Building a truster environment for e-business : a Malaysian perspective

Internet identify ‘security’ as a major concern for businesses. In general, the level of security in any network environment is closely linked to the level of trust assigned to a particular individual or organization within that environment. It is the trust element that is crucial in ensuring a secure environment. Besides physical security, security technology needs to be utilised to provide a trusted environment for e-business. Network security components for perimeter defense, i.e., Virtual Private Networks, firewalls and Intrusion Detection Systems, need to be complemented by security components at the applications and user level, e.g., authentication of user. ID or password security solution may be an option but now with the availability of legally binding digital certificates, security in e-business transactions can be further improved. Time and date stamping of e-business transactions are also of concern to prove at a later date that the transactions took place at the stipulated date and time. Digital certificates are part of a Public Key Infrastructure (PKI) scheme, which is an enabling technology for building a trusted epvironment. PIU comprise policies and procedures for establishing a secure method for exchanging information over a network environment. The Digital Signature Act 1997 (DSA 1997) facilitates the PKI implementation in Malaysia. Following the DSA 1997, Certification Authorities (CAs) were set up in Malaysia. This paper describes a trusted platform for spurring ebusiness and provides a Malaysian perspective of it

Design of smart card enabled protocols for micro-payment and rapid application development builder for e-commerce.

by Tsang Hin Chung.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 118-124).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Authentication and Transaction Protocol --- p.2Chapter 1.2 --- E-Commerce Enabler --- p.3Chapter 2 --- Literature Review --- p.4Chapter 2.1 --- Cryptographic Preliminaries --- p.4Chapter 2.1.1 --- One-Way Hash Function --- p.4Chapter 2.1.2 --- Triple DES --- p.5Chapter 2.1.3 --- RSA --- p.7Chapter 2.1.4 --- Elliptic Curve --- p.8Chapter 2.2 --- Smart Cards --- p.8Chapter 2.2.1 --- Smart Card Operating Systems --- p.11Chapter 2.2.2 --- Java Card --- p.12Chapter 2.3 --- Authentication Protocol --- p.14Chapter 2.3.1 --- Properties --- p.15Chapter 2.3.2 --- Survey --- p.16Chapter 2.4 --- Transaction Protocol --- p.19Chapter 2.5 --- BAN Logic --- p.20Chapter 2.5.1 --- Notation --- p.20Chapter 2.5.2 --- Logical Postulates --- p.22Chapter 2.5.3 --- Protocol Analysis --- p.25Chapter 3 --- Authentication Protocol --- p.26Chapter 3.1 --- Formulation of Problem --- p.26Chapter 3.2 --- The New Idea --- p.27Chapter 3.3 --- Assumptions --- p.29Chapter 3.4 --- Trust Model --- p.29Chapter 3.5 --- Protocol --- p.30Chapter 3.5.1 --- Registration --- p.30Chapter 3.5.2 --- Local Authentication --- p.31Chapter 3.5.3 --- Remote Authentication --- p.33Chapter 3.5.4 --- Silent Key Distribution Scheme --- p.35Chapter 3.5.5 --- Advantages --- p.37Chapter 3.6 --- BAN Logic Analysis --- p.38Chapter 3.7 --- Experimental Evaluation --- p.43Chapter 3.7.1 --- Configuration --- p.44Chapter 3.7.2 --- Performance Analysis --- p.45Chapter 4 --- Transaction Protocol --- p.51Chapter 4.1 --- Assumptions --- p.52Chapter 4.2 --- Protocol --- p.55Chapter 4.3 --- Conflict Resolution Policy --- p.58Chapter 4.4 --- Justifications --- p.58Chapter 4.5 --- Experimental Evaluation --- p.59Chapter 4.5.1 --- Configuration --- p.59Chapter 4.5.2 --- Performance Analysis --- p.60Chapter 5 --- E-Commerce Builder --- p.65Chapter 5.1 --- Overview --- p.66Chapter 5.2 --- Design of Smart RAD --- p.68Chapter 5.2.1 --- Mechanism --- p.68Chapter 5.2.2 --- Java Card Layer --- p.69Chapter 5.2.3 --- Host Layer --- p.71Chapter 5.2.4 --- Server Layer --- p.72Chapter 5.3 --- Implementation --- p.73Chapter 5.3.1 --- Implementation Reflection --- p.73Chapter 5.3.2 --- Implementation Issues --- p.76Chapter 5.4 --- Evaluation --- p.77Chapter 5.5 --- An Application Example: Multi-MAX --- p.79Chapter 5.5.1 --- System Model --- p.79Chapter 5.5.2 --- Design Issues --- p.80Chapter 5.5.3 --- Implementation Issues --- p.80Chapter 5.5.4 --- Evaluation --- p.84Chapter 5.6 --- Future Work --- p.89Chapter 6 --- Conclusion --- p.91Chapter A --- Detail Experimental Result --- p.93Chapter A.1 --- Authentication Time Measurement --- p.94Chapter A.2 --- On-Card and Off-Card Computation Time in Authentication --- p.95Chapter A.3 --- Authentication Time with Different Servers --- p.96Chapter A.4 --- Transaction Time Measurement --- p.97Chapter A.5 --- On-card and Off-card Computation Time in Transaction --- p.97Chapter B --- UML Diagram --- p.99Chapter B.1 --- Package cuhk.cse.demo.applet --- p.99Chapter B.2 --- Package cuhk.cse.demo.client --- p.105Chapter B.3 --- Package server --- p.110Chapter C --- Glossary and Abbreviation --- p.115Bibliography --- p.11

IMDfence: Architecting a Secure Protocol for Implantable Medical Devices

Over the past decade, focus on the security and privacy aspects of implantable medical devices (IMDs) has intensified, driven by the multitude of cybersecurity vulnerabilities found in various existing devices. However, due to their strict computational, energy and physical constraints, conventional security protocols are not directly applicable to IMDs. Custom-tailored schemes have been proposed instead which, however, fail to cover the full spectrum of security features that modern IMDs and their ecosystems so critically require. In this paper we propose IMDfence, a security protocol for IMD ecosystems that provides a comprehensive yet practical security portfolio, which includes availability, non-repudiation, access control, entity authentication, remote monitoring and system scalability. The protocol also allows emergency access that results in the graceful degradation of offered services without compromising security and patient safety. The performance of the security protocol as well as its feasibility and impact on modern IMDs are extensively analyzed and evaluated. We find that IMDfence achieves the above security requirements at a mere less than 7% increase in total IMD energy consumption, and less than 14 ms and 9 kB increase in system delay and memory footprint, respectively

Integrating security in a group oriented distributed system

A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized

The system architecture of the Pocket Companion

In the Moby Dick project we design the architecture of a so-called Pocket Companion. It is a small personal portable computer with wireless communication facilities for every day use. The typical use of the Pocket Companion induces a number of requirements concerning security, performance, energy consumption, communication and size. We have shown that these requirements are interrelated and can only be met optimal with one single architecture. The Pocket Companion architecture consists of a central switch with a security module surrounded by several modules. The Pocket Companion is a personal machine. Communication, and particularly wireless communication, is essential for the system to support electronic transactions. Such a system requires a good security infrastructure not only for safeguarding personal data, but also to allow safe (financial) transactions. The integration of a security module in the Pocket Companion architecture provides the basis for a secure environment.\ud Because battery life is limited and battery weight is an important factor for the size and the weight of the Pocket Companion, energy consumption plays a crucial role in the architecture. An important theme of the architecture is: enough performance for minimal energy consumption

Authentication Issues in Multi-Service Residential Access Networks

Multi-service residential access networks allow residential customers to choose amongst a variety of service offerings, over a range of Core Networks and subject to user requirements such as QoS, mobility, cost and availability. These issues place requirements on authentication for network access, with a need for mutual authentication of the residential gateway (RG) to the local access point (LAP). The EU-IST project TORRENT is building a testbed providing for multi-service residential access networks in order to demonstrate the benefit of intelligent control, both for the customer and for the network operators and service providers. Adequate security measures are essential in order to secure access to the TORRENT system and services and for QoS provisioning to authorised users. This paper examines the authentication issues for the TORRENT system and presents a public key based authentication protocol for mutually authenticating the RG and the LAP