5,433 research outputs found

    Authentication Mechanism Based on Adaptable Context Management Framework for Secure Network Services

    Get PDF
    A system, which uses context information is a new trend in IT. A lot of researcherscreate frameworks, which collect some data and perform actions based on them. Recently, there havebeen observed more and more different security solutions, in which we can use context. But not eachworks dynamically and ensures a high level of user's quality of experience (QoE). This paper outlineswhat the context information is and shows a secure and user-friendly authentication mechanism for amail box in cloud computing, based on using contextual data

    Security in Pervasive Computing: Current Status and Open Issues

    Get PDF
    Million of wireless device users are ever on the move, becoming more dependent on their PDAs, smart phones, and other handheld devices. With the advancement of pervasive computing, new and unique capabilities are available to aid mobile societies. The wireless nature of these devices has fostered a new era of mobility. Thousands of pervasive devices are able to arbitrarily join and leave a network, creating a nomadic environment known as a pervasive ad hoc network. However, mobile devices have vulnerabilities, and some are proving to be challenging. Security in pervasive computing is the most critical challenge. Security is needed to ensure exact and accurate confidentiality, integrity, authentication, and access control, to name a few. Security for mobile devices, though still in its infancy, has drawn the attention of various researchers. As pervasive devices become incorporated in our day-to-day lives, security will increasingly becoming a common concern for all users - - though for most it will be an afterthought, like many other computing functions. The usability and expansion of pervasive computing applications depends greatly on the security and reliability provided by the applications. At this critical juncture, security research is growing. This paper examines the recent trends and forward thinking investigation in several fields of security, along with a brief history of previous accomplishments in the corresponding areas. Some open issues have been discussed for further investigation

    JXTA security in basic peer operations

    Get PDF
    Open Access Documen

    The simplicity project: easing the burden of using complex and heterogeneous ICT devices and services

    Get PDF
    As of today, to exploit the variety of different "services", users need to configure each of their devices by using different procedures and need to explicitly select among heterogeneous access technologies and protocols. In addition to that, users are authenticated and charged by different means. The lack of implicit human computer interaction, context-awareness and standardisation places an enormous burden of complexity on the shoulders of the final users. The IST-Simplicity project aims at leveraging such problems by: i) automatically creating and customizing a user communication space; ii) adapting services to user terminal characteristics and to users preferences; iii) orchestrating network capabilities. The aim of this paper is to present the technical framework of the IST-Simplicity project. This paper is a thorough analysis and qualitative evaluation of the different technologies, standards and works presented in the literature related to the Simplicity system to be developed

    Adaptable Context Management Framework for Secure Network Services

    Get PDF
    Last decades the contextual approach became an important methodology of analysing information processes in the dynamic environment. In this paper we propose a context management framework suitable for secure network services. The framework allows tracking the contextual information from its origin, through all stages of its processing up to application in security services protecting the secure network application. Besides the framework's description, an example of its application in constructing secure voice call network service is given

    Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

    Get PDF
    We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma mĂłvel de acesso em qualquer lugar/hora, sendo que os dispositivos mĂłveis sĂŁo a tecnologia mais presente no dia a dia da sociedade. Devido Ă  sua portabilidade, disponibilidade, fĂĄcil manuseamento, poder de comunicação, acesso e partilha de informação referentes a vĂĄrias ĂĄreas e domĂ­nios das nossas vidas, a aceitação e integração destes dispositivos Ă© cada vez maior. No entanto, devido ao seu potencial e aumento do nĂșmero de utilizadores, os dispositivos mĂłveis sĂŁo cada vez mais alvos de ataques, e tal como outras tecnologias, aplicaçÔes mĂłveis continuam a ser vulnerĂĄveis. Sistemas de informação de saĂșde sĂŁo compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação mĂ©dica (tais como documentos de saĂșde eletrĂłnicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saĂșde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro mĂ©dico geral dos pacientes, entre serviços e instituiçÔes que estĂŁo geograficamente fragmentadas. O rĂĄpido acesso a informaçÔes mĂ©dicas apresenta uma grande importĂąncia para o setor da saĂșde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiĂȘncia na utilização do tempo e recursos. Consequentemente haverĂĄ uma melhor qualidade de tratamento. PorĂ©m os sistemas de informação de saĂșde armazenam e manuseiam dados bastantes sensĂ­veis, o que levanta sĂ©rias preocupaçÔes referentes Ă  privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domĂ­nio da saĂșde. Os dados de saĂșde sĂŁo altamente sensĂ­veis e sĂŁo sujeitos a severas leis e restriçÔes regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saĂșde. Juntamente com estas legislaçÔes, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessĂĄrios para aceder aos dados de saĂșde, uma autenticação segura, gestĂŁo de identidade e controlos de acesso sĂŁo essenciais para fornecer meios adequados para a proteção de dados contra acessos nĂŁo autorizados. No entanto, alĂ©m do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso sĂŁo normalmente baseados em polĂ­ticas de acesso e cargos prĂ©-definidos, e sĂŁo inflexĂ­veis. Isto resulta em decisĂ”es de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condiçÔes situacionais, empresas, localizaçÔes e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saĂșde, ainda hĂĄ escassez de componentes para accesso dinĂąmico e proteção de privacidade , o que resultam em nĂ­veis de segurança nĂŁo satisfatĂłrios e em o paciente nĂŁo ter controlo directo e total sobre a sua privacidade e documentos de saĂșde. Dentro desta tese de mestrado, depois da investigação e revisĂŁo intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vĂĄrios ambientes e domĂ­nios que ajudam a executar uma avaliação de riscos, no momento em que os dados sĂŁo requisitados. A avaliação dos fatores de risco identificados neste trabalho sĂŁo baseados num estudo de Delphi. Um conjunto de peritos de segurança de vĂĄrios domĂ­nios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados mĂ©dicos, com requerimentos bem fundados, baseados nas melhores normas e recomendaçÔes (OWASP, NIST 800-53, NIST 800-57), e em revisĂ”es intensivas do estado da arte. Esta arquitectura Ă© posteriormente alvo de uma anĂĄlise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto Ă© implementado juntamente com uma arquitetura focada no utilizador, com dois protĂłtipos para aplicaçÔes mĂłveis, que providĂȘnciam vĂĄrios tipos de acesso de pacientes e profissionais de saĂșde. A arquitetura Ă© constituĂ­da tambĂ©m por servidores web que tratam da gestĂŁo de dados, controlo de acesso e autenticação e gestĂŁo de identidade. O resultado final mostra que o modelo funciona como esperado, com transparĂȘncia, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiĂȘncia. Consequentemente este modelo pode-se extender para outros setores industriais, e novos nĂ­veis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura tambĂ©m funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisĂ”es do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi tambĂ©m protegido com um certificado digital. A arquitectura foi testada em diferentes versĂ”es de Android, e foi alvo de anĂĄlise estĂĄtica, dinĂąmica e testes com ferramentas de segurança. Para trabalho futuro estĂĄ planeado a integração de normas de dados de saĂșde e a avaliação do sistema proposto, atravĂ©s da recolha de opiniĂ”es de utilizadores no mundo real

    Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges

    Get PDF
    Vehicular Communication (VC) systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. In [1] we discuss the design of a VC security system that has emerged as a result of the European SeVeCom project. In this second paper, we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems
    • 

    corecore