. Dakle, potrebna su sredstva koja su transparentna i dovoljno fleksibilna da zadovolje zahteve raznih korisnika, a istovremeno ostvare zadati stepen sigurnosti. U ovom radu, pažnja je usmerena na komunikacijske zaštitne mehanizme definisane sigurnosnim protokolima, pri čemu se smatra da su ispunjene ostale kategorije računarske sigurnosti. Protokoli TLS (Transport Layer Security) i SSL (Secure Sockets Layers) su kriptografski protokoli koji omogućavaju sigurnu komunikaciju na Internetu za poslove elektronskog bankarstva i trgovine, e-mail, fax, pristup udaljenim računarima, a korisnicima rešavaju dobar deo navedenih problema

A SOAP-based Model for secure messaging in a global context

For integration between application-systems in a global context, interoperability needs to be established on a global level; global interoperability, in turn, is based on a global common application-interface. This is achieved through resolving differences in, inter alia, protocol profiles, among participants in the global network. ebXML is used as the point of departure. A messaging framework, which is based on existing Web technology and standards, is proposed. Certain security and Web service standards are examined to determine specific parameters for an interoperable secure messaging environment. A security based framework comprising a predefined message format and architecture is investigated for a secure interoperable global electronic marketspace