Interoperability, Trust Based Information Sharing Protocol and Security: Digital Government Key Issues

Improved interoperability between public and private organizations is of key significance to make digital government newest triumphant. Digital Government interoperability, information sharing protocol and security are measured the key issue for achieving a refined stage of digital government. Flawless interoperability is essential to share the information between diverse and merely dispersed organisations in several network environments by using computer based tools. Digital government must ensure security for its information systems, including computers and networks for providing better service to the citizens. Governments around the world are increasingly revolving to information sharing and integration for solving problems in programs and policy areas. Evils of global worry such as syndrome discovery and manage, terror campaign, immigration and border control, prohibited drug trafficking, and more demand information sharing, harmonization and cooperation amid government agencies within a country and across national borders. A number of daunting challenges survive to the progress of an efficient information sharing protocol. A secure and trusted information-sharing protocol is required to enable users to interact and share information easily and perfectly across many diverse networks and databases globally.Comment: 20 page

A New Simplified Federated Single Sign-on System

The work presented in this MPhil thesis addresses this challenge by developing a new simplified FSSO system that allows end-users to access desktop systems, web-based services/applications and non-web based services/applications using one authentication process. This new system achieves this using two major components: an “Authentication Infrastructure Integration Program (AIIP) and an “Integration of Desktop Authentication and Web-based Authentication (IDAWA). The AIIP acquires Kerberos tickets (for end-users who have been authenticated by a Kerberos single sign-on system in one net- work domain) from Kerberos single sign-on systems in different network domains without establishing trust between these Kerberos single sign-on systems. The IDAWA is an extension to the web-based authentication systems (i.e. the web portal), and it authenticates end-users by verifying the end-users\u27 Kerberos tickets. This research also developed new criteria to determine which FSSO system can deliver true single sign-on to the end-users (i.e. allowing end-users to access desktop systems, web-based services/applications and non-web based services/applications using one authentication process). The evaluation shows that the new simplified FSSO system (i.e. the combination of AIIP and IDAWA) can deliver true single sign-on to the end- users. In addition, the evaluation shows the new simplified FSSO system has advantages over existing FSSO systems as it does not require additional modifications to network domains\u27 existing non-web based authentication infrastructures (i.e. Kerberos single sign- on systems) and their firewall rules

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

Factors Impacting Key Management Effectiveness in Secured Wireless Networks

The use of a Public Key Infrastructure (PKI) offers a cryptographic solution that can overcome many, but not all, of the MANET security problems. One of the most critical aspects of a PKI system is how well it implements Key Management. Key Management deals with key generation, key storage, key distribution, key updating, key revocation, and certificate service in accordance with security policies over the lifecycle of the cryptography. The approach supported by traditional PKI works well in fixed wired networks, but it may not appropriate for MANET due to the lack of fixed infrastructure to support the PKI. This research seeks to identify best practices in securing networks which may be applied to new network architectures

Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Networks

The convergence of diverse but complementary wireless access technologies and inter-operation among administrative domains have been envisioned as crucial for the next generation wireless networks that will provide support for end-user devices to seamlessly roam across domain boundaries. The integration of existing and emerging heterogeneous wireless networks to provide such seamless roaming requires the design of a handover scheme that provides uninterrupted service continuity while facilitating the establishment of authenticity of the entities involved. The existing protocols for supporting re-authentication of a mobile node during a handover across administrative domains typically involve several round trips to the home domain, and hence introduce long latencies. Furthermore, the existing methods for negotiating roaming agreements to establish inter-domain trust rely on a lengthy manual process, thus, impeding seamless roaming across multiple domains in a truly heterogeneous wireless network. In this thesis, we present a new proof-token based authentication protocol that supports quick re-authentication of a mobile node as it moves to a new foreign domain without involving communication with the home domain. The proposed proof-token based protocol can also support establishment of spontaneous roaming agreements between a pair of domains that do not already have a direct roaming agreement, thus allowing flexible business models to be supported. We describe details of the new authentication architecture, the proposed protocol, which is based on EAP-TLS and compare the proposed protocol with existing protocols

Secure and Lightweight Authentication Protocols for Devices in Internet of Things

The Internet of Things (IoT) has become an intriguing trend worldwide as it allows any smart device with an IP address to participate in a highly immersive and connected environment that integrates physical, digital and social aspects of the user’s lives. The perpetual growth of IoT devices is resulting in less attention on the security side allowing attackers to find easy ways to exploit the devices. Hence, security is one of the important and challenging research areas in IoT. Furthermore, the resource-constrained nature of these devices results in poor performance when the traditional security protocols are used. In this thesis, we propose secure and lightweight authentication protocols for devices in IoT. A centralized network model is considered where the devices in the perception layer are mutually authenticated with the gateway of the system. A mutual authentication mechanism which uses symmetric key negotiation using Elliptic Curve Diffie-Hellman(ECDH) in the registration part of the protocol to protect the credentials of the devices and at the same time it minimizes the computation cost on the devices. At the end of the authentication, key agreement based on the symmetric key cryptography is established between the sensor devices and the gateway. Further, Elliptic Curve Integrated Encryption Scheme (ECIES) method is used to avoid the possibility of man-in-the-middle attack(MITM) in the registration phase of the previous protocol. An informal security verification of the protocols is presented which proves that they are resilient against perception layer attacks. The performance evaluation based on the metrics such as execution time, communication cost, computation cost of the protocol has been performed after the protocol is simulated in the Cooja simulator under Contiki OS environment. Further, the comparison results with the existing protocols show that the proposed system is lightweight as it provides low computation cost and better execution time