315 research outputs found

    Supporting security-oriented, collaborative nanoCMOS electronics research

    Get PDF
    Grid technologies support collaborative e-Research typified by multiple institutions and resources seamlessly shared to tackle common research problems. The rules for collaboration and resource sharing are commonly achieved through establishment and management of virtual organizations (VOs) where policies on access and usage of resources by collaborators are defined and enforced by sites involved in the collaboration. The expression and enforcement of these rules is made through access control systems where roles/privileges are defined and associated with individuals as digitally signed attribute certificates which collaborating sites then use to authorize access to resources. Key to this approach is that the roles are assigned to the right individuals in the VO; the attribute certificates are only presented to the appropriate resources in the VO; it is transparent to the end user researchers, and finally that it is manageable for resource providers and administrators in the collaboration. In this paper, we present a security model and implementation improving the overall usability and security of resources used in Grid-based e-Research collaborations through exploitation of the Internet2 Shibboleth technology. This is explored in the context of a major new security focused project at the National e-Science Centre (NeSC) at the University of Glasgow in the nanoCMOS electronics domain

    Building Trust Networks

    Get PDF
    The common agreement in the industry is that the Public Key Infrastructure is complex and expensive. From the year 1976 with the introduction of public key cryptography and the introduction of PKI concept in 1977 a lot of scientific resources has been spent on creation of usable key exchange systems and concepts to build trust networks. Most EU Member States have implemented their own national Public Key Infrastructure solutions mainly to enable strong authentication of citizens. They are however not the only systems within the EU to utilize PKI. Due to the nature of the PKI it is most convenient or suitable in an environment with stakeholders with similar agendas. This has resulted in several new PKI developments for specific purposes, within one industry or one vertical such as healthcare. Some Member States have tried to incorporate vertical needs with an all-purpose PKI solution, such as the Austrian eID card with so called sector specific certificates (http://ec.europa.eu/idabc/en/document/4486/5584). From the CIA (Confidentiality, Integrity, Availability) triangle public key cryptography provides confidentiality and integrity. The modern world however has more requirements in environments where sensitive information is being exchanged. It is not enough to know identity of the entity trying to access the information, but to also know the entity permissions or privileges regarding the requested resource. The authorization process grants the user specific permissions to e.g. access, modify or delete resources. A pure PKI does not allow us to build complex authorization policies, and therefore some of the Member States have built (authentication and) authorization solutions on top of existing authentication infrastructures, especially in the eGovernment sector. The scientific community has also tried to solve this issue by creating extensions to the basic PKI concept, and some of these concepts have been successful. Another problem with large scales systems is the key distribution. Managing a large number of keys using a central solution such as PKI has proven to be problematic in certain conditions. Either there are tradeoffs in security, or problems with application support. The last issue deals with public key cryptography itself. Current cryptography relies on the fact that it provides enough security based on availability of the resources, i.e. computational power. New approaches have been introduced both scientifically and commercially by moving away from the mathematics to other areas such as quantum mechanics. This paper is a quick review on some of the existing systems and their benefits and inherent challenges as well as a short introduction to new developments in the areas of authentication, authorization and key distribution.JRC.G.6-Security technology assessmen

    Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing

    Get PDF
    The security of the vast majority of ``secure\u27\u27 Web services rests on SSL server PKI. However, this PKI doesn\u27t work if the the adversary can trick the browser into appearing to tell the user the wrong thing about the certificates and cryptography. The seminal web spoofing work of Felten et al demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. Our recent follow-up work explicitly shows how malicious servers can still do this---and can also forge the existence of an SSL session and the contents of the alleged server certificate. This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user. Starting with the Mozilla source, we have implemented techniques that protect a wide variety of browser-user communications, that require little participation by the user and minimal disruption of the displayed server content. We have prepared shell scripts that install these modifications on the Mozilla source, to enable others to replicate this work. In on-going work, we are cleaning up and fine-tuning our code. In future work, we hope to examine more deeply the role of user interfaces in enabling users to make effective trust judgments

    Mcommerce - a vision in time

    Full text link
    Global mCommerce revenues are expected to grow from $400 million in 2000, to 22.2 billion by 2005 (Raczkowski, 2002) mCommerce is a key driver in developing the global information society, with applications emerging in numerous areas including banking, financial services, security services and shopping (Khalifa and Cheng, 2002). With optimistic projections regarding its growth, many researchers are actively determining the future of mCommerce. In this paper, we have tried to synthesise some predictions and evolving definitions, explored security as a critical impediment and developing solutions; investigated the mPayment scenario; and derived a futuristic research framework. Specifically, we have attempted to capture the moving mCommerce scenario in present time, with a special focus into mPayments.<br /

    Technical Diagnostics of Tank Cannon Smooth Barrel Bore and Ramming Device

    Get PDF
    The technical diagnostics of 125 mm tank cannon 2A46 smooth barrel and ramming devices are discussed respectively. Focuses on barrel diagnostics and suggests new procedures based on reconstructed BG20 Gun Barrel Bore Gauge System, measuring internal diameter of the barrel bore. The new system measures throughout the whole barrel bore the inner diameter not only at the beginning of barrel bore as it was usually measured before. Different nature of barrel wear was revealed between barrels firing sub-calibre and high explosive projectiles. A method for ramming device diagnostics is presented. An accurate method was proposed, determining projectile extraction force from barrel, as one of the main ramming device parameters for weapons that are used in all areas of armed forces. Results are based on experimental methods assessing the extraction forces from barrel after projectile loading. These tests were performed as a series of tests with consequent technical diagnostics according to the new Czech Defence Standards (derived from NATO standards). The results are presented as the new methodologies for diagnostics of 125 mm barrel 2A46 and ramming devices of tank T-72 for use by technical logistic units in the Czech Republic Armed Forces

    Secure Naming and Addressing Operations for Store, Carry and Forward Networks

    Get PDF
    This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems

    Implementation of Secure DNP3 Architecture of SCADA System for Smart Grids

    Get PDF
    With the recent advances in the power grid system connecting to the internet, data sharing, and networking enables space for hackers to maliciously attack them based on their vulnerabilities. Vital stations in the smart grid are the generation, transmission, distribution, and customer substations are connected and controlled remotely by the network. Every substation is controlled by a Supervisory Control and Data Acquisition (SCADA) system which communicates on DNP3 protocol on Internet/IP which has many security vulnerabilities. This research will focus on Distributed Network Protocol (DNP3) communication which is used in the smart grid to communicate between the controller devices. We present the DNP3 SAv5 and design a secure architecture with Public Key Infrastructure (PKI) on Asymmetric key encryption using a Certificate Authority (CA). The testbed provides a design architecture between customer and distribution substation and illustrates the verification of the public certificate. We have added a layer of security by giving a password to a private key file to avoid physical tampering of the devices at the customer substations. The simulation results show that the secure communication on the TLS layer provides confidentiality, integrity, and availability

    Lights, Camera, Action! Exploring Effects of Visual Distractions on Completion of Security Tasks

    Full text link
    Human errors in performing security-critical tasks are typically blamed on the complexity of those tasks. However, such errors can also occur because of (possibly unexpected) sensory distractions. A sensory distraction that produces negative effects can be abused by the adversary that controls the environment. Meanwhile, a distraction with positive effects can be artificially introduced to improve user performance. The goal of this work is to explore the effects of visual stimuli on the performance of security-critical tasks. To this end, we experimented with a large number of subjects who were exposed to a range of unexpected visual stimuli while attempting to perform Bluetooth Pairing. Our results clearly demonstrate substantially increased task completion times and markedly lower task success rates. These negative effects are noteworthy, especially, when contrasted with prior results on audio distractions which had positive effects on performance of similar tasks. Experiments were conducted in a novel (fully automated and completely unattended) experimental environment. This yielded more uniform experiments, better scalability and significantly lower financial and logistical burdens. We discuss this experience, including benefits and limitations of the unattended automated experiment paradigm

    Hacking Health Care: Authentication Security in the Age of Meaningful Use

    Get PDF
    The rapid adoption of EHRs (Electronic Health Records), to store and communicate highly personal data, raises serious concerns in terms of privacy, security, and civil and criminal liability. This note will examine the current statutory framework for addressing electronic breaches in the health care context, examine the vulnerabilities of EHRs, and look to the established world of online banking for possible legislative and practical solutions to the challenge of keeping private health information private. Finally, this note will propose key amendments to the Health Insurance Portability and Accountability Act (HIPAA) regulations to enhance authentication security
    • 

    corecore