Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

Authentication and authorisation in entrusted unions

This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported

A Centralized SDN Architecture for the 5G Cellular Network

In order to meet the increasing demands of high data rate and low latency cellular broadband applications, plans are underway to roll out the Fifth Generation (5G) cellular wireless system by the year 2020. This paper proposes a novel method for adapting the Third Generation Partnership Project (3GPP)'s 5G architecture to the principles of Software Defined Networking (SDN). We propose to have centralized network functions in the 5G network core to control the network, end-to-end. This is achieved by relocating the control functionality present in the 5G Radio Access Network (RAN) to the network core, resulting in the conversion of the base station known as the gNB into a pure data plane node. This brings about a significant reduction in signaling costs between the RAN and the core network. It also results in improved system performance. The merits of our proposal have been illustrated by evaluating the Key Performance Indicators (KPIs) of the 5G network, such as network attach (registration) time and handover time. We have also demonstrated improvements in attach time and system throughput due to the use of centralized algorithms for mobility management with the help of ns-3 simulations

A Survey on Handover Management in Mobility Architectures

This work presents a comprehensive and structured taxonomy of available techniques for managing the handover process in mobility architectures. Representative works from the existing literature have been divided into appropriate categories, based on their ability to support horizontal handovers, vertical handovers and multihoming. We describe approaches designed to work on the current Internet (i.e. IPv4-based networks), as well as those that have been devised for the "future" Internet (e.g. IPv6-based networks and extensions). Quantitative measures and qualitative indicators are also presented and used to evaluate and compare the examined approaches. This critical review provides some valuable guidelines and suggestions for designing and developing mobility architectures, including some practical expedients (e.g. those required in the current Internet environment), aimed to cope with the presence of NAT/firewalls and to provide support to legacy systems and several communication protocols working at the application layer

Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication