Secured Web Services Specifications

The proliferation of XML based web services in the IT industry not only gives rise to opportunities but challenges too. Namely the challenges of security and a standard way of maintaining it across domains and organisational boundaries. OASIS, W3C and other organisations have done some great work in bringing about this synergy. What I look in this paper are some of the more popular standards in vogue today and clubbed under WS-* specification. I will try to give an overview of various frameworks and protocols being used to keep webservices secure. Some of the major protocols looked into are WS-Security, SAML, WS-Federation, WS-Trust, XMLEncryption and Signature. This paper will give you a brief introduction to impact of using WS-* on time complexity due to the extra load of encrypting and certificates. Windows communication foundation (WCF) is one of the best designed toolset for this though WCF is not the topic of discussion in this paper

A privacy preserved and credible network protocol

This is the author accepted manuscript. The final version is available from Elsevier via the DOI in this recordThe identities of packet senders and receivers are treated as important privacy information in communication networks. Any packet can be attributed to its sender for evaluating its credibility. Existing studies mainly rely on third-party agents that contain the packet sender's identity to ensure the sender's privacy preservation and credibility. In this case, packet senders run the risk that their privacy might be leaked by the agent. To this end, this paper proposes a Privacy Preserved and Credible Network Protocol (PCNP), which authorizes the agent to hide the identities of senders and receivers, while guaranteeing the credibility of a packet. The feasibility of the PCNP deployment is analyzed, and its performance is evaluated through extensive experiments.Ministry of Science and Technology of ChinaChinese Academy of Scienc

Secure and Dynamic Publish/Subscribe: LCMsec

We propose LCMsec, a brokerless, decentralised Publish/Subscribe protocol. It aims to provide low-latency and high-throughput message-passing for IoT and automotive applications while providing much-needed security functionalities to combat emerging cyber-attacks in that domain. LCMsec is an extension for the Lightweight Communications and Marshalling (LCM) protocol. We extend this protocol by providing not only authenticated encryption of the messages in transit, but also a group discovery protocol inspired by the Raft consensus protocol. The Dutta-Barua group key agreement is used to agree upon a shared symmetric key among subscribers and publishers on a topic. By using a shared group key, we reduce the key agreement overhead and the number of message authentication codes (MACs) per message compared to existing proposals for secure brokerless Publish/Subscribe protocols, which establish a symmetric key between each publisher and subscriber and append multiple MACs to each message

Patient dossier: healthcare queries over distributed resources

As with many other aspects of the modern world, in healthcare, the explosion of data and resources opens new opportunities for the development of added-value services. Still, a number of specific conditions on this domain greatly hinders these developments, including ethical and legal issues, fragmentation of the relevant data in different locations, and a level of (meta)data complexity that requires great expertise across technical, clinical, and biological domains. We propose the Patient Dossier paradigm as a way to organize new innovative healthcare services that sorts the current limitations. The Patient Dossier conceptual framework identifies the different issues and suggests how they can be tackled in a safe, efficient, and responsible way while opening options for independent development for different players in the healthcare sector. An initial implementation of the Patient Dossier concepts in the Rbbt framework is available as open-source at https://github.com/mikisvaz and https://github.com/Rbbt-Workflows.This work has received funding from the Elixir-Excelerate project, from the European Union's Horizon 2020 Research and Innovation Programme, under grant agreement N. 676559, and from Plataforma de Recursos Biomoleculares y Bioinformáticos PT13/0001/0030. Additional support came from the Lenovo - BSC Master Collaboration Agreement (2015) and from the IBM-BSC Deep Learning Centre (2016). The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Peer ReviewedPostprint (published version

Decentralized brokered enabled ecosystem for data marketplace in smart cities towards a data sharing economy

Presently data are indispensably important as cities consider data as a commodity which can be traded to earn revenues. In urban environment, data generated from internet of things devices, smart meters, smart sensors, etc. can provide a new source of income for citizens and enterprises who are data owners. These data can be traded as digital assets. To support such trading digital data marketplaces have emerged. Data marketplaces promote a data sharing economy which is crucial for provision of available data useful for cities which aims to develop data driven services. But currently existing data marketplaces are mostly inadequate due to several issues such as security, efficiency, and adherence to privacy regulations. Likewise, there is no consolidated understanding of how to achieve trust and fairness among data owners and data sellers when trading data. Therefore, this study presents the design of an ecosystem which comprises of a distributed ledger technology data marketplace enabled by message queueing telemetry transport (MQTT) to facilitate trust and fairness among data owners and data sellers. The designed ecosystem for data marketplaces is powered by IOTA technology and MQTT broker to support the trading of sdata sources by automating trade agreements, negotiations and payment settlement between data producers/sellers and data consumers/buyers. Overall, findings from this article discuss the issues associated in developing a decentralized data marketplace for smart cities suggesting recommendations to enhance the deployment of decentralized and distributed data marketplaces.publishedVersio

Patient dossier: healthcare queries over distributed resources

As with many other aspects of the modern world, in healthcare, the explosion of data and resources opens new opportunities for the development of added-value services. Still, a number of specific conditions on this domain greatly hinders these developments, including ethical and legal issues, fragmentation of the relevant data in different locations, and a level of (meta)data complexity that requires great expertise across technical, clinical, and biological domains. We propose the Patient Dossier paradigm as a way to organize new innovative healthcare services that sorts the current limitations. The Patient Dossier conceptual framework identifies the different issues and suggests how they can be tackled in a safe, efficient, and responsible way while opening options for independent development for different players in the healthcare sector. An initial implementation of the Patient Dossier concepts in the Rbbt framework is available as open-source at https://github.com/mikisvaz and https://github.com/Rbbt-Workflows.This work has received funding from the Elixir-Excelerate project, from the European Union's Horizon 2020 Research and Innovation Programme, under grant agreement N. 676559, and from Plataforma de Recursos Biomoleculares y Bioinformáticos PT13/0001/0030. Additional support came from the Lenovo - BSC Master Collaboration Agreement (2015) and from the IBM-BSC Deep Learning Centre (2016). The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Peer ReviewedPostprint (published version

Spies and journalists: Towards an ethical framework?

The publication by the Guardian in the UK from mid-2013 of secret intelligence documents leaked by the former NSA contractor Edward Snowden was highly controversial. The newspaper was attacked by the UK government, intelligence chiefs, some other news media and a range of other critics for publishing the previously secret documents. The Snowden affair was just the latest episode where the news media sought to publish information about intelligence operations, usually revealing some area of significant concern, in the face of government objections. In each case negotiations between the state and the news media have been adversarial. At the heart of this reoccurring problem is the balance in liberal democracies between national security and the freedom of the press to inform the public over matters of concern. This involves a complex set of ethical issues. This paper seeks to lay out the ethical terrain for this discussion incorporating the emergent discipline of intelligence ethics. The paper also takes the first steps in discussing a bipartisan framework for an ethical relationship between intelligence agencies and the news media that would allow accurate information to enter the public domain without recklessly jeopardising legitimate national security. It examines the various bodies that could act as an honest broker between the two sides but concludes that identifying such an organisation that would be trusted at this time is difficult

Intelligence-Sharing Agreements & International Data Protection: Avoiding a Global Surveillance State

International threats to national security have resulted in a coordinated response among states to protect their citizens, but in a post-Snowden world, are states also protecting the data integrity of its citizens? Intelligence-sharing agreements’ opacity undermine public trust given the revelations of unchecked government surveillance that emerged in 2013. The Five Eyes agreement, perhaps the most famous and fundamental promise amongst US allies, remains shrouded in mystery despite the public demand for less intrusive and more translucent government surveillance practices. This agreement and those which mirror it evade the few domestic safeguards that serve to ensure democratic surveillance. Taking a lesson from European courts’ skepticism of Five Eyes nations’ surveillance practices, this note urges American legislators and judges to favor democratic accountability over executive deference