298 research outputs found
Interdomain User Authentication and Privacy
This thesis looks at the issue of interdomain user authentication, i.e. user
authentication in systems that extend over more than one administrative
domain. It is divided into three parts. After a brief overview of related
literature, the first part provides a taxonomy of current approaches to the
problem. The taxonomy is first used to identify the relative strengths and
weaknesses of each approach, and then employed as the basis for putting into
context four concrete and novel schemes that are subsequently proposed in
this part of the thesis. Three of these schemes build on existing technology;
the first on 2nd and 3rd-generation cellular (mobile) telephony, the second on
credit/debit smartcards, and the third on Trusted Computing. The fourth
scheme is, in certain ways, different from the others. Most notably, unlike the
other three schemes, it does not require the user to possess tamper-resistant
hardware, and it is suitable for use from an untrusted access device. An
implementation of the latter scheme (which works as a web proxy) is also
described in this part of the thesis.
As the need to preserve one’s privacy continues to gain importance in the
digital world, it is important to enhance user authentication schemes with
properties that enable users to remain anonymous (yet authenticated). In
the second part of the thesis, anonymous credential systems are identified as
a tool that can be used to achieve this goal. A formal model that captures
relevant security and privacy notions for such systems is proposed. From this
model, it is evident that there exist certain inherent limits to the privacy that
such systems can offer. These are examined in more detail, and a scheme
is proposed that mitigates the exposure to certain attacks that exploit these
limits in order to compromise user privacy. The second part of the thesis
also shows how to use an anonymous credential system in order to facilitate
what we call ‘privacy-aware single sign-on’ in an open environment. The
scheme enables the user to authenticate himself to service providers under
separate identifier, where these identifiers cannot be linked to each other,
even if all service providers collude. It is demonstrated that the anonymity
enhancement scheme proposed earlier is particularly suited in this special
application of anonymous credential systems.
Finally, the third part of the thesis concludes with some open research
questions
Health Information System Role-Based Access Control Current Security Trends and Challenges
Objective. This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. Method. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. Results. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Conclusion. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.Sao Paulo Federal University (Unifesp) sponsorshipUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilWeb of Scienc
Routing-Verification-as-a-Service (RVaaS): Trustworthy Routing Despite Insecure Providers
Computer networks today typically do not provide any mechanisms to the users
to learn, in a reliable manner, which paths have (and have not) been taken by
their packets. Rather, it seems inevitable that as soon as a packet leaves the
network card, the user is forced to trust the network provider to forward the
packets as expected or agreed upon. This can be undesirable, especially in the
light of today's trend toward more programmable networks: after a successful
cyber attack on the network management system or Software-Defined Network (SDN)
control plane, an adversary in principle has complete control over the network.
This paper presents a low-cost and efficient solution to detect misbehaviors
and ensure trustworthy routing over untrusted or insecure providers, in
particular providers whose management system or control plane has been
compromised (e.g., using a cyber attack). We propose
Routing-Verification-as-a-Service (RVaaS): RVaaS offers clients a flexible
interface to query information relevant to their traffic, while respecting the
autonomy of the network provider. RVaaS leverages key features of
OpenFlow-based SDNs to combine (passive and active) configuration monitoring,
logical data plane verification and actual in-band tests, in a novel manner
Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions
In recent years, low-carbon transportation has become an indispensable part
as sustainable development strategies of various countries, and plays a very
important responsibility in promoting low-carbon cities. However, the security
of low-carbon transportation has been threatened from various ways. For
example, denial of service attacks pose a great threat to the electric vehicles
and vehicle-to-grid networks. To minimize these threats, several methods have
been proposed to defense against them. Yet, these methods are only for certain
types of scenarios or attacks. Therefore, this review addresses security aspect
from holistic view, provides the overview, challenges and future directions of
cyber security technologies in low-carbon transportation. Firstly, based on the
concept and importance of low-carbon transportation, this review positions the
low-carbon transportation services. Then, with the perspective of network
architecture and communication mode, this review classifies its typical attack
risks. The corresponding defense technologies and relevant security suggestions
are further reviewed from perspective of data security, network management
security and network application security. Finally, in view of the long term
development of low-carbon transportation, future research directions have been
concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable
Energy Review
Security for Grid Services
Grid computing is concerned with the sharing and coordinated use of diverse
resources in distributed "virtual organizations." The dynamic and
multi-institutional nature of these environments introduces challenging
security issues that demand new technical approaches. In particular, one must
deal with diverse local mechanisms, support dynamic creation of services, and
enable dynamic creation of trust domains. We describe how these issues are
addressed in two generations of the Globus Toolkit. First, we review the Globus
Toolkit version 2 (GT2) approach; then, we describe new approaches developed to
support the Globus Toolkit version 3 (GT3) implementation of the Open Grid
Services Architecture, an initiative that is recasting Grid concepts within a
service oriented framework based on Web services. GT3's security implementation
uses Web services security mechanisms for credential exchange and other
purposes, and introduces a tight least-privilege model that avoids the need for
any privileged network service.Comment: 10 pages; 4 figure
IPTV Service Framework Based on Secure Authentication and Lightweight Content Encryption for Screen-Migration in Cloud Computing
These days, the advancing of smart devices (e.g. smart phones, tablets, PC, etc.) capabilities and the increase of internet bandwidth enables IPTV service provider to extend their services to smart mobile devices. User can just receive their IPTV service using any smart devices by accessing the internet via wireless network from anywhere anytime in the world which is convenience for users. However, wireless network communication has well a known critical security threats and vulnerabilities to user smart devices and IPTV service such as user identity theft, reply attack, MIM attack, and so forth. A secure authentication for user devices and multimedia protection mechanism is necessary to protect both user devices and IPTV services. As result, we proposed framework of IPTV service based on secure authentication mechanism and lightweight content encryption method for screen-migration in Cloud computing. We used cryptographic nonce combined with user ID and password to authenticate user device in any mobile terminal they passes by. In addition we used Lightweight content encryption to protect and reduce the content decode overload at mobile terminals. Our proposed authentication mechanism reduces the computational processing by 30% comparing to other authentication mechanism and our lightweight content encryption reduces encryption delay to 0.259 second
An integrated wireless communication architecture for maritime sector
The rapid evolution of terrestrial wireless systems has brought mobile users more and more desired communication services. Maritime customers are asking for the same, such as the concepts of “Broadband at Sea” and “Maritime Internet”. Quite a lot of research work has focused on the development of new and better maritime communication technologies, but less attention has been paid on interworking of multiple maritime wireless networks or on satisfying service provisioning. To address this, an integrated wireless Communication Architecture for Maritime Sector (CAMS) has been introduced in this article. CAMS is aimed at 1) granting maritime customers uninterrupted connectivity through the best available network and 2) providing them with the best-provisioned communication services in terms of mobility, security and Quality of Experience (QoE). To address mobility challenge, the IEEE 802.21 standard is recommended to be used in CAMS in order to achieve seamless handover. CAMS provides application-level QoE support attending to the limited communication resources (e.g. bandwidth) at sea. Certain security considerations have also been proposed to supplement this architecture
- …