1,455 research outputs found
The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity
Most user authentication methods and identity proving systems rely on a
centralized database. Such information storage presents a single point of
compromise from a security perspective. If this system is compromised it poses
a direct threat to users' digital identities. This paper proposes a
decentralized authentication method, called the Horcrux protocol, in which
there is no such single point of compromise. The protocol relies on
decentralized identifiers (DIDs) under development by the W3C Verifiable Claims
Community Group and the concept of self-sovereign identity. To accomplish this,
we propose specification and implementation of a decentralized biometric
credential storage option via blockchains using DIDs and DID documents within
the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)
Quantum asymmetric cryptography with symmetric keys
Based on quantum encryption, we present a new idea for quantum public-key
cryptography (QPKC) and construct a whole theoretical framework of a QPKC
system. We show that the quantum-mechanical nature renders it feasible and
reasonable to use symmetric keys in such a scheme, which is quite different
from that in conventional public-key cryptography. The security of our scheme
is analyzed and some features are discussed. Furthermore, the state-estimation
attack to a prior QPKC scheme is demonstrated.Comment: 8 pages, 1 figure, Revtex
An online credential management service for InterGrid computing
Grid users and their jobs need credentials to access grid resources and services. It is important to minimize the exposure of credentials to adversaries. A practical solution is needed that works with existing software and is easy to deploy, administer, and maintain. Thus, credential management services are the wave of the future for virtual organizations such as Grid computing. This paper describes architecture of a scalable, secure and reliable on-line credential management service called SafeBox for InterGrid computing platform. SafeBox provides InterGrid users with secure mechanism for storing one or multiple credentials and access them based on need at anytime from anywhere.<br /
Simplified Distributed Programming with Micro Objects
Developing large-scale distributed applications can be a daunting task.
object-based environments have attempted to alleviate problems by providing
distributed objects that look like local objects. We advocate that this
approach has actually only made matters worse, as the developer needs to be
aware of many intricate internal details in order to adequately handle partial
failures. The result is an increase of application complexity. We present an
alternative in which distribution transparency is lessened in favor of clearer
semantics. In particular, we argue that a developer should always be offered
the unambiguous semantics of local objects, and that distribution comes from
copying those objects to where they are needed. We claim that it is often
sufficient to provide only small, immutable objects, along with facilities to
group objects into clusters.Comment: In Proceedings FOCLASA 2010, arXiv:1007.499
Next-Generation EU DataGrid Data Management Services
We describe the architecture and initial implementation of the
next-generation of Grid Data Management Middleware in the EU DataGrid (EDG)
project.
The new architecture stems out of our experience and the users requirements
gathered during the two years of running our initial set of Grid Data
Management Services. All of our new services are based on the Web Service
technology paradigm, very much in line with the emerging Open Grid Services
Architecture (OGSA). We have modularized our components and invested a great
amount of effort towards a secure, extensible and robust service, starting from
the design but also using a streamlined build and testing framework.
Our service components are: Replica Location Service, Replica Metadata
Service, Replica Optimization Service, Replica Subscription and high-level
replica management. The service security infrastructure is fully GSI-enabled,
hence compatible with the existing Globus Toolkit 2-based services; moreover,
it allows for fine-grained authorization mechanisms that can be adjusted
depending on the service semantics.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics
(CHEP03), La Jolla,Ca, USA, March 2003 8 pages, LaTeX, the file contains all
LaTeX sources - figures are in the directory "figures
Enabling Interactive Analytics of Secure Data using Cloud Kotta
Research, especially in the social sciences and humanities, is increasingly
reliant on the application of data science methods to analyze large amounts of
(often private) data. Secure data enclaves provide a solution for managing and
analyzing private data. However, such enclaves do not readily support discovery
science---a form of exploratory or interactive analysis by which researchers
execute a range of (sometimes large) analyses in an iterative and collaborative
manner. The batch computing model offered by many data enclaves is well suited
to executing large compute tasks; however it is far from ideal for day-to-day
discovery science. As researchers must submit jobs to queues and wait for
results, the high latencies inherent in queue-based, batch computing systems
hinder interactive analysis. In this paper we describe how we have augmented
the Cloud Kotta secure data enclave to support collaborative and interactive
analysis of sensitive data. Our model uses Jupyter notebooks as a flexible
analysis environment and Python language constructs to support the execution of
arbitrary functions on private data within this secure framework.Comment: To appear in Proceedings of Workshop on Scientific Cloud Computing,
Washington, DC USA, June 2017 (ScienceCloud 2017), 7 page
- …