MoPS: A Modular Protection Scheme for Long-Term Storage

Current trends in technology, such as cloud computing, allow outsourcing the storage, backup, and archiving of data. This provides efficiency and flexibility, but also poses new risks for data security. It in particular became crucial to develop protection schemes that ensure security even in the long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic primitives. However, all current solutions fail to provide optimal performance for different application scenarios. Thus, in this work, we present MoPS, a modular protection scheme to ensure authenticity and integrity for data stored over long periods of time. MoPS does not come with any requirements regarding the storage architecture and can therefore be used together with existing archiving or storage systems. It supports a set of techniques which can be plugged together, combined, and migrated in order to create customized solutions that fulfill the requirements of different application scenarios in the best possible way. As a proof of concept we implemented MoPS and provide performance measurements. Furthermore, our implementation provides additional features, such as guidance for non-expert users and export functionalities for external verifiers.Comment: Original Publication (in the same form): ASIACCS 201

Authorised Translations of Electronic Documents

A concept is proposed to extend authorised translations of documents to electronically signed, digital documents. Central element of the solution is an electronic seal, embodied as an XML data structure, which attests to the correctness of the translation and the authorisation of the translator. The seal contains a digital signature binding together original and translated document, thus enabling forensic inspection and therefore legal security in the appropriation of the translation. Organisational aspects of possible implementation variants of electronic authorised translations are discussed and a realisation as a stand-alone web-service is presented.Comment: In: Peer-reviewed Proceedings of the Information Security South Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006, Sandton, South Afric

Biometric Standards Survey

This document presents a quick survey on the most important standards regarding biometric technologies, concentrating mainly in those concerning the smartcard environment

Strong Authentication for Web Services using Smartcards

The popularity of the Internet and the variety of services it provides has been immense. Unfortunately, many of these services require the user to register and subsequently login to the system in order to access them. This has resulted in the user having to remember a multitude of username and password combinations in order to use the service securely. However, literature has clearly demonstrated this is not an effective approach, as users will frequently choose simple passwords, write them down, share them or use the same password for multiple systems. This paper proposes a novel concept where Internet users authenticate to web services (service providers) by the use of a smartcard – taking away any requirement for the user to provide credentials. The smartcard is useful in this context as it is a trusted device that is capable of applying cryptography in a tamper resistant environment. The development of the concept is based upon an extension to Authentication Authorisation Infrastructure (AAI) models, where a trusted authority (Identity Provider) will provide and manage the smart card to end-users. In devices such as mobile phones, a smartcard is already present (e.g. the SIM) to facilitate this and it is envisaged such a card could also be produced for desktop environments – similarly to what many banks are currently implementing

Authentication of professionals in the RTS e-Health system

This paper describes the design and implementation of a PKI-based e-Health authentication architecture. This architecture was developed to authenticate e-Health Professionals accessing RTS (Rede Telemática da Saúde), a regional platform for sharing clinical data among a set of affiliated health institutions. The architecture had to accommodate specific RTS requirements, namely the security of Professionals' credentials, the mobility of Professionals, and the scalability to accommodate new health institutions. The adopted solution uses short lived certificates and cross-certification agreements between RTS and e-Health institutions for authenticating Professionals accessing the RTS. These certificates carry as well the Professional's role at their home institution for role-based authorization. Trust agreements between health institutions and RTS are necessary in order to make the certificates recognized by the RTS. As a proof of concept, a prototype was implemented with Windows technology. The presented authentication architecture is intended to be applied to other medical telematic systems

Towards Unified Tag Data Translation for the Internet of Things

International audienceFollowing the ``Internet of Things'' concept, each object will be associated with a unique identifier which will allow to retrieve information about it in large databases. In the process of retrieving information, this identifier (ID) may have to be translated into different formats (e.g. domain name style format for object name service query, binary, legacy,...). The Tag Data Translation (TDT) is responsible for the translation of IDs into these different formats. We propose a general TDT system which extends the standards of EPCGlobal which only targets Electronic Product Code (EPC). We integrate other RFID and smart cards standards (such as ISO 14443 and 15693) and GS1 standards which are more general as they also deal with bar code (EAN/UPC)

Assinaturas digitais utilizando KMIP via recursos nativos do navegador web

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Sistemas de Informação.Documentos assinados digitalmente têm sido utilizados em muitas transações eletrônicas por terem o mesmo valor legal que documentos assinados com próprio punho no Brasil. A realização destas assinaturas com o uso de certificados digitais armazenados em nuvem também possui validade jurídica segundo o órgão brasileiro regulamentador. Para tais assinaturas é necessário um número de identificação pessoal (PIN) - senha numérica que libera o uso da chave privada do assinante, mantido em um Hardware Security Module (HSM). O objetivo deste trabalho é a realização de assinaturas digitais utilizando somente recursos nativos do navegador Web. A viabilidade dessa comunicação direta, sem o tráfego do PIN por aplicações intermediárias, depende do suporte e limitações dos HSMs disponíveis no mercado aos protocolos existentes. Neste trabalho, em virtude de tais limitações, foi utilizado um servidor local intermediário para possibilitar a comunicação. Na fundamentação teórica deste trabalho é levantada a bibliografia utilizada para estudo dos conceitos relacionados ao tema. Em seguida, são apresentadas as tecnologias envolvidas para apresentação do protótipo desenvolvido. Por fim, os resultados referentes à validação de uso e análise de compatibilidade dos navegadores com o protótipo são mostrados, além dos resultados obtidos e propostas de novos estudos.Digitally signed documents have been used in many electronic transactions because they have the same legal value as self-signed documents in Brazil. The execution of these signatures using digital certificates stored in the cloud also has legal validity according to the Brazilian regulatory body. Such signatures require a personal identification number (PIN) - numeric password that releases the use of the subscriber's private key kept in a Hardware Security Module (HSM). The purpose of this paper is to make digital signatures using only native Web browser features. The feasibility of this direct communication, without PIN traffic by intermediate applications, depends on the support and limitations of commercially available HSMs to existing protocols. In this work, due to such limitations, an intermediate local server was used to enable communication. In the theoretical basis of this work is raised the bibliography used to study the concepts related to the theme. Then, the technologies involved for presenting the developed prototype are presented. Finally, the results regarding the use validation and compatibility analysis of the browsers with the prototype are shown, besides the obtained results and proposals of new studies