LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments

The non-repudiation as an essential requirement of many applications can be provided by the asymmetric key model. With the evolution of new applications such as mobile commerce, it is essential to provide secure and efficient solutions for the mobile environments. The traditional public key cryptography involves huge computational costs and is not so suitable for the resource-constrained platforms. The elliptic curve-based approaches as the newer solutions require certain considerations that are not taken into account in the traditional public key infrastructures. The main contribution of this paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the constrained platforms such as mobile phones. It takes advantages of elliptic curve cryptography and signcryption to decrease the computational costs and communication overheads, and adapting to the constraints. All the computational costs of required validations can be eliminated from end-entities by introduction of a validation authority to the introduced infrastructure and delegating validations to such a component. LPKI is so suitable for mobile environments and for applications such as mobile commerce where the security is the great concern.Comment: 6 Pages, 6 Figure

IAMS framework: a new framework for acceptable user experiences for integrating physical and virtual identity access management systems

The modern world is populated with so many virtual and physical Identity Access Management Systems (IAMSs) that individuals are required to maintain numerous passwords and login credentials. The tedious task of remembering multiple login credentials can be minimised through the utilisation of an innovative approach of single sign-in mechanisms. During recent times, several systems have been developed to provide physical and virtual identity management systems; however, most have not been very successful. Many of the available systems do not provide the feature of virtual access on mobile devices via the internet; this proves to be a limiting factor in the usage of the systems. Physical spaces, such as offices and government entities, are also favourable places for the deployment of interoperable physical and virtual identity management systems, although this area has only been explored to a minimal level. Alongside increasing the level of awareness for the need to deploy interoperable physical and virtual identity management systems, this paper addresses the immediate need to establish clear standards and guidelines for successful integration of the two medium

Multilayer Security Mechanism in Computer Networks

In multilayered security infrastructure, the layers are projected in a way that vulnerability of one layer could not compromise the other layers and thus the whole system is not vulnerable. This paper evaluates security mechanism on application, transport and network layers of ISO/OSI reference model and gives examples of today's most popular security protocols applied in each of mentioned layers. A secure computer network systems is recommended that consists of combined security mechanisms on three different ISO/OSI reference model layers : application layer security based on strong user authentication, digital signature, confidentiality protection, digital certificates and hardware tokens, transport layer security based on establishment of a cryptographic tunnel between network nodes and strong node authentication procedure and network IP layer security providing bulk security mechanisms on network level between network nodes. Strong authentication procedures used for user based on digital certificates and PKI systems are especially emphasized.  Keywords: Multilayered Security Systems, PKI systems, Smart Cards

Multilayer Security Mechanism in Computer Networks

In multilayered security infrastructure, the layers are projected in a way that vulnerability of one layer could not compromise the other layers and thus the whole system is not vulnerable. This paper evaluates security mechanism on application, transport and network layers of ISO/OSI reference model and gives examples of today's most popular security protocols applied in each of mentioned layers. A secure computer network systems is recommended that consists of combined security mechanisms on three different ISO/OSI reference model layers : application layer security based on strong user authentication, digital signature, confidentiality protection, digital certificates and hardware tokens, transport layer security based on establishment of a cryptographic tunnel between network nodes and strong node authentication procedure and network IP layer security providing bulk security mechanisms on network level between network nodes. Strong authentication procedures used for user based on digital certificates and PKI systems are especially emphasized. Keywords: Multilayered Security Systems, PKI systems, Smart Cards

A tokenization-based communication architecture for HCE-Enabled NFC services

Following the announcement of Host Card Emulation (HCE) technology, card emulation mode based Near Field Communication (NFC) services have gained further appreciation as an enabler of the Cloud-based Secure Element (SE) concept. A comprehensive and complete architecture with a centralized and feasible business model for diverse HCE-based NFC services will be highly appreciated, particularly by Service Providers and users. To satisfy the need in this new emerging research area, a Tokenization-based communication architecture for HCE-based NFC services is presented in this paper. Our architecture proposes Two-Phased Tokenization to enable the identity management of both user and Service Provider. NFC Smartphone users can store, manage, and make use of their sensitive data on the Cloud for NFC services; Service Providers can also provide diverse card emulation NFC services easily through the proposed architecture. In this paper, we initially present the Two-Phased Tokenization model and then validate the proposed architecture by providing a case study on access control. We further evaluate the usability aspect in terms of an authentication scheme. We then discuss the ecosystem and business model comprised of the proposed architecture and emphasize the contributions to ecosystem actors. Finally, suggestions are provided for data protection in transit and at rest.This work is funded by KocSistem Information and Communication Services Inc. and Turkish Ministry of Science, Industry and Technology under SAN-TEZ Project no. 0726.STZ.2014Publisher's Versio

Memory Forensics of a Java Card Dump

International audienceNowadays several papers have shown the ability to dump the EEPROM area of several Java Cards leading to the disclosure of already loaded applet and data structure of the card. Such a reverse engineering process is costly and prone to errors. Currently there are no tools available to help the process. We propose here an approach to find in the raw data obtained after a dump, the area containing the code and the data. Then, once the code area has been identified, we propose to rebuilt the original binary Cap file in order to be able to obtain the source code of the applet stored in the card