AAA architectures applied in multi-domain IMS (IP multimedia subsystem)

There is a group of communication services that use\ud resources from multiple domains in order to deliver their service.\ud Authorization of the end-user is important for such services,\ud because several domains are involved. There are no current\ud solutions for delivering authentication, authorization and\ud accounting (AAA) to multi-domain services. In our study we\ud present two architectures for the delivery of AAA to such\ud services. The architectures are analyzed on their qualitative\ud aspects. A result of this analysis is that direct interconnection of\ud AAA servers is an effective architectural solution. In current\ud multi-domain IP Multimedia Subsystem (IMS) architectures,\ud direct interconnection of AAA servers, such as the Home\ud Subscriber Servers (HSS), is not yet possible. In this paper we\ud argue and recommend to extend the IMS specification by adding\ud a new interface to HSS in order to support the direct\ud interconnection of HSS/AAA servers located in different IMS\ud administrative domains

The Application of Fuzzy Logic Controller to Compute a Trust Level for Mobile Agents in a Smart Home

Agents that travel through many hosts may cause a threat on the security of the visited hosts. Assets, system resources, and the reputation of the host are few possible targets for such an attack. The possibility for multi-hop agents to be malicious is higher compared to the one-hop or two-hop boomerang agents. The travel history is one of the factors that may allow a server to evaluate the trustworthiness of an agent. This paper proposes a technique to define levels of trust for multi-hop agents that are roaming in a smart home environment. These levels of trust are used later to determine actions taken by a host at the arrival of an agent. This technique uses fuzzy logic as a method to calculate levels of trust and to define protective actions in regard to those levels

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

Intelligent interface agents for biometric applications

This thesis investigates the benefits of applying the intelligent agent paradigm to biometric identity verification systems. Multimodal biometric systems, despite their additional complexity, hold the promise of providing a higher degree of accuracy and robustness. Multimodal biometric systems are examined in this work leading to the design and implementation of a novel distributed multi-modal identity verification system based on an intelligent agent framework. User interface design issues are also important in the domain of biometric systems and present an exceptional opportunity for employing adaptive interface agents. Through the use of such interface agents, system performance may be improved, leading to an increase in recognition rates over a non-adaptive system while producing a more robust and agreeable user experience. The investigation of such adaptive systems has been a focus of the work reported in this thesis. The research presented in this thesis is divided into two main parts. Firstly, the design, development and testing of a novel distributed multi-modal authentication system employing intelligent agents is presented. The second part details design and implementation of an adaptive interface layer based on interface agent technology and demonstrates its integration with a commercial fingerprint recognition system. The performance of these systems is then evaluated using databases of biometric samples gathered during the research. The results obtained from the experimental evaluation of the multi-modal system demonstrated a clear improvement in the accuracy of the system compared to a unimodal biometric approach. The adoption of the intelligent agent architecture at the interface level resulted in a system where false reject rates were reduced when compared to a system that did not employ an intelligent interface. The results obtained from both systems clearly express the benefits of combining an intelligent agent framework with a biometric system to provide a more robust and flexible application

A modularized electronic payment system for agent-based e-commerce

With the explosive growth of the Internet, electronic-commerce (e-commerce) is an increasingly important segment of commercial activities on the web. The Secure Agent Fabrication, Evolution & Roaming (SAFER) architecture was proposed to further facilitate e-commerce using agent technology. In this paper, the electronic payment aspect of SAFER will be explored. The Secure Electronic Transaction (SET) protocol and E-Cash were selected as the bases for the electronic payment system implementation. The various modules of the payment system and how they interface with each other are shown. An extensible implementation done using JavaTM will also be elaborated. This application incorporates agent roaming functionality and the ability to conduct e-commerce transactions and carry out intelligent e-payment procedures

A Lightweight and Flexible Mobile Agent Platform Tailored to Management Applications

Mobile Agents (MAs) represent a distributed computing technology that promises to address the scalability problems of centralized network management. A critical issue that will affect the wider adoption of MA paradigm in management applications is the development of MA Platforms (MAPs) expressly oriented to distributed management. However, most of available platforms impose considerable burden on network and system resources and also lack of essential functionality. In this paper, we discuss the design considerations and implementation details of a complete MAP research prototype that sufficiently addresses all the aforementioned issues. Our MAP has been implemented in Java and tailored for network and systems management applications.Comment: 7 pages, 5 figures; Proceedings of the 2006 Conference on Mobile Computing and Wireless Communications (MCWC'2006

Agent fabrication and its implementation for agent-based electronic commerce

In the last decade, agent-based e-commerce has emerged as a potential role for the next generation of e-commerce. How to create agents for e-commerce applications has become a serious consideration in this field. This paper proposes a new scheme named agent fabrication and elaborates its implementation in multi-agent systems based on the SAFER (Secure Agent Fabrication, Evolution & Roaming) architecture. First, a conceptual structure is proposed for software agents carrying out e-commerce activities. Furthermore, agent module suitcase is defined to facilitate agent fabrication. With these definitions and facilities in the SAFER architecture, the formalities of agent fabrication are elaborated. In order to enhance the security of agent-based e-commerce, an infrastructure of agent authorization and authentication is integrated in agent fabrication. Our implementation and prototype applications show that the proposed agent fabrication scheme brings forth a potential solution for creating agents in agent-based e-commerce applications

Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database

With the increasing importance of the internet in our day to day life, data security in web application has become very crucial. Ever increasing on line and real time transaction services have led to manifold rise in the problems associated with the database security. Attacker uses illegal and unauthorized approaches to hijack the confidential information like username, password and other vital details. Hence the real time transaction requires security against web based attacks. SQL injection and cross site scripting attack are the most common application layer attack. The SQL injection attacker pass SQL statement through a web applications input fields, URL or hidden parameters and get access to the database or update it. The attacker take a benefit from user provided data in such a way that the users input is handled as a SQL code. Using this vulnerability an attacker can execute SQL commands directly on the database. SQL injection attacks are most serious threats which take users input and integrate it into SQL query. Reverse Proxy is a technique which is used to sanitize the users inputs that may transform into a database attack. In this technique a data redirector program redirects the users input to the proxy server before it is sent to the application server. At the proxy server, data cleaning algorithm is triggered using a sanitizing application. In this framework we include detection and sanitization of the tainted information being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference, Mumba

Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication