A Security Architecture for Protecting Dynamic Components of Mobile Agents
|
|
- Madison Daniel
- 8 years ago
- Views:
Transcription
1 A Security Architecture for Protecting Dynamic Components of Mobile Agents by Ming Yao Bachelor of Mechanical Engineering (Zhejiang University of Technology, China) Master of Information Technology (Queensland University of Technology, Australia) Thesis submitted in accordance with the regulations for Degree of Doctor of Philosophy Information Security Research Centre Faculty of Information Technology Queensland University of Technology November 2004
2 QUEENSLAND UNIVERSITY OF TECHNOLOGY DOCTOR OF PHILOSOPHY THESIS EXAMINATION CANDIDATE NAME: CENTRE/RESEARCH CONCENTRATION: PRINCIPAL SUPERVISOR: ASSOCIATE SUPERVISOR(S): THESIS TITLE: Ming Yao Information Security Research Centre Dr. Ernest Foo Professor Ed Dawson Associate Professor Paul Roe A Security Architecture for Protecting Dynamic Components of Mobile Agents Under the requirements of PhD regulation 9.2, the above candidate was examined orally by the Faculty. The members of the panel set up for this examination recommend that the thesis be accepted by the University and forwarded to the appointed Committee for examination. Name: Dr. Ernest Foo Signature Panel Chairperson (Principal Supervisor) Name: Signature Panel Member Name: Signature Panel Member Under the requirements of PhD regulation 9.15, it is hereby certified that the thesis of the above-named candidate has been examined. I recommend on behalf of the Thesis Examination Committee that the thesis be accepted in fulfilment of the conditions for the award of the degree of Doctor of Philosophy. Name Signature Date Chair of Examiners (Thesis Examination Committee) ii
3 Keywords Mobile agents, offer integrity, offer privacy, forward integrity, security architecture, modification attack, insertion attack, colluding servers attack, truncation attack, stemming attack, interleaving attack, hash chaining relationship, recoverable key commitment, joint keys. iii
4 iv
5 Abstract New techniques, languages and paradigms have facilitated the creation of distributed applications in several areas. Perhaps the most promising paradigm is the one that incorporates the mobile agent concept. A mobile agent in a largescale network can be viewed as a software program that travels through a heterogeneous network, crossing various security domains and executing autonomously in its destination. Mobile agent technology extends the traditional network communication model by including mobile processes, which can autonomously migrate to new remote servers. This basic idea results in numerous benefits including flexible, dynamic customisation of the behavior of clients and servers and robust interaction over unreliable networks. In spite of its advantages, widespread adoption of the mobile agent paradigm is being delayed due to various security concerns. Currently available mechanisms for reducing the security risks of this technology do not efficiently cover all the existing threats. Due to the characteristics of the mobile agent paradigm and the threats to which it is exposed, security mechanisms must be designed to protect both agent hosting servers and agents. Protection to agent-hosting servers security is a reasonably well researched issue, and many viable mechanisms have been developed to address it. Protecting agents is technically more challenging and solutions to do so are far less developed. The primary added complication is that, as an agent traverses multiple servers that are trusted to different degrees, the agent s owner has no control over the behaviors of the agent-hosting servers. Consequently the hosting servers can subvert the computation of the passing agent. Since it is infeasible to enforce the remote servers to enact the security policy that may prevent the server from corrupting agent s data, cryptographic mechanisms defined by the agent s owner may be one of the feasible solutions to protect agent s data. v
6 Hence the focus of this thesis is the development and deployment of cryptographic mechanisms for securing mobile agents in an open environment. Firstly, requirements for securing mobile agents data are presented. For a sound mobile agent application, the data in an agent that is collected from each visiting server must be provided integrity. In some applications where servers intend to keep anonymous and will reveal their identities only under certain circumstances, privacy is also necessitated. Aimed at these properties, four new schemes are designed to achieve different security levels: two schemes direct at preserving integrity for the agent s data, the other two focus on attaining data privacy. There are four new security techniques designed to support these new schemes. The first one is joint keys to discourage two servers from colluding to forge a victim server s signature. The second one is recoverable key commitment to enable detection of any illegal operation of hosting servers on an agent s data. The third one is conditionally anonymous digital signature schemes, utilising anonymous public-key certificates, to allow any server to digitally sign a document without leaking its identity. The fourth one is servers pseudonyms that are analogues of identities, to enable servers to be recognised as legitimate servers while their identities remain unknown to anyone. Pseudonyms can be deanonymised with the assistance of authorities. Apart from these new techniques, other mechanisms such as hash chaining relationship and mandatory verification process are adopted in the new schemes. To enable the inter-operability of these mechanisms, a security architecture is therefore developed to integrate compatible techniques to provide a generic solution for securing an agent s data. The architecture can be used independently of the particular mobile agent application under consideration. It can be used for guiding and supporting developers in the analysis of security issues during the design and implementation of services and applications based on mobile agents technology. vi
7 Contents Certificate Recommending Acceptance Keywords Abstract Declaration Previously Published Material Acknowledgements ii iii v xix xxi xxiii 1 Introduction Aims and Objectives Contributions and Achievements Outline of the Thesis Current Mobile Agent Systems, Applications and Their Issues From Code Mobility To Mobile Agents What Is a Mobile Agent? Mobile Agent Data Structure A Mobile Agent s Lifecycle and Its State Transition Diagram State 1: Create and Clone State 2: Execute State 3: Services Search State 4: Migrate State 5: Arrival State 6: Halt and Dispose vii
8 2.2.3 An Agent s Itinerary - Fixed Vs. Flexible Application Domains of Mobile Agents Distributed information retrieval Advanced telecommunication services Work management and cooperation Electronic commerce Existing Mobile Agent Architectures Ajanta SOMA Gypsy Known Attacks General Threats in a Mobile Agent System Threats to the Dynamic Data of An Agent Truncation Attacks Stemming attack Security Objectives Review of Mobile Agent Systems Security Common Security Techniques Protection of Agent Applet Firewall Code Obfuscation Computing with Encrypted Functions Proof Verification Fault Tolerance Investigation and Trust Building State Appraisal Forward Integrity Tamper Resistant Devices Detection of agent tampering Prevention of agent tampering Protection of Host Protecting A Mobile Agent s Data - State of Art Forward Integrity KAG Protocol Forward Privacy viii
9 2.8.4 Execution Integrity Execution Privacy Conclusion Security Architecture Security Requirements Participants Security Mechanisms Digital Signatures Hash Chaining Relationship Pseudonyms Single Hop Verification Integration System Setup Creation Execution Migration Agent s Return Security Analysis Integrity of the Dynamic Component Privacy of the Dynamic Component Extension to the Architecture - A Secure Client Agent Environment Background Web Server as Agent Provider Web Agents from Server Side Secure Client Agent Environment (SCAE) Agent Manager Platform for Agent Collaboration and Delegation Security of SCAE Use of Tamper-Resistant Hardware An Prototype Implementation: Hosting Multiple Agents in SCAE A Demonstrative Application of SCAE: e-sales A Case Study - Application of Agent Technology to Certificate Objects Background ix
10 3.7.2 Protection to Active Certificates Agents Principles to Protect the Host Principles to Protect the Certificate Conclusion Offer Integrity Security Requirements for Forward Integrity An Improved Forward Integrity Protocol OF Notations Participants Publicly Verifiable Signature Scheme using Split Knowledge (OF1) Security analysis Implementation of OF1 in.net Choosing.NET and C# as an Implementation Platform. 101 Implementing the Protocol Large Number Arithmetic Agent Support Performance Analysis Recoverable Key Commitment Technique OF Variations of Truncation Attack and Strong Truncation Resilience Notation Recoverable Key Commitment (RKC) Application of the RKC Technique Against Truncation Attack in Mobile Agents Participants How to Apply the RKC in OF Setup Creation Execution Migration Agent s return Security Analysis Comparison of OF1 and OF Conclusion x
11 5 Offer Privacy Some Known Attacks Security Requirements for Offer Privacy Providing Offer Privacy Using Group Signatures OP Notations Group Signature Scheme Overview of Scheme OP Participants How it works A New Hashed Chained Group Scheme (OP1) Security Analysis Offer Privacy Single Hop Verification Prevention of Known Attacks Conditionally Anonymous Digital Signatures OP Notations New Conditionally Anonymous Digital Signatures The Anonymous Public-Key Certificate Generation Conditionally Anonymous Digital Signatures Using Conditionally Anonymous Digital Signatures to Provide Offer Privacy OP Overview of OP Participants Chaining Relationship and Data Integrity Chained Signatures with Conditional Anonymity Security Analysis Offer Privacy Defense against some known attacks Comparison of OP1 and OP Conclusion Security Properties and Performance Analysis Security Properties Properties Provided by the Supporting Mechanisms Digital Signature Schemes Hash Chaining Relationship xi
12 Pseudonyms Single Hop Verification Joint Keys Recoverable Key Commitment (RKC) Conditional Anonymous Digital Signature (CADS) Security Properties Provided by OF1, OF2, OP1, OP Offer Integrity Offer Privacy Offer Confidentiality Offer Creator Non-repudiation Digital Signatures and Hash Chaining Relationship Hash Chaining Relationship Single Hop Verification Pseudonyms Conditionally Anonymous Digital Signatures (CADS) Recoverable key commitment (RKC) Defending Against Known Attacks Modification, Insertion and Deletion Truncation and Stemming Colluding Servers Attack Performance Analysis Classification of OF1, OF2, OP1 and OP Discussion of the Security Architecture Configuration Components Required by OF1, OF2, OP1 and OP Electronic Marketplace Implementation Issues Conclusion Conclusions and Future Work Summary of Contributions A Security Architecture Security Properties and Their Supporting Mechanisms Avenues for Future Work A Cryptographic Tools 203 A.1 ElGamal Signature Scheme A.2 Group Signatures xii
13 A.2.1 Ateniese s Group Signature SETUP JOIN SIGN VERIFY OPEN Bibliography 209 xiii
14 xiv
15 List of Figures 1.1 A Mobile Agent s Working Mechanism Topics Covered in the Thesis Regarding Mobile Agent Technology Dynamic component and static component in a mobile agent A mobile agent s life cycle A Mobile Agent State Transition Diagram A Simple Example of Itinerary for a Shopping Agent Truncation attack and stemming attack Categories of Security Mechanisms in Protecting Mobile Agents against Distrusted Hosts The KAG Protocol Participants in our architecture Generate a pseudonym D i for server S i Pull All the Components Together Security techniques integration in the architecture Trust Link Established through Security Servers User-Centred Agent Collaboration Trust Link Requirements in different Models Downloading and Installation of Web Agent Communication Among Agents Colluding servers attack on the KAG protocol (Black dots mean colluding servers) Architecture and its participants for OF The New Forward Integrity Scheme OF1 using Split-knowledge Architecture of OF1 Implementation Top-level C# APIs in the OF ElGamal encryption algorithm using the managed C++ LN wrapper107 xv
16 4.7 The LN Structure in the C version of the LN library API primitives for exponentiation in the C version of the LN library Architecture and its participants for OF The protocol using recoverable key commitment mechanism Architecture and its participants for OP Generate a pseudonym D i for server S i Hash chained group signature scheme: S 0 E-market gateway (EG) Hash chained group signature scheme: e-market gateway (EG) S Hash chained group signature scheme: S i S i+1 (1 i n) Comparison between a regular public key certificate and an anonymous public key certificate Applying Pseudonyms Protocol Obtaining Blind Signature on the Public Key Protocol Architecture and its participants for OP Chained Signatures with Conditional Anonymity Scheme: S 0 E-market gateway (EG) Chained Signatures with Conditional Anonymity Scheme: E-market gateway (EG) S Chained Signatures with Conditional Anonymity Scheme: S i S i+1 (1 i n) The Mobile Agent Topics Covered in This Thesis and Potential Topics For Future Research A.1 JOIN protocol xvi
17 List of Tables 2.1 Threats in the corresponding agent state A summary of the detection mechanisms A summary of the protection mechanisms Access Control List Yellow Page Notation used in OF1 ( 0 i n unless i is indicated) Comparison of the KAG protocol and OF1 upon security requirements Performance of Exponentiation in various big number libraries Notation used in this paper ( 0 i n unless i is indicated) Comparison of OF1 and OF2 on Security Properties Comparison of average computational cost of the KAG and OF1, OF Comparison of maximum communication cost of the KAG and OF1, OF Notations used in OP1 ( 0 i n unless i is indicated) Notation used in OP2 ( 0 i n unless i is indicated) Comparison of OP1 and OP2 on security properties Comparison of average computational cost of OP1, OP2 and the KAG Comparison of the maximum communicational cost of OP1, OP2 and the KAG Properties provided by the security techniques The techniques employed by the new schemes Properties of the new schemes xvii
18 6.4 Defense against known attacks of the new schemes Performance characteristics of the techniques employed in OF1, OF2, OP1 and OP Comparison of Average Computational Cost Comparison of Maximum Communicational Cost Examples of Communicational Costs Classification of the new schemes Participants and mechanisms in OF1, OF2, OP1 and OP External and internal trusted third parties in the architecture xviii
19 Declaration The work contained in this thesis has not been previously submitted for a degree or diploma at any higher education institution. To the best of my knowledge and belief, the thesis contains no material previously published or written by another person except where due reference is made. Signed: Date: xix
20 xx
21 Previously Published Material The following papers have been published or presented, and contain material based on the content of this thesis. [1] Selwyn Russell and Ming Yao. Application of agent technology to certificate objects. In In Proceedings of the 2002 Symposium on Cryptography and Information Security Shirahama (SCIS2000), Japan. The Institute of Electronics Information and Communication Engineers, [2] Richard Au, Ming Yao, Mark Looi, and Paul Ashley. Secure client agent environment (scae) for world wide web. In G. Quirchmayr K. Bauknecht, A. Min Tjoa, editor, Proceedings of 3rd International Conference on Electronic Commerce and Web Technologies (EC-WEB 2002), volume 2455 of Lecture Notes in Computer Science, pages Springer-Verlag, Berlin Heidelberg, [3] Richard Au, Ming Yao, and Mark Looi. Agent based privilege negotiation for e-commerce on the world wide web. In J. Manuel Cueva Lovelle, B. Martín González Rodríguez, L. Joyanes Aguilar, J. Emilio Labra Gayo, and M. del Puerto Paule Ruiz, editors, Proceedings of International Conference on Web Engineering (ICWE 2003), volume 2722 of Lecture Notes in Computer Science, pages 68 71, Oviedo, Spain, July Springer-Verlag, Berlin Heidelberg. [4] Richard Au, Ming Yao, and Mark Looi. Privilege negotiation agents for distributed authorisation on world wide web. In Proceedings of 2003 IEEE/WIC International Conference on Intelligent Agent Technology (IAT 2003), pages IEEE Computer Society, October [5] Ming Yao, Ernest Foo, Kun Peng, and Ed Dawson. An improved forward integrity protocol for mobile agents. In G. Goos, J. Hartmanis, and J. van xxi
22 Leeuwen, editors, Proceeding of the 4th International Workshop on Information Security Applications (WISA 2003), volume 2908 of Lecture Notes in Computer Science, pages , Jeju Island, Korea, Springer-Verlag, Berlin Heidelberg. [6] Ming Yao, Matt Henricksen, Ernest Foo, Greg Maitland, and Ed Dawson. A mobile agent system providing offer privacy. In H. Wang, J. Pieprzyk, and V. Varadharajan, editors, Proceedings of 9th Australian Conference on Information Security and Privacy (ACISP 2004), volume 3108 of Lecture Notes in Computer Science, pages , Sydney, Australia, July Springer-Verlag, Berlin Heidelberg. [7] Ming Yao, Matt Henricksen, Ernest Foo, and Ed Dawson. Secure architecture for protecting dynamic components of mobile agents. In M. Mohammadian, editor, Proceedings of International Conference on Intelligent Agents, Web Technology and Internet Commerce (IAWTIC 2004), pages , Gold Coast, Australia, July Springer-Verlag, Berlin Heidelberg. [8] Ming Yao, Matt Henricksen, Ernest Foo, and Ed Dawson. Offer privacy in mobile agents using conditionally anonymous digital signatures. In S. Katsikas, J. Lopez, and G. Pernul, editors, Proceedings of the 1st International Conference on Trust and Privacy in Digital Business (TrustBus 04), volume 3184, pages , Zaragoza, Spain, 30 August - 3 September Springer-Verlag, Berlin Heidelberg. [9] Ming Yao, Kun Peng, Matt Henricksen, Ernest Foo, and Ed Dawson. Using recoverable key commitment to defend against truncation attacks in mobile agents. In Proceedings of the 5th International Conference on Electronic Commerce and Web Technologies (EC-Web 2004), volume 3182, pages , Zaragoza, Spain, 30 August - 3 September Springer-Verlag, Berlin Heidelberg. [10] Matt Henricksen, Ming Yao, and Ernest Foo. An implementation of the yao forward integrity protocol for mobile agents. In E. Dawson and W. Klemm, editors, Proceedings of Workshop on Cryptographic Algorithms and their Uses, pages , Australia, 5-6 July Queensland University of Technology. xxii
23 Acknowledgements I have been saving the writing of this special part of my thesis until this moment in order to have some more time to contemplate the many important people who have somehow paved the way that led to this Ph.D. I am very grateful to Dr. Ernest Foo, Professor Ed Dawson, and Associate Professor Paul Roe, my academic supervisors, for your guidance, support, constructive criticism and gentle natures; and the confidence you have put in me. Without your encouragement, my Ph.D would be a much longer journey; I would probably have wandered in a desert without gaining any results. Many thanks to Mr. Matt Henricksen, the very important person to me, both as a friend and a mentor, for his selfless help in the last year of this Ph.D. Our joint work in implementing a mobile agent protocol is presented in Section Another major thanks goes to all my friends and peer students: Riza, Kun, Richard, Praveen, Raymond, Jaimee and many of others in the Information Security Research Centre. I could not have had more fun with you all while undertaking research. I especially want to thank Kun Peng, who is an excellent researcher and has inspired me along my Ph.D course. Kun Peng has worked with me in designing protocols for providing offer integrity, which has be included in Chapter 4. Many thanks to Richard Au for showing me the use of mobile agents and how to organise research results into a conference paper. We have had much work done together in applications of mobile agents that is described in Section 3.6. Finally I want to thank my family - dear Steve and my parents, who have been there for me at every moment. No one could have asked for a more loving and supportive family. I promise that I will spend more time with you from now on. I must have left out many people that I do remember and probably some that I have forgotten. If you are not here because I have forgotten you, I offer my heartfelt apologies. xxiii
24 xxiv
25 Chapter 1 Introduction In the course of Internet proliferation, many network related technologies are examined for possible growth and evolution. In the past, computation relied solely on large sophisticated devices. Those devices were sophisticated to reform all processes and sequentially return to the end users returned with processed data. As computing devices and their underlying networks kept on improving, computation was no longer dedicated to a few devices. Instead, computation became distributed. Proceeding along the line of distributed computing, three major technologies occurred. In historical order, they are message passing systems, remote procedure call (RPC), and distributed object systems [68]. The mechanisms in message passing systems are simple and literal: Programs reside on two ends, and communicate with each other by sending simple passive messages over the network. Message passing systems are the core of all network systems. Many Internet applications such as FTP, the Web, or are based on simple message passing. In remote procedure calls (RPC) [96], a program communicates with another program on the remote server by calling the functions provided by the remote server [75]. This is intended to be similar to the program calling a local function. Distributed objects work similarly to RPC, but with an object-oriented abstraction on top of the procedure calls. Instead of calling a predefined function, the remote party invokes the objects residing on the server, and therefore is able to access the properties and methods of the objects. However, those functions 1
26 2 Chapter 1. Introduction and objects are pre-defined and lack the flexibility for customisation. Mobile agents continued the line of evolution by introducing client customisation and autonomy. Autonomy makes a mobile agent a self-contained software entity. This is different from the approaches mentioned previously, whereby the software modules are maintained on the server side, and are kept as functions or objects in a loosely coupled setting. Mobile agents are programs, encapsulating code, data and execution state, enabled with certain properties to work on behalf of human users in a distributed heterogenous environment. The mobile agent firstly resides on a home machine, and is dispatched to a remote host for execution. The accommodating host provides a suitable runtime environment for mobile agents to execute. The mobile agent executes, collects host-specific information, and generates runtime states and variables ready to migrate to the second host in the itinerary. This process continues until the mobile agent returns home with useful information from the last host in the itinerary. The working mechanism of the mobile agent can be readily observed in the following Figure (#) *+, -. - / , 5 "#%$ 7 "! '& Figure 1.1: A Mobile Agent s Working Mechanism What makes the mobile agent different from ordinary software? To differentiate mobile agents from other pieces of ordinary software, we could specifically investigate the properties associated with mobile agents [37]. Although researchers do not come to a definitive characterization of mobile agents, their ideas converge to a certain extent. Mobile agents should be, at least, autonomous, adaptive and learning, and mobile to justify their name [94, 93]. Being autonomous, mobile agents can carry out some set of operations on behalf of the users but acting independently. It is meant that the operations done by mobile agents should best be transparent to the users, and the operations should be done on the interests of the users too. Being adaptive and learning, mobile agents can learn and
Secure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationADMINISTRATION AND CONFIGURATION OF HETEROGENEOUS NETWORKS USING AGLETS
ANNALS OF THE FACULTY OF ENGINEERING HUNEDOARA 2006, Tome IV, Fascicole 1, (ISSN 1584 2665) FACULTY OF ENGINEERING HUNEDOARA, 5, REVOLUTIEI, 331128, HUNEDOARA ADMINISTRATION AND CONFIGURATION OF HETEROGENEOUS
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationElectronic Payment Schemes Guidelines
BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationAppFabric. Pro Windows Server. Stephen Kaufman. Danny Garber. Apress. INFORMATIONSBIBLIOTHbK TECHNISCHE. U N! V En SIT AT S R!
Pro Windows Server AppFabric Stephen Kaufman Danny Garber Apress TECHNISCHE INFORMATIONSBIBLIOTHbK T1B/UB Hannover 133 294 706 U N! V En SIT AT S R! B L' OT H E K HANNOVER Contents it Contents at a Glance
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationAn Intelligent Approach for Integrity of Heterogeneous and Distributed Databases Systems based on Mobile Agents
An Intelligent Approach for Integrity of Heterogeneous and Distributed Databases Systems based on Mobile Agents M. Anber and O. Badawy Department of Computer Engineering, Arab Academy for Science and Technology
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationLIST OF FIGURES. Figure No. Caption Page No.
LIST OF FIGURES Figure No. Caption Page No. Figure 1.1 A Cellular Network.. 2 Figure 1.2 A Mobile Ad hoc Network... 2 Figure 1.3 Classifications of Threats. 10 Figure 1.4 Classification of Different QoS
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationMS Information Security (MSIS)
MS Information Security (MSIS) Riphah Institute of Systems Engineering (RISE) Riphah International University, Islamabad, Pakistan 1. Program Overview: The program aims to develop core competencies in
More informationHow To Manage Web Content Management System (Wcm)
WEB CONTENT MANAGEMENT SYSTEM February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationChapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory
There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationCHAPTER THREE, Network Services Management Framework
CHAPTER THREE, Acronyms and Terms 3-3 List of Figures 3-4 1 Introduction 3-5 2 Architecture 3-6 2.1 Entity Identification & Addressing 3-7 2.2 Management Domain Registration and Information Service 3-7
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For
More informationDigital Watermark Mobile Agents *
Digital Watermark Mobile Agents * Jian Zhao and Chenghui Luo Fraunhofer Center for Research in Computer Graphics, Inc. 321 South Main Street Providence, RI 02903 Abstract Digital watermarking has emerged
More informationPeer-to-peer Cooperative Backup System
Peer-to-peer Cooperative Backup System Sameh Elnikety Mark Lillibridge Mike Burrows Rice University Compaq SRC Microsoft Research Abstract This paper presents the design and implementation of a novel backup
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationAnalysis of E-Commerce Security Protocols SSL and SET
Analysis of E-Commerce Security Protocols SSL and SET Neetu Kawatra, Vijay Kumar Dept. of Computer Science Guru Nanak Khalsa College Karnal India ABSTRACT Today is the era of information technology. E-commerce
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationKeywords: mobile agents, supply chain management, industrial application.
A Shipment Tracking System using Wireless technology and Mobile agents Mei-Ling L. Liu, Alfredo Macias, Thuan Ngo Computer Science Department, California Polytechnic State University, San Luis Obispo mliu@csc.calpoly.edu
More informationTechnical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More informationEnterprise K12 Network Security Policy
Enterprise K12 Network Security Policy I. Introduction The K12 State Wide Network was established by MDE and ITS to provide a private network infrastructure for the public K12 educational community. Therefore,
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More information15 Organisation/ICT/02/01/15 Back- up
15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional
More informationA Review of Web Application Security for Preventing Cyber Crimes
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 7 (2014), pp. 699-704 International Research Publications House http://www. irphouse.com A Review of Web Application
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationPrivyLink Internet Application Security Environment *
WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.
More informationCHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL
CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL This chapter is to introduce the client-server model and its role in the development of distributed network systems. The chapter
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationDigital Records Preservation Procedure No.: 6701 PR2
Digital Records Preservation Procedure No.: 6701 PR2 Policy Reference: Category: Department Responsible: Current Approved Date: 6700 Records Management Information Management Records Management and Privacy
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationSINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT
SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur
More informationComparing Two Models of Distributed Denial of Service (DDoS) Defences
Comparing Two Models of Distributed Denial of Service (DDoS) Defences Siriwat Karndacharuk Computer Science Department The University of Auckland Email: skar018@ec.auckland.ac.nz Abstract A Controller-Agent
More informationRegulation On Attainment of Doctor of Sciences Degree at SEEU (PhD)
According to article 118 of the Law on Higher Education of Republic of Macedonia; articles 60, 68 and 69 of SEEU statute ; based on decision of Council of Teaching and Science of SEEU of date April 12th
More informationIndex Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.
Volume 3, Issue 5, May 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Privacy - Preserving
More informationCALIFORNIA SOFTWARE LABS
; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite
More informationMEng, BSc Applied Computer Science
School of Computing FACULTY OF ENGINEERING MEng, BSc Applied Computer Science Year 1 COMP1212 Computer Processor Effective programming depends on understanding not only how to give a machine instructions
More informationSecure Network Monitoring System using Mobile Agent
1 Secure Network Monitoring System using Mobile Agent G. M. Gaikwad 1, A. M. Kanthe 2, M. S. Chaudhari 3 1,2,3 Department of Computer Engg. Sinhgad Institute of Technology, Lonavala (India) 1 gmgaikwad@gmail.com
More informationBANKING SECURITY and COMPLIANCE
BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions
More informationWHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email
WHITE PAPER Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email EXECUTIVE SUMMARY Data Loss Prevention (DLP) monitoring products have greatly
More informationNotes on Network Security - Introduction
Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network
More informationAn Electronic Voting System Based On Blind Signature Protocol
CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationDesigning and Coding Secure Systems
Designing and Coding Secure Systems Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class covers secure coding and some design issues from a language neutral approach you can
More informationData Storage Security in Cloud Computing
Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT
More informationSecure Data transfer in Cloud Storage Systems using Dynamic Tokens.
Secure Data transfer in Cloud Storage Systems using Dynamic Tokens. P.Srinivas *,K. Rajesh Kumar # M.Tech Student (CSE), Assoc. Professor *Department of Computer Science (CSE), Swarnandhra College of Engineering
More informationTechnical Proposition. Security
Technical Proposition ADAM Software NV The global provider of media workflow and marketing technology software ADAM Software NV adamsoftware.net info@adamsoftware.net Why Read this Technical Proposition?
More informationUsing EMV Cards to Protect E-commerce Transactions
Using EMV Cards to Protect E-commerce Transactions Vorapranee Khu-Smith and Chris J. Mitchell Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, United Kingdom {V.Khu-Smith,
More informationDigital Watermark Mobile Agents
In: Proc. of the 22 nd National Information System Security Conference Hyatt Regency, Crystal City, VA October 18-21, 1999 Digital Watermark Mobile Agents Jian Zhao and Chenghui Luo Fraunhofer Center for
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationTELECOMMUNICATION NETWORKS
THE USE OF INFORMATION TECHNOLOGY STANDARDS TO SECURE TELECOMMUNICATION NETWORKS John Snare * Manager Telematic and Security Systems Section Telecom Australia Research Laboratories Victoria TELECOMMUNICATIONS
More informationon the transfer of personal data from the European Union
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
More informationCPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT
26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More information"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
More informationKeywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption
Partitioning Data and Domain Integrity Checking for Storage - Improving Cloud Storage Security Using Data Partitioning Technique Santosh Jogade *, Ravi Sharma, Prof. Rajani Kadam Department Of Computer
More informationBest Practices for Network Security. Name. University/College. Unit Name. Unit Code. Lecturer
1 Best Practices for Network Security Name University/College Unit Name Unit Code Lecturer 27 March 2014 2 Outline Introduction...3 Developing Network Security Best Practices...5 I. The Pillars of network
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationTestimony of. Patrick Heim. Chief Information Security Officer. on behalf of the. Kaiser Permanente Medical Care Program
Testimony of Patrick Heim Chief Information Security Officer on behalf of the Kaiser Permanente Medical Care Program Clinical Operations Workgroup Medical Device Hearing March 28, 2011 1 Good afternoon
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationDepartment of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus
Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems
More informationA Proxy-Based Data Security Solution in Mobile Cloud
, pp. 77-84 http://dx.doi.org/10.14257/ijsia.2015.9.5.08 A Proxy-Based Data Security Solution in Mobile Cloud Xiaojun Yu 1,2 and Qiaoyan Wen 1 1 State Key Laboratory of Networking and Switching Technology,
More informationMarch 2005. PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools
March 2005 PGP White Paper Transport Layer Security (TLS) & Encryption: Complementary Security Tools PGP White Paper TLS & Encryption 1 Table of Contents INTRODUCTION... 2 HISTORY OF TRANSPORT LAYER SECURITY...
More informationInformation Security at ETH Zurich Institute of Information Security at ETH Zurich Zurich Information Security and Privacy Center
Information Security at ETH Zurich Institute of Information Security at ETH Zurich Zurich Information Security and Privacy Center Department of Computer Science Introduction Our society is undergoing a
More information