Smart business networks: architectural aspects and risks

This paper summarizes key attributes and the uniqueness of smart business networks [1], to propose thereafter an operational implementation architecture. It involves, amongst others, the embedding of business logic specific to a network of business partners, inside the communications control networks .It also involves the definition of business protocols between these partners and the joint management of some common functions relying on open networking standards. This implies some key paradigm changes, both of a technical and of a business nature, which are offered here for discussion via a set of propositions

Introduction to Directory Services

The Directory has grown to be an important OSI application as it acts as a focal point and general support for a number of other applications. This work first points out directory requirements in the OSI framework and other OSI applications, as the Mail Handling System. The first version of the X.500 standard is then described and some Directory related issues are discussed. In particular, X.500 Directory as a database system is examined and some directory service implementations are presented

Geospatial Informational Security Risks and Concerns of the U.S. Air Force GeoBase Program

Technological advancements such as Geospatial Information Systems (GIS) and the Internet have made it easier and affordable to share information, which enables complex and time sensitive decisions to be made with higher confidence. Further, advancements in information technology have dramatically increased the ability to store, manage, integrate, and correlate larger amounts of data to improve operational efficiency. However, the same technologies that enable increased productivity also provide increased capabilities to those wishing to do harm. Today’s military leaders are faced with the challenge of deciding how to make geospatial information collected on military installations and organizations available to authorized communities of interest while simultaneously restricting access to protect operational security. Often, these decisions are made without understanding how the sharing of certain combinations of data may pose a significant risk to protecting critical information, infrastructure or resources. Information security has been an area of growing concern in the GeoBase community since, by definition, it is required to strike a balance between competing interests, each supported by federal policy: (1) the availability of data paid for by tax dollars and (2) the protection of data as required to mitigate risks. In this research we will explore the security implications of the US Air Force GeoBase (the US Air Force’s applied Geospatial Information System) program. We examine the rapid expansion of the use of GeoBase to communities outside of the civil engineering field; examine the intrinsic and extrinsic security risks of the unconstrained sharing of geospatial information; explore difficulties encountered when attempting to rate the sensitivity of information, discuss new policies and procedures that have been implemented undertaken to protect the information, and propose technical and managerial control measures to facilitate sharing geospatial information sharing while minimizing the associated operational risks

Federated Authentication using the Cloud (Cloud Aura)

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorised user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. Traditionally deployed in a point-of-entry mode (although a number of implementations also provide for re-authentication), the intrusive nature of the control is a significant inhibitor. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This thesis reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between the need for high security whilst maximising user satisfaction. This is followed by a comprehensive literature survey and critical analysis of the existing research domain on continuous and transparent multibiometric authentication. It is evident that most of the undertaken studies and proposed solutions thus far endure one or more shortcomings; for instance, an inability to balance the trade-off between security and usability, confinement to specific devices, lack or negligence of evaluating users’ acceptance and privacy measures, and insufficiency or absence of real tested datasets. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilised in a universal manner. Accordingly, it is paramount to have a high level of performance, scalability, and interoperability amongst existing and future systems, services and devices. A survey of 302 digital device users was undertaken and reveals that despite the widespread interest in more security, there is a quite low number of respondents using or maintaining the available security measures. However, it is apparent that users do not avoid applying the concept of authentication security but avoid the inconvenience of its current common techniques (biometrics are having growing practical interest). The respondents’ perceptions towards Trusted Third-Party (TTP) enable utilising biometrics for a novel authentication solution managed by a TTP working on multiple devices to access multiple services. However, it must be developed and implemented considerately. A series of experimental feasibility analysis studies disclose that even though prior Transparent Authentication Systems (TAS) models performed relatively well in practice on real live user data, an enhanced model utilising multibiometric fusion outweighs them in terms of the security and transparency of the system within a device. It is also empirically established that a centralised federated authentication approach using the Cloud would help towards constructing a better user profile encompassing multibiometrics and soft biometric information from their multiple devices and thus improving the security and convenience of the technique beyond those of unimodal, the Non-Intrusive and Continuous Authentication (NICA), and the Weighted Majority Voting Fusion (WMVF) and what a single device can do by itself. Furthermore, it reduces the intrusive authentication requests by 62%-74% (of the total assumed intrusive requests without operating this model) in the worst cases. As such, the thesis proposes a novel authentication architecture, which is capable of operating in a transparent, continuous and convenient manner whilst functioning across a range of digital devices – bearing in mind it is desirable to work on differing hardware configurations, operating systems, processing capabilities and network connectivity but they are yet to be validated. The approach, entitled Cloud Aura, can achieve high levels of transparency thereby being less dependent on secret-knowledge or any other intrusive login and leveraging the available devices capabilities without requiring any external sensors. Cloud Aura incorporates a variety of biometrics from different types, i.e. physiological, behavioural, and soft biometrics and deploys an on-going identity confidence level based upon them, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s). While in use, it functions with minimal processing overhead thereby reducing the time required for the authentication decision. Ultimately, a functional proof of concept prototype is developed showing that Cloud Aura is feasible and would have the provisions of effective security and user convenience.Royal Commission for Jubail and Yanbu, Kingdom of Saudi Arabi

Electronic invoicing for small businesses

Masteroppgave i informasjons- og kommunikasjonsteknologi IKT590 2011 – Universitetet i Agder, GrimstadThe Norwegian government has released an act suggesting that all invoices sent to the public sector should be sent electronically by the year 2012. In addition more and more large companies demand their suppliers to send invoices electronically. Such demands may exclude less resourceful participants from taking part in trade with a section of the market. Hence, this project is set out to find a solution for sending electronic invoices aimed at the less resourceful small businesses and sole proprietors. The study has identified user habits with issues involved, and carried out a market analysis including research of existing infrastructure and related systems. The findings of the made studies have been transferred to a solution design, prepared for release within Norway and possibly for use within the Pan-European Public Procurement On Line, PEPPOL consortium. Morover, certain aspects of the solution design have been implemented in a prototype. It is believed that the proposed solution will ensure that less resourceful participants can still take part in trade with all of the market. The documented design specification, in combination with the prototype, provides a solid foundation for full-scale implementation

Digitalization concepts in academic bioprocess development

Digitalization with integrated devices, digital and physical assistants, automation, and simulation is setting a new direction for laboratory work. Even with complex research workflows, high staff turnover, and a limited budget some laboratories have already shown that digitalization is indeed possible. However, academic bioprocess laboratories often struggle to follow the trend of digitalization. Due to their diverse research circumstances, high variety of team composition, goals, and limitations the concepts are substantially different. Here, we will provide an overview on different aspects of digitalization and describe how academic laboratories successfully digitalized their working environment. The key aspect is the collaboration and communication between IT-experts and scientific staff. The developed digital infrastructure is only useful if it supports the laboratory worker and does not complicate their work. Thereby, laboratory researchers have to collaborate closely with IT-experts in order for a well-developed and maintainable digitalization concept that fits their individual needs and level of complexity. This review may serve as a starting point or a collection of ideas for the transformation toward a digitalized laboratory

Extended Abstracts of the Second Privacy Enhancing Technologies Convention (PET-CON 2008.1)

PET-CON, the Privacy Enhancing Technologies Convention, is a forum for researchers, students, developers, and other interested people to discuss novel research, current developments and techniques in the area of Privacy Enhancing Technologies. PET-CON was first conceived in June 2007 at the 7th International PET Symposium in Ottawa, Canada. The idea was to set up a bi-annual convention in or nearby Germany to be able to meet more often than only once a year at some major conference

Älypuhelin kotiverkkojen luottamusankkurina

Kun tietoverkot kodeissa monimutkaistuvat, eivät kotikäyttäjät osaa tai halua enää ylläpitää niitä. Kotiverkkojen ylläpito ei eroa nykyisin paljon yritysympäristöistä. Käyttäjältä vaaditaan läsnäolo, tunnukset ja tietämys laitteiden operointiin. Näitä vaatimuksia täytyy soveltaa, jos ylläpito ulkoistettaisiin ja pääsy kotiverkkoihin sallittaisiin. Luotettava toimija on palkattava ja jaettava tälle tunnistautumiskeino sekä pääsy kohdelaitteelle ulkoa käsin. Tämä edellyttää ennakkotoimia ja tunnistautumisavainten jakelua. Käyttäjän älypuhelimessa toimiva sovellus toimii tässä luotettuna toimijana. Matkapuhelinliittymällään käyttäjä on jo osa luotettua tilaajarekisteriä, ja tätä ominaisuutta käytetään hyväksi työssä luottamuksen rakentajana. Matkapuhelintunnistuksena käytetään SIM-kortin tilaajatietoa EAP-menetelmällä. EAP-SIM-pohjaisen tunnistuksen toimivuus esitetään käyttöympäristössä, jossa on simuloitu SIM-kortti ja matkapuhelinoperaattori. Periaatteena on ollut käyttää olemassaolevia tekniikoita yhdistäen niitä uusiin alueisiin, kuten homenet-määritysten kotiverkkoihin ja edustajalle ulkoistettuun hallintaan. Tunnistus- ja valtuutustietojen välittämisen hoitaa WPA2 Enterprise RADIUS-ympäristössä. Välttääksemme monimutkaisuutta ja tarpeetonta hienorakeisuutta, käytämme yksinkertaista hallintaverkkomallia, jonka rajalla on kotiverkosta muuten erillään oleva älypuhelin. Tuloksena näytetään, että matkapuhelimella tehty tunnistautuminen luo luottamusankkurin ulkoisen edustajan ja kodin hallintaverkon välille avaten edustajalle hallintayhteyden kotikäyttäjän valvonnassa. SIM-tunnistuksen hyötyjä ovat vahva tunnistus ja laaja käyttäjäkanta. Haittoina ovat riippuvuus teleoperaattorista, käyttäjän identiteetin paljastumisen uhka ja ei-toivottu automaattinen tunnistautuminen.Today, home networks are complex, and the home owners do not necessarily want to administer all aspects of their networks. Configuring home network devices does not differ much from configuring enterprise devices. One needs access, credentials to login and knowledge to operate the device. If the configuration is outsourced to external parties and done remotely, those requirements need adaptation. Access to an end device from the outside must be provided, a trusted operator must be hired, and login credentials shared. For this purpose, some previously set provisioning and distribution of authentication keys is needed. In this work, an application running on a user's smartphone represents this trusted operator. The fact that the mobile phone subscribers already are part of a reliable infrastructure is used in the study as a trusted base. To benefit from the mobile identification, it is shown how the authentication and authorization are done using an extendable authentication profile (EAP) and a SIM card. A theory to use EAP-SIM authentication at home is presented, and to demonstrate that it works, a simulated testbed is built, tested, and analyzed. The idea is to reuse existing techniques by combining them with such new areas as homenet and delegated management. Authentication claims are transported with WPA2 Enterprise. To further avoid complexity and granularity, we only use a simple model of management network. As a result, we show that the smartphone authentication provides a trust anchor between a configuration agent and the home network. The home network management can be controlled via the smartphone while keeping the local phone user still in control. The benefits of using the SIM are that it is considered strong, and it has a large existing user base, while its disadvantages include dependency onto the mobile operator. Additionally, there remain challenges in keeping the SIM's identity private and in disabling unwanted re-authentications

Individualisation avancée des services IPTV

Le monde de la TV est en cours de transformation de la télévision analogique à la télévision numérique, qui est capable de diffuser du contenu de haute qualité, offrir aux consommateurs davantage de choix, et rendre l'expérience de visualisation plus interactive. IPTV (Internet Protocol TV) présente une révolution dans la télévision numérique dans lequel les services de télévision numérique sont fournis aux utilisateurs en utilisant le protocole Internet (IP) au dessus d une connexion haut débit. Les progrès de la technologie IPTV permettra donc un nouveau modèle de fourniture de services. Les fonctions offertes aux utilisateurs leur permettent de plus en plus d autonomie et de plus en plus de choix. Il en est notamment ainsi de services de type nTS (pour network Time Shifting en anglais) qui permettent à un utilisateur de visionner un programme de télévision en décalage par rapport à sa programmation de diffusion, ou encore des services de type nPVR (pour network Personal Video Recorder en anglais) qui permettent d enregistrer au niveau du réseau un contenu numérique pour un utilisateur. D'autre part, l'architecture IMS proposée dans NGN fournit une architecture commune pour les services IPTV. Malgré les progrès rapides de la technologie de télévision interactive (comprenant notamment les technologies IPTV et NGN), la personnalisation de services IPTV en est encore à ses débuts. De nos jours, la personnalisation des services IPTV se limite principalement à la recommandation de contenus et à la publicité ciblée. Ces services ne sont donc pas complètement centrés sur l utilisateur, alors que choisir manuellement les canaux de diffusion et les publicités désirées peut représenter une gêne pour l utilisateur. L adaptation des contenus numériques en fonction de la capacité des réseaux et des dispositifs utilisés n est pas encore prise en compte dans les implémentations actuelles. Avec le développement des technologies numériques, les utilisateurs sont amenés à regarder la télévision non seulement sur des postes de télévision, mais également sur des smart phones, des tablettes digitales, ou encore des PCs. En conséquence, personnaliser les contenus IPTV en fonction de l appareil utilisé pour regarder la télévision, en fonction des capacités du réseau et du contexte de l utilisateur représente un défi important. Cette thèse présente des solutions visant à améliorer la personnalisation de services IPTV à partir de trois aspects: 1) Nouvelle identification et authentification pour services IPTV. 2) Nouvelle architecture IPTV intégrée et comportant un système de sensibilité au contexte pour le service de personnalisation. 3) Nouveau service de recommandation de contenu en fonction des préférences de l utilisateur et aussi des informations contextesInternet Protocol TV (IPTV) delivers television content to users over IP-based network. Different from the traditional TV services, IPTV platforms provide users with large amount of multimedia contents with interactive and personalized services, including the targeted advertisement, on-demand content, personal video recorder, and so on. IPTV is promising since it allows to satisfy users experience and presents advanced entertainment services. On the other hand, the Next Generation Network (NGN) approach in allowing services convergence (through for instance coupling IPTV with the IP Multimedia Subsystem (IMS) architecture or NGN Non-IMS architecture) enhances users experience and allows for more services personalization. Although the rapid advancement in interactive TV technology (including IPTV and NGN technologies), services personalization is still in its infancy, lacking the real distinguish of each user in a unique manner, the consideration of the context of the user (who is this user, what is his preferences, his regional area, location, ..) and his environment (characteristics of the users devices screen types, size, supported resolution, and networks available network types to be used by the user, available bandwidth, .. ) as well as the context of the service itself (content type and description, available format HD/SD , available language, ..) in order to provide the adequate personalized content for each user. This advanced IPTV services allows services providers to promote new services and open new business opportunities and allows network operators to make better utilization of network resources through adapting the delivered content according to the available bandwidth and to better meet the QoE (Quality of Experience) of clients. This thesis focuses on enhanced personalization for IPTV services following a user-centric context-aware approach through providing solutions for: i) Users identification during IPTV service access through a unique and fine-grained manner (different from the identification of the subscription which is the usual current case) based on employing a personal identifier for each user which is a part of the user context information. ii) Context-Aware IPTV service through proposing a context-aware system on top of the IPTV architecture for gathering in a dynamic and real-time manner the different context information related to the user, devices, network and service. The context information is gathered throughout the whole IPTV delivery chain considering the user domain, network provider domain, and service/content provider domain. The proposed context-aware system allows monitoring user s environment (devices and networks status), interpreting user s requirements and making the user s interaction with the TV system dynamic and transparent. iii) Personalized recommendation and selection of IPTV content based on the different context information gathered and the personalization decision taken by the context-aware system (different from the current recommendation approach mainly based on matching content to users preferences) which in turn highly improves the users Quality of Experience (QoE) and enriching the offers of IPTV servicesEVRY-INT (912282302) / SudocSudocFranceF