1,200 research outputs found
LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments
The non-repudiation as an essential requirement of many applications can be
provided by the asymmetric key model. With the evolution of new applications
such as mobile commerce, it is essential to provide secure and efficient
solutions for the mobile environments. The traditional public key cryptography
involves huge computational costs and is not so suitable for the
resource-constrained platforms. The elliptic curve-based approaches as the
newer solutions require certain considerations that are not taken into account
in the traditional public key infrastructures. The main contribution of this
paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the
constrained platforms such as mobile phones. It takes advantages of elliptic
curve cryptography and signcryption to decrease the computational costs and
communication overheads, and adapting to the constraints. All the computational
costs of required validations can be eliminated from end-entities by
introduction of a validation authority to the introduced infrastructure and
delegating validations to such a component. LPKI is so suitable for mobile
environments and for applications such as mobile commerce where the security is
the great concern.Comment: 6 Pages, 6 Figure
A Security Framework for JXTA-Overlay
En l'actualitat, la maduresa del camp de la investigaciĂł P2P empĂšs a travĂ©s de nous problemes, relacionats amb la seguretat. Per aquesta raĂł, la seguretat comença a convertir-se en una de les qĂŒestions clau en l'avaluaciĂł d'un sistema P2P, i Ă©s important proporcionar mecanismes de seguretat per a sistemes P2P. El projecte JXTAOverlay fa un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genĂšric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. No obstant aixĂČ, encara que el seu disseny es va centrar en qĂŒestions com ara l'escalabilitat o el rendiment general, no va tenir en compte la seguretat. Aquest treball proposa un marc de seguretat, adaptat especĂficament a la idiosincrĂ sia del JXTAOverlay.At present time, the maturity of P2P research field has pushed through new problems such us those related with security. For that reason, security starts to become one of the key issues when evaluating a P2P system and it is important to provide security mechanisms to P2P systems. The JXTAOverlay project is an effort to use JXTA technology to provide a generic set of functionalities that can be used by developers to deploy P2P applications. However, since its design focused on issues such as scalability or overall performance, it did not take security into account. This work proposes a security framework specifically suited to JXTAOverlayÂżs idiosyncrasies.En la actualidad, la madurez del campo de la investigaciĂłn P2P empujado a travĂ©s de nuevos problemas, relacionados con la seguridad. Por esta razĂłn, la seguridad comienza a convertirse en una de las cuestiones clave en la evaluaciĂłn de un sistema P2P, y es importante proporcionar mecanismos de seguridad para sistemas P2P. El proyecto JXTAOverlay hace un esfuerzo por utilizar la tecnologĂa JXTA para proporcionar un conjunto genĂ©rico de funciones que pueden ser utilizadas por los desarrolladores para desplegar aplicaciones P2P. Sin embargo, aunque su diseño se centrĂł en cuestiones como la escalabilidad o el rendimiento general, no tuvo en cuenta la seguridad. Este trabajo propone un marco de seguridad, adaptado especĂficamente a la idiosincrasia del JXTAOverlay
Analysis and implementation of a security standard
This master's thesis describes the design and implementation of a security standard in a university research department. It has been developed in the framework of the ETSETB Master's Degree in Cybersecurity, in cooperation with the University of Barcelona. The work has consisted on several stages. First, an analysis of the vulnerabilities of the system has been performed. This diagnosis has been specially important, since the lack of cybersecurity protections in the department has lead to several hijacks and data losses throughout the years. Then, the report describes the application of all the security features that are considered essential in a company, covering as much elements as possible. Those include from devices' physical security, through software protection to employees training. The project will be mainly focused in the deployment of the main services found in an IT department with a brief cybersecurity training session for the employees at the end. The work developed in this master thesis will reinforce the security of all crucial services and will reduce the possibility of data loss
Enhanced security architecture for support of credential repository in grid computing.
Grid Computing involves heterogeneous computers and resources, multiple administrative domains and the mechanisms and techniques for establishing and maintaining effective and secure communications between devices and systems. Both authentication and authorization are required. Current authorization models in each domain vary from one system to another, which makes it difficult for users to obtain authorization across multiple domains at one time. We propose an enhanced security architecture to provide support for decentralized authorization based on attribute certificates which may be accessed via the Internet. This allows the administration of privileges to be widely distributed over the Internet in support of autonomy for resource owners and providers. In addition, it provides a uniform approach for authorization which may be used by resource providers from various domains. We combine authentication with the authorization mechanism by using both MyProxy online credential repository and LDAP directory server. In our architecture, we use MyProxy server to store identity certificates for authentication, and utilize an LDAP server-based architecture to store attribute certificates for authorization. Using a standard web browser, a user may connect to a grid portal and allow the portal to retrieve those certificates in order to access grid resources on behalf of the user. Thus, our approach can make use of the online credential repository to integrate authentication, delegation and attribute based access control together to provide enhanced, flexible security for grid system. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .C54. Source: Masters Abstracts International, Volume: 43-01, page: 0231. Adviser: R. D. Kent. Thesis (M.Sc.)--University of Windsor (Canada), 2004
Shibboleth and the challenge of authentication in multiple servers on a e-learning environment
L' objectiu dâaquest treball Ă©s lâestudi, implementaciĂł i prova d'un sistema de
autentificaciĂł compartida per a mĂșltiples servidors. Encara que des d'un principi es
sabia que es treballaria amb Shibboleth tambĂ© sâhan tingut en compte altres possibles
solucions. Shibboleth Ă©s un projecte desenvolupat per els membres de les universitats
que formen el consorci Internet2 amb lâ objectiu de desenvolupar un nou middleware
per a realitzar les funcions dâautentificaciĂł compartida en mĂșltiples servidors i pensat
especĂficament per facilitar la col·laboraciĂł entre institucions i lâaccĂ©s a continguts
digitals.
Shibboleth Ă©s una soluciĂł complerta ja que contempla des de lâautentificaciĂł ,
autoritzaciĂł i accounting, fins al sistema de login i els atributs a emprar. La qual cosa fa
que es converteixi en un entorn de treball molt segur perĂČ amb lâavantatge dâaportar
privacitat als usuaris.
El primer objectiu ha estat identificar les peculiaritats i requeriments dels entorns de elearning
distribuĂŻts, per aixĂČ sâha estudiat conceptes especĂfics de seguretat aixĂ com la
manera dâadaptar-los a lâentorn requerit. DesprĂšs sâha fet una comparativa de les
solucions existents al mercat amb una funcionalitat similar a Shibboleth, per tal de
presentar els avantatges i desavantatges de Shibboleth vers aquests.
Posteriorment, el treball ha consistit en entendre la estructura i els principis de
funcionament de Shibboleth, quin tipus de requeriments tenia, el funcionament i
objectius de cada part, estudiar els requeriments de lâentorn especĂfic per al qual ha
estat dissenyat (e-learning) i donar una idea general de com sâ hauria de fer la
implementaciĂł. TambĂ© sâhan estudiat totes les tecnologies i requeriments necessaris
per desenvolupar Shibboleth.
Una vegada estudiat Shibboleth i l'entorn especĂfic en el que sâhauria dâintegrar, sâha
muntat un escenari per a la posada en marxa i proves dâaquest, provant especĂficament
cada part i entenent amb les proves reals el funcionament. Amb lâescenari en
funcionament, la idea era integrar Shibboleth amb Sakai i Blackboard, els CMS (Course
Management System) utilitzats a on-campus, el campus virtual de la Fachhochschule
LĂŒbeck.
Per a finalitzar i a mode de conclusions s'ha fet una petita explicaciĂł dels resultats
obtinguts, una valoraciĂł de com Shibboleth resoldria les necessitats plantejades i
algunes propostes de millora
Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation
The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and costs. The certification path building algorithm that helps users establish trust on certificates in the distributed network environment is particularly complicated. Neither routing security nor PKI come for free. Prior to this work, the research study on performance issues of these large-scale distributed security systems was minimal. In this thesis, we evaluate the performance of BGP security protocols and PKI systems. We answer the questions about how the performance affects protocol behaviors and how we can improve the efficiency of these distributed protocols to bring them one step closer to reality. The complexity of the Internet makes an analytical approach difficult; and the scale of Internet makes empirical approaches also unworkable. Consequently, we take the approach of simulation. We have built the simulation frameworks to model a number of BGP security protocols and the PKI system. We have identified performance problems of Secure BGP (S-BGP), a primary BGP security protocol, and proposed and evaluated Signature Amortization (S-A) and Aggregated Path Authentication (APA) schemes that significantly improve efficiency of S-BGP without compromising security. We have also built a simulation framework for general PKI systems and evaluated certification path building algorithms, a critical part of establishing trust in Internet-scale PKI, and used this framework to improve algorithm performance
- âŠ