Lecture 12: M.Sc. Project Overview

Security for Open Distributed Systems 1 1 Prof. Sead Muftic Lecture 12: M.Sc. Project Overview Security for Cloud and Mobile Environments

Cloud Access Points Communication and Applications 2 User Wi-Fi App-1 Internet User CAP AAP App-2 User 3G/4G Web

Cloud Security Components 3 IDMS PDP CA User Wi-Fi Internet App-1 User CAP/FW SAP AAP User 3G/4G App-2 CAP/FW Cloud Access Point / Firewall SAP Security Access Point (Portal Security ) AAP Application Access Point (Cloud Portal) IDMS Identity Management PDP Policy Decision Point CA Certification Authority

OpenStack Architecture 4

Central and Portal Security s 5 Central Security Security Cloud Station Web IDMS PACS CA Smart Cards SAML / PDP Cards Station Card Auth Portal Portal Station Internet Portal Security Internet Web / Portal A-1 Internet Web PEP VPN A-2 User Cloud Station Proxy Web / Portal A-3

M.Sc. Projects 6 Central Security Security Central Station Web IDMS PACS CA Smart Cards SAML / PDP Cards Station Card Auth Central Security (Home Page) Group 1: Cloud Security Management (Chenchen) Sanjaya: Security istration of the OpenStack Security Platform Arunendra: Secure IDMS for Financial Transactions in a Cloud Environment Davit: Secure Web Services for istration of Cloud Security s

Secure Cloud Applications Mail, Web, Documents 7 Portal Security Mail / Web Portal Mail Internet Web PEP VPN Web User Portal Station Proxy Web / Portal Doc Portal Security (Home Page)

Secure Cloud Applications SAFE System 8 SAFE System Internet Network Customer Browser Access SAFE Web Bank IT Bank Accounts DB Customer Merchant SMS SMS Gateway SAFE Communication SAFE Payments Mobile Accounts DB GPRS GSM/3G Network System Agent System SAFE Station Credit Card Credit Card Accounts DB

M.Sc. Projects 9 GSM/CDMA Network Customer SAFE Wallet Portal Security Mail / Web Portal Mail Internet Web PEP VPN Web User Portal Station Proxy Web / Portal Doc Group 2: Secure Cloud Applications (Ghafoor) Bibesh: Secure Cloud Client based on Smart Cards Daniel: Secure E mail and Secure Web in a Cloud Environment Natan: Secure Files/Documents Sharing System in a Cloud Environment (Ikram: Secure SEPA Web and Smart Card Clients) Feng: (Ph.D.) Secure SoA for Financial Environments

Hierarchical SEPA Security System 1 0 National SEPA Nat X-BIC Nat SEPA Station BIC DB Security Card SEPA Info X-Bank Interface X-Bank Transactions X-Bank Transactions Bank SEPA Bank SEPA DB DB Web Info Web Info Bank Interface Bank Interface

SEPA Cloud and Portals 11 Bank SEPA Portal Security DB Portal Portal Station Web PEP VPN Bank Interface Web Info Cloud Security Cloud Station Cloud Sec Proxy Bank SEPA Portal Security DB Portal Portal Station SEPA Cloud (Home Page) Web PEP VPN Bank Interface Web Info SEPA Portal (Home Page) Proxy

SEPA Clients Mobile, Web and Smart Cards 1 2 Bank SEPA Portal Security DB Web Info SEPA Customer SEPA Web Wallet Web PEP VPN Bank Interface SEPA SC Wallet Cloud Sec Proxy Portal Security Bank SEPA DB SEPA Customer SEPA Mobile Wallet SEPA Merchant SEPA Mobile Merchant Web PEP VPN Bank Interface Web Info SEPA SC Wallet SEPA POS Device Proxy

SEPA Mobile Wallet 1 3!

SEPA Payment Card 1 4 Soles Movil

SAFE / SEPA / PIV Card and Mobile Phone 1 5 Soles Movil!

M.Sc. Projects 1 6 Bank SEPA Portal Security DB Web Info SEPA Customer SEPA Web Wallet Web PEP VPN Bank Interface SEPA SC Wallet Cloud Sec Proxy SEPA Customer SEPA Mobile Wallet SEPA SC Wallet SEPA Merchant SEPA Mobile Merchant SEPA POS Device Group 3: Secure Financial Transactions (Feng) Salman: Secure SEPA Financial s Hafiz: Secure SEPA Cloud and Portals Web s Ikram: Secure SEPA Web and Smart Card Clients Mohammad: Secure SEPA Mobile Clients Feng: (Ph.D.): SAFE User / Web Services

Secure Messages for Mobile Applications 1 7 GSM Network SMS SAFE Gateway SAFE Bank Bank IT Clear Clear Protected (RSA) SAFE to Bank Protected (RSA) Protected (AES) Wallet to Bank (AES Shared key) Protected (AES) Thin / USSD Wallet Protected (RSA) Wallet to Bank (RSA Certificates) Protected (RSA) Thick Wallet

Trusted Stack 1 8 Cloud 4 Secure Mobile Applications 5 3G/GPRS Network Comm Switch 6 Service Switch Service Provider 7 Internet Network 3 Security Middleware Trusted Stack 2 Applets 2 Applets 7 6 5 Services Switches Communications 4 M Appl 1 3 Middleware 2 Applets microsd Card SIM/UICC Chip Smart Cards 1 Chip (SE)

Secure Managements of UICC Modules 1 9

M.Sc. Projects 2 0 TSM OTA 3G/GPRS Network Comm Switch Service Switch Service Provider! NFC SEPA POS Device Protected (RSA) Phone to (RSA Certificates) Protected (RSA) Group 4: Secure Mobile Transactions (Hao) Dana: Security OTA Provisioning of Mobile Applications Girmay: Security of Mobile Applications based on Smart Cards Majid: Security Services for Mobile Applications Hao: (Ph.D.) Security Aspects for UICC Modules and Applications Pasquale: (Ph.D.) Trusted Stack

Secure Mobile POS Applications 2 1 Merchant 2 7 Receipt 1 PoS Device 6 Payments Wi-Fi NFC 3 4 SAFE System 5 Customer SAFE Communication 4 SAFE Payments Mobile Accounts DB 5

Secure Mobile Medical Applications 2 2

Secure Mobile Commerce Applications 2 3 SAFE System Internet Network Customer Ticketing Web 1 Ticketing Messages: 1 1 Theater enters ticket into in the system 2 3 4 Customer searches for tickets Customer orders tickets Customer pays tickets 2 Events DB Tickets DB SAFE Tickets 4 Ticketing Station GSM/CDMA Network 3 SAFE Gateway SAFE Payments Customer Accounts DB

M.Sc. Projects 2 4 Group 5: Secure Mobile Applications (Aron) Kazi: Security Mobile POS System Zepu: Security Mobile System for Motor Vehicles Sabina: Secure Healthcare Applications for Mobile Devices! Aron: (Ph.D.) Security System for m Commerce Environments Ioannis: (Ph.D.) Privacy and Protection of Citizens in Mobile Environments

Sky and Clouds Home Pages 2 5 Dimensions and Sizes 218 x 88 560 x 88 218 x 88 Banner Security istration

Sky and Clouds Home Pages 2 6 Selection of Applications Users Sky / Cloud Logo Cloud Providers SEPA SAFE Applications Healthcare Sky / Clouds Portal Banner Promotion Area Information Area Security istration News, Info, Documents Web Design Tool: CMS Made Easy

Portals Home Pages 2 7 Security istration istrators Security istration Platforms Identities Certificates Smart Cards Authentication Authorization Provider s Portal Group 1 Group 2 Group 3 Group 4 Function 1.1 Function 1.2 Function 1.3 Function 1.4 Forms Area Display Area Portal Logo News, Info, Documents

Web Services Team 2 8 Web Services Group: Secure Web Services Hafiz: Secure SEPA Cloud and Portals Web Services Template Sanjaya: Web services for OpenStack istrators Arunendra: Web services for Security Providers istrators Davit: Web services for Security Providers istrators Natan, Daniel: Web services for Secure Applications istrators and Users Salman: Web services for SEPA Financial s istrators Ikram: Web services for SEPA Web Users Feng: Web services for SAFE istrators and Users

SecLab Security Architecture 2 9 130.237.215.216 Portal Security 130.237.215.216 Central / Shared Security Provider SSP Cloud Broker and SSP Web PEP IDMS CA SAML / PDP Station SSP Auth 130.237.20.77 HA Cloud Security 130.237.215.17 HA Cloud Platform Cloud Mail SAFE Enterprise Cloud /Users Web PEP Virtual s Web Doc SEPA 130.237.215.16 130.237.215.18 Appl s MLA Cloud Security MLA Cloud Platform Mail SAFE User Cloud /Users Web PEP Virtual s Web Doc SEPA

Sec Broker HP: Selection of User Applications and Sec 3 0 130.237.215.216 (Portal for Central Security ) Enterprise Appl s Secure Applications Home Architecture Security Applications User Cloud Secure E-mail Cloud Secure Web Cloud Secure Documents Cloud Secure Banking Cloud Secure Mobile Create Cloud Flash Area List of standard configurations (Configure, calculate, create) Link to Secure or Public Cloud

Sec Broker: Create Cloud Computer 3 1 130.237.215.216 (Portal for Central Security ) Create Cloud SERVER TYPE Memory Clock Disk Network OS Price -- [ ] Small 2GB [ ] 2MHz [ ] 100GB [ ] 10Mb/sec [ ] Win 2008 [ ] $ 100 [ ] Medium 3GB [ ] 3MHz [ ] 200GB [ ] 20Mb/sec [ ] Win 2008 [ ] $ 200 Enterprise [ ] Large 4GB [ ] 4MHz [ ] 400GB [ ] 50Mb/sec [ ] Win 2008 [ ] $ 300 [ ] Super 16GB [ ] 8MHz [ ] 1TB [ ] 100Mb/sec [ ] Win 2008 [ ] $ 500 [ ] High Assurance Security [ ] Medium Assurance Security [ ] Low Assurance Security (PIV Smart Cards) (Software Certificates) (Password) Create Cancel

Cloud s istration HP 3 2 130.237.215.216 (Portal for Central Security ) Cloud s istration Enterprise Secure Cloud s (List all Virtual s created by Create Cloud and select one to administer it) Appl s Secure Applications (List all Virtual s created by Create Cloud and select one. Then list all applications on that server. Select one to administer it) After selecting Virtual (by Enterprise ) or Secure Application (by Applications ) the system will transfer Ent or Appl to the s HP or Application HP located on Portals for HA Cloud (20.77) or for MLA Cloud (16). These HP are missing, must be created by Sanjaya and Appl Developers.

Sec HP: Sec Providers and Selection of Clouds 3 3 130.237.215.216/Sec (Portal for Central Security ) Security Providers istration Security Providers Identities Provider PKI/Certificates SSP PIV Smart Cards PIV Authentication PIV Authorization Secure Clouds Cloud SecLab Cloud Public Clouds SecLab Cloud Secure Cloud Home Page (20.77) Public Cloud Home Page (16)

Secure Cloud HP 3 4 130.237.20.77/Sec (Portal for Secure Cloud) Secure Platform Secure Cloud istration Cloud End-point Services Images Tenants and users Monitoring (Log) Networking / Firewall Certificates

Public Cloud HP 3 5 130.237.215.16/Sec (Portal for Public Cloud) Public Platform Public Cloud istration Cloud End-point Services Images Tenants and users Monitoring (Log) Networking / Firewall Certificates

Cloud Secure E-Mail Application 3 6 130.237.215.17/Secure_EMail (Secure Cloud) Secure E-mail Secure E-Mail Read Write Address Book Security Inbox User Outbox Drafts Junk Trash

Security for Open Distributed Systems 37 3 7 Prof. Sead Muftic Lecture 12: M.Sc. Project Overview Security for Cloud and Mobile Environments