8,028 research outputs found
LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments
The non-repudiation as an essential requirement of many applications can be
provided by the asymmetric key model. With the evolution of new applications
such as mobile commerce, it is essential to provide secure and efficient
solutions for the mobile environments. The traditional public key cryptography
involves huge computational costs and is not so suitable for the
resource-constrained platforms. The elliptic curve-based approaches as the
newer solutions require certain considerations that are not taken into account
in the traditional public key infrastructures. The main contribution of this
paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the
constrained platforms such as mobile phones. It takes advantages of elliptic
curve cryptography and signcryption to decrease the computational costs and
communication overheads, and adapting to the constraints. All the computational
costs of required validations can be eliminated from end-entities by
introduction of a validation authority to the introduced infrastructure and
delegating validations to such a component. LPKI is so suitable for mobile
environments and for applications such as mobile commerce where the security is
the great concern.Comment: 6 Pages, 6 Figure
Merging and Extending the PGP and PEM Trust Models - the ICE-TEL Trust Model
The ICE-TEL project is a pan-European project that is building an Internet X.509 based certification infrastructure throughout Europe, plus several secure applications that will use it. This paper describes the trust model that is being implemented by the project. A trust model specifies the means by which a user may build trust in the assertion that a remote user is really who he purports to be (authentication) and that he does in fact have a right to access the service or information that he is requesting (authorization). The ICE-TEL trust model is based on a merging of and extensions to the existing Pretty Good Privacy (PGP) web of trust and Privacy Enhanced Mail (PEM) hierarchy of trust models, and is called a web of hierarchies trust model. The web of hierarchies model has significant advantages over both of the previous models, and these are highlighted here. The paper further describes the way that the trust model is enforced through some of the new extensions in the X.509 V3 certificates, and gives examples of its use in different scenarios
Authorization Framework for the Internet-of-Things
This paper describes a framework that allows fine-grained
and flexible access control to connected devices with very
limited processing power and memory.
We propose a set of security and performance requirements
for this setting and derive an authorization framework distributing
processing costs between constrained devices and less constrained back-end servers while keeping message exchanges
with the constrained devices at a minimum.
As a proof of concept we present performance results from
a prototype implementing the device part of the framework
A Shibboleth-protected privilege management infrastructure for e-science education
Simplifying access to and usage of large scale compute resources via the grid is of critical importance to encourage the uptake of e-research. Security is one aspect that needs to be made as simple as possible for end users. The ESP-Grid and DyVOSE projects at the National e-Science Centre (NeSC) at the University of Glasgow are investigating security technologies which will make the end-user experience of using the grid easier and more secure. In this paper, we outline how simplified (from the user experience) authentication and authorization of users are achieved through single usernames and passwords at users' home institutions. This infrastructure, which will be applied in the second year of the grid computing module part of the advanced MSc in Computing Science at the University of Glasgow, combines grid portal technology, the Internet2 Shibboleth Federated Access Control infrastructure, and the PERMS role-based access control technology. Through this infrastructure inter-institutional teaching can be supported where secure access to federated resources is made possible between sites. A key aspect of the work we describe here is the ability to support dynamic delegation of authority whereby local/remote administrators are able to dynamically assign meaningful privileges to remote/local users respectively in a trusted manner thus allowing for the dynamic establishment of virtual organizations with fine grained security at their heart
Encryption â use and control in E-commerce
The author describes how cryptography can be used to address modern business requirements such as identity protection, secure web access and digital signatures. Article by Robert Bond (Head of Innovation & Technology Group, Hobson Audley and Fellow of SALS). Published in Amicus Curiae - Journal of the Institute of Advanced Legal Studies and its Society for Advanced Legal Studies. The Journal is produced by the Society for Advanced Legal Studies at the Institute of Advanced Legal Studies, University of London
PKI Scalability Issues
This report surveys different PKI technologies such as PKIX and SPKI and the
issues of PKI that affect scalability. Much focus is spent on certificate
revocation methodologies and status verification systems such as CRLs,
Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation,
OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure
Proxy dynamic delegation in grid gateway
Nowadays one of the main obstacles the research comes up against is the
difficulty in accessing the required computational resources. Grid is able to
offer the user a wide set of resources, even if they are often too hard to
exploit for non expert end user. Use simplification has today become a common
practice in the access and utilization of Cloud, Grid, and data center
resources. With the launch of L-GRID gateway, we introduced a new way to deal
with Grid portals. L-GRID is an extremely light portal developed in order to
access the EGI Grid infrastructure via Web, allowing users to submit their jobs
from whatever Web browser in a few minutes, without any knowledge about the
underlying Grid infrastructure.Comment: 6 page
Integrating security solutions to support nanoCMOS electronics research
The UK Engineering and Physical Sciences Research Council (EPSRC) funded Meeting the Design Challenges of nanoCMOS Electronics (nanoCMOS) is developing a research infrastructure for collaborative electronics research across multiple institutions in the UK with especially strong industrial and commercial involvement. Unlike other domains, the electronics industry is driven by the necessity of protecting the intellectual property of the data, designs and software associated with next generation electronics devices and therefore requires fine-grained security. Similarly, the project also demands seamless access to large scale high performance compute resources for atomic scale device simulations and the capability to manage the hundreds of thousands of files and the metadata associated with these simulations. Within this context, the project has explored a wide range of authentication and authorization infrastructures facilitating compute resource access and providing fine-grained security over numerous distributed file stores and files. We conclude that no single security solution meets the needs of the project. This paper describes the experiences of applying X.509-based certificates and public key infrastructures, VOMS, PERMIS, Kerberos and the Internet2 Shibboleth technologies for nanoCMOS security. We outline how we are integrating these solutions to provide a complete end-end security framework meeting the demands of the nanoCMOS electronics domain
User oriented access to secure biomedical resources through the grid
The life science domain is typified by heterogeneous data sets that are evolving at an exponential rate. Numerous post-genomic databases and areas of post-genomic life science research have been established and are being actively explored. Whilst many of these databases are public and freely accessible, it is often the case that researchers have data that is not so freely available and access to this data needs to be strictly controlled when distributed collaborative research is undertaken. Grid technologies provide one mechanism by which access to and integration of federated data sets is possible. Combining such data access and integration technologies with fine grained security infrastructures facilitates the establishment of virtual organisations (VO). However experience has shown that the general research (non-Grid) community are not comfortable with the Grid and its associated security models based upon public key infrastructures (PKIs). The Internet2 Shibboleth technology helps to overcome this through users only having to log in to their home site to gain access to resources across a VO â or in Shibboleth terminology a federation. In this paper we outline how we have applied the combination of Grid technologies, advanced security infrastructures and the Internet2 Shibboleth technology in several biomedical projects to provide a user-oriented model for secure access to and usage of Grid resources. We believe that this model may well become the de facto mechanism for undertaking e-Research on the Grid across numerous domains including the life sciences
- âŠ