| 1. |
|
|
| 2. |
- Abbasi, Abdul, 1977-, et al.
(författare)
-
CryptoNET : integrated secure workstation
- 2009
-
Ingår i: International Journal of Advanced Science and Technology. - Korea, S. : Science and Engineering Research Support Society. - 2005-4238. ; 12
-
Tidskriftsartikel (refereegranskat)abstract
- In most of the current applications security is usually provided individually. This means that various applications use their own security mechanisms and services, applied only to their own resources and functions. Furthermore, procedures to configure security parameters are usually inconvenient and complicated for non-technical users. As an alternative to this approach, we have designed and implemented Secure Workstation, which represents an integrated security environment and protects local IT resources, messages and operations across multiple applications. It comprises five components, i.e. four most commonly used PC applications: Secure Station Manager (equivalent to Windows Explorer), Secure E-Mail Client, Secure Documents System, and Secure Browser. These four components for their security extensions use functions and credentials of the fifth component, Generic Security Provider [5]. With this approach, we provide standard security services (authentication, confidentiality, and integrity and access control) and also additional, extended security services, such as transparent handling of certificates, use of smart cards, strong authentication protocol, SAML based single-singe-on, secure sessions, and other security functions, to all PC applications with the same set of security modules and parameters.
|
|
| 3. |
|
|
| 4. |
|
|
| 5. |
- Abbasi, A. G., et al.
(författare)
-
A model and design of a security provider for Java applications
- 2009
-
Ingår i: International Conference for Internet Technology and Secured Transactions, ICITST 2009. - : IEEE. - 9781424456482 ; , s. 5402592-
-
Konferensbidrag (refereegranskat)abstract
- The model and design of a generic security provider provides a comprehensive set of security services, mechanisms, encapsulation methods, and security protocols for Java applications. The model is structured in four layers; each layer provides services to the upper layer and the top layer provide services to applications. The services reflect security requirements derived from a wide range of applications; from small desktop applications to large distributed enterprise environments. Based on the abstract model, this paper describes design and implementation of an instance of the provider comprising various generic security modules: symmetric key cryptography, asymmetric key cryptography, hashing, encapsulation, certificates management, creation and verification of signatures, and various network security protocols. This paper also describes the properties extensibility, flexibility, abstraction, and compatibility of the Java Security Provider.
|
|
| 6. |
- Abbasi, A. G., et al.
(författare)
-
CryptoNET : A model of generic security provider
- 2010
-
Ingår i: International Journal of Internet Technology and Secured Transactions. - 1748-569X .- 1748-5703. ; 2:3-4, s. 321-335
-
Tidskriftsartikel (refereegranskat)abstract
- The model and design of a generic security provider provides a comprehensive set of security services, mechanisms, encapsulation methods, and security protocols for Java applications. The model is structured in four layers; each layer provides services to the upper layer and the top layer provide services to applications. The services reflect security requirements derived from a wide range of applications; from small desktop applications to large distributed enterprise environments. Based on the abstract model, this paper describes design and implementation of an instance of the provider comprising various generic security modules: symmetric key cryptography, asymmetric key cryptography, hashing, encapsulation, certificates management, creation and verification of signatures, and various network security protocols. This paper also describes the properties for extensibility, flexibility, abstraction, and compatibility of the Java security provider.
|
|
| 7. |
- Abbasi, A. G., et al.
(författare)
-
CryptoNET : Secure federation protocol and authorization policies for SMI
- 2009
-
Ingår i: Post-Proceedings of the 4th International Conference on Risks and Security of Internet and Systems, CRiSIS 2009. - 9781424444991 ; , s. 19-25
-
Konferensbidrag (refereegranskat)abstract
- The paper describes a protocol for Secure E-Mail Infrastructure for establishing trust between different domains in order to protect mail servers from spam messages. The protocol uses messages for trusted interactions between intra and inter E-mail domain components, Secure E-mail (SEM) servers and Secure Mail Infrastructure (SMI) servers. In addition, the protocol validates E-mail addresses thus guaranteeing to the recipient that the E-mail is coming from a trusted domain. We also use XACML-based authorization policies at the sending and receiving servers, enforced by associated Policy Enforcement Point (PEP) servers at SEM servers, in order to provide a complete protection against spam.
|
|
| 8. |
- Abbasi, Abdul Ghafoor, et al.
(författare)
-
CryptoNET : Security Management Protocols
- 2010
-
Ingår i: ADVANCES IN DATA NETWORKS, COMMUNICATIONS, COMPUTERS. - ATHENS : WORLD SCIENTIFIC AND ENGINEERING ACAD AND SOC. - 9789604742455 ; , s. 15-20
-
Konferensbidrag (refereegranskat)abstract
- In this paper we describe several network security protocols used by various components of CryptoNET architecture. The protocols are based on the concept of generic security objects and on well-established security standards and technologies. Distinctive features of our security protocols are: (1) they are complete in terms of their functionality, (2) they are easy to integrate with applications, (3) they transparently handle security credentials and protocol-specific attributes using FIPS 201 (PIV) smart cards, and (4) they are based on generic security objects. These protocols are: remote user authentication protocol, single-sign-on protocol, SAML authorization protocol, and secure sessions protocol. Security protocols use our Security Provider as a collection of cryptographic engines implemented either in software or using FIPS 201 (NV) smart cards. It also manages protocols' attributes using security applets stored in Ply smart card.
|
|
| 9. |
- Abbasi, Abdul Ghafoor, 1977-
(författare)
-
CryptoNET : Generic Security Framework for Cloud Computing Environments
- 2011
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The area of this research is security in distributed environment such as cloud computing and network applications. Specific focus was design and implementation of high assurance network environment, comprising various secure and security-enhanced applications. “High Assurance” means that - our system is guaranteed to be secure, - it is verifiable to provide the complete set of security services, - we prove that it always functions correctly, and - we justify our claim that it can not be compromised without user neglect and/or consent. We do not know of any equivalent research results or even commercial security systems with such properties. Based on that, we claim several significant research and also development contributions to the state–of–art of computer networks security. In the last two decades there were many activities and contributions to protect data, messages and other resources in computer networks, to provide privacy of users, reliability, availability and integrity of resources, and to provide other security properties for network environments and applications. Governments, international organizations, private companies and individuals are investing a great deal of time, efforts and budgets to install and use various security products and solutions. However, in spite of all these needs, activities, on-going efforts, and all current solutions, it is general belief that the security in today networks and applications is not adequate. At the moment there are two general approaches to network application’s security. One approach is to enforce isolation of users, network resources, and applications. In this category we have solutions like firewalls, intrusion–detection systems, port scanners, spam filters, virus detection and elimination tools, etc. The goal is to protect resources and applications by isolation after their installation in the operational environment. The second approach is to apply methodology, tools and security solutions already in the process of creating network applications. This approach includes methodologies for secure software design, ready–made security modules and libraries, rules for software development process, and formal and strict testing procedures. The goal is to create secure applications even before their operational deployment. Current experience clearly shows that both approaches failed to provide an adequate level of security, where users would be guaranteed to deploy and use secure, reliable and trusted network applications. Therefore, in the current situation, it is obvious that a new approach and a new thinking towards creating strongly protected and guaranteed secure network environments and applications are needed. Therefore, in our research we have taken an approach completely different from the two mentioned above. Our first principle is to use cryptographic protection of all application resources. Based on this principle, in our system data in local files and database tables are encrypted, messages and control parameters are encrypted, and even software modules are encrypted. The principle is that if all resources of an application are always encrypted, i.e. “enveloped in a cryptographic shield”, then - its software modules are not vulnerable to malware and viruses, - its data are not vulnerable to illegal reading and theft, - all messages exchanged in a networking environment are strongly protected, and - all other resources of an application are also strongly protected. Thus, we strongly protect applications and their resources before they are installed, after they are deployed, and also all the time during their use. Furthermore, our methodology to create such systems and to apply total cryptographic protection was based on the design of security components in the form of generic security objects. First, each of those objects – data object or functional object, is itself encrypted. If an object is a data object, representing a file, database table, communication message, etc., its encryption means that its data are protected all the time. If an object is a functional object, like cryptographic mechanisms, encapsulation module, etc., this principle means that its code cannot be damaged by malware. Protected functional objects are decrypted only on the fly, before being loaded into main memory for execution. Each of our objects is complete in terms of its content (data objects) and its functionality (functional objects), each supports multiple functional alternatives, they all provide transparent handling of security credentials and management of security attributes, and they are easy to integrate with individual applications. In addition, each object is designed and implemented using well-established security standards and technologies, so the complete system, created as a combination of those objects, is itself compliant with security standards and, therefore, interoperable with exiting security systems. By applying our methodology, we first designed enabling components for our security system. They are collections of simple and composite objects that also mutually interact in order to provide various security services. The enabling components of our system are: Security Provider, Security Protocols, Generic Security Server, Security SDKs, and Secure Execution Environment. They are all mainly engine components of our security system and they provide the same set of cryptographic and network security services to all other security–enhanced applications. Furthermore, for our individual security objects and also for larger security systems, in order to prove their structural and functional correctness, we applied deductive scheme for verification and validation of security systems. We used the following principle: “if individual objects are verified and proven to be secure, if their instantiation, combination and operations are secure, and if protocols between them are secure, then the complete system, created from such objects, is also verifiably secure”. Data and attributes of each object are protected and secure, and they can only be accessed by authenticated and authorized users in a secure way. This means that structural security properties of objects, upon their installation, can be verified. In addition, each object is maintained and manipulated within our secure environment so each object is protected and secure in all its states, even after its closing state, because the original objects are encrypted and their data and states stored in a database or in files are also protected. Formal validation of our approach and our methodology is performed using Threat Model. We analyzed our generic security objects individually and identified various potential threats for their data, attributes, actions, and various states. We also evaluated behavior of each object against potential threats and established that our approach provides better protection than some alternative solutions against various threats mentioned. In addition, we applied threat model to our composite generic security objects and secure network applications and we proved that deductive approach provides better methodology for designing and developing secure network applications. We also quantitatively evaluated the performance of our generic security objects and found that the system developed using our methodology performs cryptographic functions efficiently. We have also solved some additional important aspects required for the full scope of security services for network applications and cloud environment: manipulation and management of cryptographic keys, execution of encrypted software, and even secure and controlled collaboration of our encrypted applications in cloud computing environments. During our research we have created the set of development tools and also a development methodology which can be used to create cryptographically protected applications. The same resources and tools are also used as a run–time supporting environment for execution of our secure applications. Such total cryptographic protection system for design, development and run–time of secure network applications we call CryptoNET system. CrytpoNET security system is structured in the form of components categorized in three groups: Integrated Secure Workstation, Secure Application Servers, and Security Management Infrastructure Servers. Furthermore, our enabling components provide the same set of security services to all components of the CryptoNET system. Integrated Secure Workstation is designed and implemented in the form of a collaborative secure environment for users. It protects local IT resources, messages and operations for multiple applications. It comprises four most commonly used PC applications as client components: Secure Station Manager (equivalent to Windows Explorer), Secure E-Mail Client, Secure Web Browser, and Secure Documents Manager. These four client components for their security extensions use functions and credentials of the enabling components in order to provide standard security services (authentication, confidentiality, integrity and access control) and also additional, extended security services, such as transparent handling of certificates, use of smart cards, Strong Authentication protocol, Security Assertion Markup Language (SAML) based Single-Sign-On protocol, secure sessions, and other security functions. Secure Application Servers are components of our secure network applications: Secure E-Mail Server, Secure Web Server, Secure Library Server, and Secure Software Distribution Server. These servers provide application-specific services to client components. Some of the common security services provided by Secure A
|
|
| 10. |
- Abbasi, Abdul Ghafoor, et al.
(författare)
-
Security extensions of windows environment based on FIPS 201 (PIV) smart card
- 2011
-
Ingår i: World Congr. Internet Secur., WorldCIS. - : IEEE. - 9780956426376 ; , s. 86-92
-
Konferensbidrag (refereegranskat)abstract
- This paper describes security extensions of various Windows components based on usage of FIPS 201 (PIV) smart cards. Compared to some other similar solutions, this system has two significant advantages: first, smart cards are based on FIPS 201 standard and not on some proprietary technology; second, smart card security extensions represent an integrated solution, so the same card is used for security of several Microsoft products. Furthermore, our smart card system uses FIPS 201 applet and middleware with smart card APIs, so it can also be used by other developers to extend their own applications with smart card functions in a Windows environment. We support the following security features with smart cards: start-up authentication (based on PIN and/or fingerprint), certificate-based domain authentication, strong authentication, and protection of local resources. We also integrated our middleware and smart cards with MS Outlook and MS Internet Explorer.
|
|
| 11. |
- Abbasi, Abdul Ghafoor, et al.
(författare)
-
Web contents protection, secure execution and authorized distribution
- 2010
-
Ingår i: Proceedings - 5th International Multi-Conference on Computing in the Global Information Technology, ICCGI 2010. - 9780769541815 ; , s. 157-162
-
Konferensbidrag (refereegranskat)abstract
- This paper describes the design and implementation of a comprehensive system for protection of Web contents. In this design, new security components and extended security features are introduced in order to protect Web contents ageist various Web attacks. Components and extended security features are: protection of Web pages using strong encryption techniques, encapsulation of Web contents and resources in PKCS#7, extended secure execution environment for Java Web Server, eXtensible Access Control Markup Language (XACML) based authorization policies, and secure Web proxy. Design and implementation of our system is based on the concepts of generic security objects and component-based architecture that makes it compatible with exiting Web infrastructures without any modification.
|
|
| 12. |
- Abdullah, Nazri, et al.
(författare)
-
Security Extensions for Mobile Commerce Objects
- 2014
-
Ingår i: SECURWARE 2014, The Eighth International Conference on Emerging Security Information, Systems and Technologies. - 9781612083766
-
Konferensbidrag (refereegranskat)abstract
- Electronic commerce and its variance mobile commerce have tremendously increased their popularity in the last several years. As mobile devices have become the most popular mean to access and use the Internet, mobile commerce and its security are timely and very hot topics. Yet, today there is still no consistent model of various m–commerce applications and transactions, even less clear specification of their security. In order to address and solve those issues, in this paper, we first establish the concept of mobile commerce objects, an equivalent of virtual currencies, used for m–commerce transactions. We describe functionalities and unique characteristics of these objects; we follow with security requirements, and then offer some solutions – security extensions of these objects. All solutions are treated within the complete lifecycle of creation and use of the m–commerce objects.
|
|
| 13. |
- Alhammouri, M., et al.
(författare)
-
A design of an access control model for multilevel-security documents
- 2008
-
Konferensbidrag (refereegranskat)abstract
- In this paper we describe an access control model for multilevel-security documents, those structured into multiple sections based on certain security classifications. Our access control system uses XACML policies to allow documents, whose contents have varying sensitivity levels, to be created, viewed, and edited by groups that have members with varying clearance levels, while enforcing the required security constraints.
|
|
| 14. |
- Chang, Chih-Chun, et al.
(författare)
-
Assessment of Energy Consumption in Wireless Sensor Networks : A Case Study for Security Algorithms
- 2007
-
Ingår i: Proceedings of IEEE International Workshop on Wireless and Sensor Networks Security (IEEE WSNS 2007). - : IEEE. - 9781424414550 ; , s. 1-6
-
Konferensbidrag (refereegranskat)abstract
- WSN nodes are usually powered by batteries. Energy consumption during node operation determines battery life. Power consumption depends on the different hardware and software components in a WSN node and their various activities. In order to determine the life of the battery, we must measure the energy consumption of a node that is active in a network. That is, we must know the power consumption and time duration for node activities including computations, and RF transmission and reception. In this paper, we introduce an easy and accurate method for dynamic energy measurements without disturbing the node or network. The method consists of an oscilloscope, which can stream digitized voltages into a PC, which calculates the profile of energy consumption. We employed this capability to determine energy consumption for different security algorithms in CrossBow MICA2 nodes.
|
|
| 15. |
- Chang, C-C, et al.
(författare)
-
Balancing Security and Energy Consumption in Wireless Sensor Networks
- 2007
-
Ingår i: Proceedings 3rd International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2007). - Berlin/Heidelberg : Springer. - 9783540770237 ; , s. 469-480
-
Konferensbidrag (refereegranskat)abstract
- Appling security to messages traveling over wireless links in sensor nodes requires additional energy. This paper describes our suggestions on balancing the level of security and energy consumption based on our measurements using CrossBow and Ember sensor nodes. It was found that the node microcontroller's CPU operates for substantially longer times for both hashing and encryption operations compared to the time for handling messages without any security. However, this has little overall impact on energy consumption. The longer high-power radio transmission times due to hashing were especially costly. For the full operational mode, with CPU processing and also radio transmission of messages, our results indicate that the lifetime of a transmitting node in a security regime is only about one-half of the lifetime without security. Hence, we provided design guidelines to apply security with energy consideration for WSN. They include 2 to 8 bytes MACs for integrity and authentication instead of SHA-1, and the size of messages should match the steps of encryption algorithms.
|
|
| 16. |
- Chang, Chih-Chun, et al.
(författare)
-
Measurement of Energy Costs of Security in Wireless Sensor Nodes
- 2007
-
Ingår i: Proceedings - International Conference on Computer Communications and Networks, ICCCN. - : IEEE. - 9781424412518 ; , s. 95-102
-
Konferensbidrag (refereegranskat)abstract
- Both correct transmission using hashing and protection of messages using encryption in sensor nodes require additional energy. This paper describes our measurement results for energy consumption in CrossBow and Ember sensor nodes for the process of exchanging data messages between nodes both in the clear and in a protected form. Full strength algorithms were loaded into and executed in nodes. It was found that the CPU operates for substantially longer times for both hashing and encryption operations compared to the time for handling messages without any security. The longer radio transmission times due to hashing were especially costly. Hence, security algorithms have great impacts on energy consumption in sensor nodes. For the full operational mode, with CPU processing and also radio transmission of messages, our results indicate that the lifetime of a transmitting node in a security regime is only about onehalf of the lifetime without security.
|
|
| 17. |
- Ghafoor, A., et al.
(författare)
-
CryptoNET : Design and implementation of the secure email system
- 2010
-
Ingår i: 2009 Proceedings of the 1st International Workshop on Security and Communication Networks, IWSCN 2009. - 9788299710510 ; , s. 5683054-
-
Konferensbidrag (refereegranskat)abstract
- This paper describes the design and implementation of a secure, high assurance and very reliable Email system. The system handles standard Email security services - signing and encryption of Email letters and, in addition, provides a number of extended and innovative security features. These new features are: transparent handling of certificates, strong authentication between Secure Email client and Secure Email server, archiving and recovery of encrypted address books, simple and secure handling of cryptographic keys, security sessions management, tracking of Email letters using confirmation message, elimination of SPAM messages, prevention of fraudulent and infected attachments, and usage of smart cards. The system is structured in the form of security objects organized in the form of a large-scale security architecture based on proxy servers. The system uses hierarchical certification infrastructure for management and verification of certificates.
|
|
| 18. |
- Giambruno, A., et al.
(författare)
-
MagicNET : XACML authorization policies for mobile agents
- 2009
-
Ingår i: International Conference for Internet Technology and Secured Transactions, ICITST 2009. - : IEEE. - 9781424456482 ; , s. 5402600-
-
Konferensbidrag (refereegranskat)abstract
- One approach to authorization of mobile agents is to use XACML policies by assigning roles to agents and then enforcing role-based authorization. In this paper we show how traditional XACML polices, used for user access control in distributed environments, can be used for mobile agents' access control. We use such polices to manage delegation of access rights from users to agents while at the same time following the core principles of the XACML standard. We also propose a combination of policies that map users to their mobile agents and make access control decisions for mobile agents by evaluating complex policy sets.
|
|
| 19. |
|
|
| 20. |
- Hembroff, G. C., et al.
(författare)
-
Providing an additional factor for patient identification based on digital fingerprint
- 2011
-
Ingår i: 2nd USENIX Workshop on Health Security and Privacy, HealthSec 2011.
-
Konferensbidrag (refereegranskat)abstract
- Implementing a comprehensive healthcare security model is a difficult task due to the many complexities in the medical environment. Accurate patient identification is often overlooked in the areas of security and privacy. We have used our own architecture and experiences to bring forward this problem and offer suggestive solutions of incorporating biometric fingerprints and photographs of patients in a strategic manner to help strengthen our healthcare security model.
|
|
| 21. |
- Hembroff, G. C., et al.
(författare)
-
SAMSON : Secure Access for Medical Smart cards Over Networks
- 2010
-
Ingår i: 2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks", WoWMoM 2010 - Digital Proceedings. - : IEEE. - 9781424472659 ; , s. 5534982-
-
Konferensbidrag (refereegranskat)abstract
- This paper presents several smart card security extensions to the FIPS 201 PIV standard of security and authentication of mobile health. Our contributions are designed to better protect the patient's data and to increase the functionality and interoperability of smart cards in health care. Our solution, called SAMSON, consists of two types of smart cards. The first, a security card, is issued to all personnel within any medical organization, while the second, the medical card, is issued to patients and used to securely store and retrieve health care information. These smart cards are being tested within a 14 hospital federated consortium in Michigan's Upper Peninsula.
|
|
| 22. |
- Karunanayake, Amila, et al.
(författare)
-
Experiences on Mobile-ATM Deployment in a Developing Country
- 2008
-
Ingår i: Proceedings of The 1st International Conference on M4D Mobile Communication Technology for Development (M4D 2008, General Tracks). - Karlstad : Karlstad University. - 9789170632211 ; , s. 108-116
-
Konferensbidrag (refereegranskat)
|
|
| 23. |
- Karunanayake, A., et al.
(författare)
-
Mobile ATM for developing countries
- 2008
-
Konferensbidrag (refereegranskat)abstract
- Society benefits from M-Commerce applications to a greater extent. The most attractive benefit of M-Commerce applications is the mobility. Even though users have a poor computer literacy, they will be able to use the M-Commerce applications easily. Additionally, the M-Commerce applications have the potential of reducing the distance barriers. In developing countries, especially in rural areas, accessing financial and banking services is a critical issue. This paper proposes a system called Mobile-ATM to address this problem by incorporating the mobile technology. Also it discusses the limitations of traditional ATM systems, the need of a new M-Commerce application to overcome the limitations and security related issues. In the proposed solution, people can withdraw money from a Mobile-ATM without going to a traditional ATM. The Mobile-ATM system uses even cheap mobile phones, functioning as payment terminals. It will reduce the limitations of traditional ATM and enables confidential and secured ATM transactions.
|
|
| 24. |
- Kounelis, Ioannis, et al.
(författare)
-
An architecture for secure m-commerce applications
- 2013
-
Ingår i: Proceedings - 19th International Conference on Control Systems and Computer Science, CSCS 2013. ; , s. 519-525
-
Konferensbidrag (refereegranskat)abstract
- As mobile communication technology evolves, more and more features are available to users of mobile devices. The adoption of such features is rapid and the demand for more capabilities is growing, especially with the development of the Internet of Things. One of the most challenging and sensitive concepts used in the always connected mobile world is mobile commerce. Security for mobile financial transactions is of extreme high concern. In this paper we describe the architecture of a secure mcommerce system based on the concepts defined in the FP7 iCore project. We propose a framework that structures an m-commerce system in objects with semantic searching capabilities to provide an efficient and secure handling of system resources and transactions.
|
|
| 25. |
- Kounelis, Ioannis, et al.
(författare)
-
Secure and Privacy-enhanced E-Mail System based on the Concept of Proxies
- 2014
-
Konferensbidrag (refereegranskat)abstract
- Security and privacy on the Internet and especially the e-mail, is becoming more and more important and crucial for the user. The requirements for the protection of e-mail include issues like tracking and privacy intrusions by hackers and commercial advertisers, intrusions by casual observers, and even spying by government agencies. In an expanding e-mail use in the digital world, Internet and mobile, the quantity and sensitivity of personal information has also tremendously expanded. Therefore, protection of data and transactions and privacy of user information is key and of interest for many users. Based on such motives, in this paper we present the design and current implementation of our secure and privacy-enhanced e-mail system. The system provides protection of e-mails, privacy of locations from which the e-mail system is accessed, and authentication of legitimate users. Differently from existing standard approaches, which are based on adding security extensions to e-mail clients, our system is based on the concept of proxy servers that provide security and privacy of users and their e-mails. It uses all required standards: S/ MIME for formatting of secure letters, strong cryptographic algorithms, PKI protocols and certificates. We already have the first implementation and an instance of the system is very easy to install and to use.
|
|
| 26. |
- Kounelis, Ioannis
(författare)
-
Secure and Trusted Mobile Commerce System based on Virtual Currencies
- 2015
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- With the widespread usage of mobile devices and their applications, many areas of innovation have created a multitude of opportunities for mobile technologies to be deployed with very interesting effects. One such new area that emerged in the last few years is mobile commerce. It represents a system where various entities create real–life or digital assets, distribute information about them to interested consumers, execute transactions, accept various types of compensation methods, and finally deliver these assets; all of it in a secure and trusted manner, respecting users’ privacy.Since mobile devices are increasingly used for m-commerce, it is important to ensure that users’ data on such devices are kept secure. Mobile devices contain many of our personal and private data and information, since we nowadays use them for all kind of activities, both personal and professional. However, such data and information are not always treated in a secure and privacy friendly way.The goal of this thesis is to identify and provide solutions to security related problems found on mobile devices, such as communications, storage and mobile application design, and with the use of cryptocurrencies to combine the findings in the design of a secure mobile commerce system.As a result, this thesis describes a design and architecture of a secure e-commerce system, called eAgora, primarily exploiting mobile technology. The system is innovative as it treats digital goods, classified and called mobile commerce objects. Based on the attributes and anticipated use of such specific m–commerce objects, different security and privacy measures for each of them are needed and enforced. The goal was to design a system that deals with mobile commerce in a secure and privacy friendly way in all the lifecycle of the transactions.As users are mostly using mobile devices to connect to the proposed services, research first focused on mobile device security and privacy issues, such as insecure storage on the mobile device, insecure handling of user credentials and personal information, and insecure communications. Issues not only coming from the device itself but also from the nature of it; being mobile it is used in a different way that the classical desktop computers. Mobile devices are used in public, in an environment that cannot be controlled, and are interfacing a variety of networks that are not under the mobile device user’s control. Potential attackers’ interest was analysed in different mobile commerce scenarios in order to understand the needs for security enhancements.After having analyzed the possible threats, a methodology for mobile application development that would allow many common development errors to be avoided and security and privacy mechanisms to be considered by design was specified. Moreover, in order to provide secure storage and guard against active and passive intruder attacks, a secure Mobile Crypto Services Provider facility that allows storage of data on the UICC cards was designed and implemented.In order to secure communications, a secure e-mail application was designed and implemented. The application provides a user-friendly way to encrypt and sign e-mails, using the users’ already working e-mail accounts. The security functionality is completely transparent to users and ensures confidentiality and integrity of e-mail exchange.For the mobile commerce system, an architecture that enables exchange of m-commerce objects between different merchants, customers and retailers is proposed. Inthe architecture, policy enforcement and the feature to detect suspicious events that may be illegal and to cooperate with law enforcement was embedded.The newly defined technology of virtual currencies is used as a payment facilitator within the proposed architecture. Many of its innovative features are adopted but some are also extended, such as the secure use of the user wallet files, i.e. the files that link the user with the virtual currencies and enable payment transactions between customers and merchants. Although there is no distinction between different virtual currencies, Bitcoin is used as an example of a market valued trading currency to validate and evaluate the proposed secure e-commerce architecture and the findings have been applied on it.The thesis provides detailed use cases that demonstrate how the proposed architecture of eAgora functions in different complicated e-trading circumstances and how different security related mechanisms are used. The thesis concludes with the analysis of the research results and with proposed directions for future research and development works.
|
|
| 27. |
- Kounelis, Ioannis, et al.
(författare)
-
Secure Middleware for Mobile Phones and UICC Applications
- 2012
-
Ingår i: Mobile Wireless Middleware, Operating Systems, and Applications. - London : Springer Berlin/Heidelberg. - 9783642306075 - 9783642306068 ; , s. 143-152
-
Konferensbidrag (refereegranskat)abstract
- In this paper we describe our concept, design and current prototype implementation of a new middleware for mobile phones and UICC. The purpose of the middleware is to be used as an interface between applications, loaded in mobile phones, and functionalities of the corresponding supporting modules (applets) stored in UICC. At the moment, our middleware supports only security and mobile payment functions. Our primary goal was to explore the features that multi–application chips provide and to create a new way for handling of sensitive information when stored and used in mobile phones. Another goal is to extend the middleware to hide technology details of underlying UICC and their applets, so that applications developed on the top of the middleware are independent of the underlying mobile phone technologies. We plan to extend the current version of our middleware module to be used with other UICC applications and alternative mobile operating systems.
|
|
| 28. |
|
|
| 29. |
- Kounelis, Ioannis, et al.
(författare)
-
Towards a better understanding of the impact of emerging ICT on the safety and security of the Citizen : Digital Citizen Security - a programmatic approach
- 2011
-
Ingår i: Proceedings of the First SysSec Workshop - SysSec 2011. - Amsterdam. - 9780769545301 ; , s. 84-87
-
Konferensbidrag (refereegranskat)abstract
- The Joint Research Centre (JRC) of the European Commission has taken initiative to investigate, assess and forecast issues of the exploitation of digitalized personal data of citizens in our forthcoming digital society. It responds that way to some of the key challenges put forward in the Communication from the Commission “Europe 2020” and to one of its flagship initiatives, the "A Digital Agenda for Europe". The issues addressed are namely Trust and Security, a vibrant digital single market through building digital confidence and ICT-enabled benefits for the EU society and Intelligent Transport Systems for safer, more secure and more efficient transport and better mobility in Europe. The paper describes the current organization and the research roadmap of the Traceability and Vulnerability Assessment Unit [1] of the JRC and its partners. It illustrates the unit’s objectives for the coming years and into the European Unions 8th Research Framework program in respect to the digital security of citizens.
|
|
| 30. |
|
|
| 31. |
|
|
| 32. |
|
|
| 33. |
- Muftic, Sead, et al.
(författare)
-
Cryptonet : Secure E-mail system
- 2008
-
Ingår i: SECRYPT 2008. - 9789898111593 ; , s. 84-91
-
Konferensbidrag (refereegranskat)abstract
- The paper describes new, innovative and highly secure E-mail system. The system, first, provides both standard security services for E-mail letters: signed and encrypted E-mail. In addition, address book is encrypted, thus E-mail addresses can not be stolen for spamming. Each E-mail server is protected using SAML authorization policy, so E-mails are received only from authorized senders. Finally, all E-mail addresses arc validated and certified by specially designed Secure E-mail Infrastructure (SEI) Authorities, organized in a federated hierarchy. Thus CryptoNet Secure E-mail system completely eliminates spam, distribution of viruses, worms, and malware, and eliminates the possibility to use fake E-mail addresses.
|
|
| 34. |
|
|
| 35. |
- Muftic, Sead, et al.
(författare)
-
Management of Groups and Group Keys in Multi-Level Security Environments
- 2007
-
Ingår i: Lecture Notes in Computer Science: Computer Safety, Reliability, and Security. - Berlin/Heidelberg : Springer. - 9783540751007 ; , s. 75-80
-
Konferensbidrag (refereegranskat)abstract
- This paper describes techniques and solutions for management of groups and cryptographic keys when sharing secure documents protected at different classification levels. Such access control environment enforces access to documents at multiple security classification levels, starting from the membership in the group, then access to particular group applications, then access to individual documents and finally even their sections.
|
|
| 36. |
|
|
| 37. |
- Muftic, Sead
(författare)
-
Security in Operational Wireless Sensor Networks
- 2008
-
Ingår i: Proceeding of the Fifth IEEE Consumer Communications & Networking Conference (IEEE CCNC 2008), Las Vegas, Nevada, Jan 2008.
-
Konferensbidrag (refereegranskat)
|
|
| 38. |
|
|
| 39. |
- Mumtaz, Majid, et al.
(författare)
-
Strong authentication protocol based on Java crypto chip as a secure element
- 2016
-
Ingår i: Advances in Science, Technology and Engineering Systems. - : ASTES Journal. - 2415-6698. ; 1:5, s. 21-26
-
Tidskriftsartikel (refereegranskat)abstract
- Smart electronic devices and gadgets and their applications are becoming more and more popular. Most of those devices and their applications handle personal, financial, medical and other sensitive data that require security and privacy protection. In this paper we describe one aspect of such protection – user authentication protocol based on the use of X.509 certificates. The system uses Public Key Infrastructure (PKI), challenge/response protocol, mobile proxy servers, and Java cards with crypto capabilities used as a Secure Element. Innovative design of the protocol, its implementation, and evaluation results are described. In addition to end-user authentication, the described solution also supports the use of X.509 certificates for additional security services – confidentiality, integrity, and non-repudiation of transactions and data in an open network environment. The system uses Application Programming Interfaces (APIs) to access Java cards functions and credentials that can be used as add-ons to enhance any mobile application with security features and services.
|
|
| 40. |
- Mwakalinga, Jeffy, et al.
(författare)
-
Authorization System in Open Networks based on Attribute Certificates : Towards an ICT Enabled Society
- 2003
-
Ingår i: Proceedings of the International Information Technology Conference.
-
Konferensbidrag (refereegranskat)abstract
- This paper describes a security system for authorization in open networks. Authorization means authority to access certain resources, to perform certain operations, or to use certain system functions. In this paper the authorization system is based on use of attribute certificates. An attribute certificate is a signed object containing authorization attributes of a user. Before checking whether a user is authorized to perform an action or to access an object, the identity of the user must be verified. The identity verification system is based on public key certificates. We separate authorization system from authentication system because the same authority does not always establish authorization and authentication information. However these two systems must be combined and that is done by including the serial number of the user’s public key certificate as a field in the user’s attribute certificate, which carries authorization information. The topology of the authorization system comprises authorization authority servers issuing attribute certificates to users, application clients handling those certificates, and application servers verifying user access rights based on attribute certificates. Furthermore, all these components are themselves certified by standard PKI certification authorities, thus supporting mutual authentication and cross–domain scaling.
|
|
| 41. |
- Shibli, Awais, 1982-
(författare)
-
Security Infrastructure and Applicationsfor Mobile Agents
- 2010
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Research areas of this dissertation are security for mobile agents, for applications based on mobile agents, and for distributed network environments in which mobile agents execute. Mobile agents paradigm has captured researchers’ and industry’s interests long time ago because of its innovative capabilities and attractive applications. The ability of mobile agents to autonomously migrate from host to host, transferring their code and internal state, enables them to accomplish tasks in network and distributed environments more conveniently, robustly, and efficiently than traditional client-server applications. But, in spite of significant benefits of the mobile agent paradigm, the technology is still mainly in a research domain and so far it has not been adopted on a large scale by the industry and users. One of the reasons for that is security related issues and security concerns. Current research in the area of mobile agents’ security is focused mainly on protection and security of agents and agents’ runtime platforms. But most of the currently available mobile agent systems do not support comprehensive security requirements for a general mobile agents paradigm. Therefore, there is a need for a complete and comprehensive security infrastructure for mobile agents, not only in the form of security services and mechanisms for agents’ runtime execution, but also as a complete set of infrastructural components, along with methodology for creation, classification, adoption, and validation of mobile agents before their deployment in real-environments. In addition, protection of mobile agents code and their baggage during execution is also needed. The lack of such concept, infrastructure and security solutions is hindrance for wider adoption of mobile agent systems at the time of this research. In our research, we solve these comprehensive requirements with solutions that can be classified in two groups: The first group is solutions for designing, implementation and deployment of a security infrastructure for mobile agents, along with methodology for secure deployment and execution of mobile agents. The proposed infrastructure for mobile agents is based on a methodology for creation, classification and validation of trusted mobile agents. It includes security architecture for publishing, discovery and adoption of mobile agents. Moreover, it provides integrated system for mobile agent deployment that supports launching, authorization and execution of mobile agents. Mobile agents execution is based on a protective approach, as compared to traditional detective or preventive methods, that not only provides code protection, but code execution and data privacy as well. The second group is solutions for use of security infrastructure and, in particular, secure and trusted mobile agents for real-life applications. The main result in this group is the design and implementation of a network intrusion detection and prevention system based on mobile agents. The system efficiently solves several problems of existing IDS/IPS. It can detect new vulnerabilities before they are exploited by hackers, it can process and filter large volumes of log entries, it reacts to intrusions in real–time, it provides protection against unknown attacks, it supports and improves commercial IDS/IPS products, and it also efficiently handles software patches. The system not only improves use of existing popular IDS/IPS, but it also eliminates several of their core problems. In addition, it is self–protected by full encryption, both of mobile agents and their execution platforms, and therefore not vulnerable to attacks against its own components and resources.
|
|
| 42. |
- Shibli, Muhammad Awais, et al.
(författare)
-
Intrusion detection and prevention system using secure mobile agents
- 2008
-
Ingår i: SECRYPT - Int. Conf. Secur. Cryptography, Proc.. - 9789898111593 ; , s. 107-113
-
Konferensbidrag (refereegranskat)abstract
- The paper describes design and architecture of the intrusion detection and prevention system based on secure mobile agents along with the analysis of commercial products and current research efforts in the area. Once system will be operational it will be the first comprehensive real-life application using mobile agents that will not only provide security to network resources but also provide security and protection to the mobile agents system itself. The system efficiently solves several problems with the existing IDS/IPS solutions: it can detect new vulnerabilities, it can process and filter large volumes of logs, it reacts to intrusions in real-time, provides protection against unknown attacks, supports and improves IDS/IPS commercial products by different vendors, and handles software patches. The system not only improves the existing IDS/IPS solutions, but it also eliminates several of their core problems. In addition, it is self-protected by full encryption, both mobile agents and their platforms, and therefore not vulnerable to attacks against its own components and resources.
|
|
| 43. |
|
|
| 44. |
- Shibli, Muhammad Awais, et al.
(författare)
-
MagicNET : Security architecture for discovery and adoption of mobile agents
- 2010
-
Ingår i: 2009 Proceedings of the 1st International Workshop on Security and Communication Networks, IWSCN 2009. - 9788299710510 ; , s. 5683056-
-
Konferensbidrag (refereegranskat)abstract
- Current research in the area of security for mobile agents deals mainly with the runtime issues of agents' protection. Mobile agent systems do not address precisely the process of acquiring mobile agents by their owners, but they assume that the agents are somehow already available for use. This assumption is acceptable for experimental or prototyping environments, but it is inadequate for the real world scenarios where agents should be trusted and reliable, but agent creators and agent owners are separated and manage agents from mutually remote locations. Thus, the issue of agents' adoption for use in serious, sensitive and business networks is very important if agents are used in real-life applications. In this paper we describe the architecture and procedures for secure, verifiable and authenticated discovery and adoption of mobile agents. The main contribution is that in this process agent's code and its functionality can be verified, so that such agents can be deployed in serious applications and scenarios.
|
|
| 45. |
- Shibli, Muhammad Awais, et al.
(författare)
-
MagicNET : Security System for Protection of Mobile Agents
- 2011
-
Ingår i: 2010 24TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA). - 9780769540184 ; , s. 1233-1240
-
Konferensbidrag (refereegranskat)abstract
- Protection of Mobile agents is one of the most difficult problems in the area of mobile agents' security. There is not a single, comprehensive solution that provides complete protection of agents against malicious hosts. Existing solutions either only detect or to some extent prevent attacks on agents. With detective mechanisms integrity of an agent's code/state is being checked, but there are no effective solutions for confidentiality of agent's code and baggage. In this paper, we propose a system which provides protection of agent's code against illegal modifications, protection during agents' execution, and also protection of agent's baggage. Design of the system is based on a protective approach, which provides better security compared to traditional detective or preventive methods.
|
|
| 46. |
- Shibli, Muhammad Awais, et al.
(författare)
-
MagicNET : mobile agents data protection system
- 2015
-
Ingår i: European transactions on telecommunications. - : Wiley. - 1124-318X .- 2161-3915. ; 26:5, s. 813-835
-
Tidskriftsartikel (refereegranskat)abstract
- Literature study and analysis on mobile agents reveal many challenging and uncovered aspects that still do not have comprehensive solutions. Despite the fact that significant research has been carried out on mobile agents, it is still not widely adopted by industry and research community because of the immaturity of various technical aspects of agent paradigm. One of the main reasons that limits the scope of the potential applications of mobile agents is the lack of reliable security solutions for mobile agents' code and their baggage. The protection of mobile agents' codes has been solved by the research community to some extent; however, there is not even a single solution that provides complete protection and access control mechanism for agents' code and their baggage (data being accumulated/ carried by agent during execution). Most of the existing solutions such as execution tracing, code obfuscation, encrypted code execution and partial result encapsulation mainly cover security threats of mobile agents' code. In this paper, we present a security solution to overcome the security threats on traditional mobile agents computing paradigm. Our proposed solution is one step ahead of extant solutions in that it provides complete protection and enforces access control on agents' complex baggage structure. We have extended our previous work that was limited to the protection of agents and the agent platforms only. Our approach provides holistic access control mechanism between users and agents, agents and agent platform resources and platform and agents baggage. By adopting the proposed solution in the mobile agent-oriented software engineering, secure and complex mobile agent-based applications can be developed, which will greatly benefit the software industry.
|
|
| 47. |
- Shibli, Muhammad Awais, et al.
(författare)
-
Magicnet : Security architecture for authorization of mobile agents
- 2009
-
Ingår i: Proceedings of the 3rd International Conference on Internet Technologies and Applications, ITA 09. - 9780946881659 ; , s. 506-513
-
Konferensbidrag (refereegranskat)abstract
- Controlling access to resources at remote hosts by mobile agents during their execution is a challenging problem. Current solutions use mainly methodology that detects agents' incorrect access attempts to a particular resource. For that purpose agents' execution logs are checked in order to identify malicious activities or misuse of resources at a particular host. As an alternative, instead of detective approach, we focus on preventive approach for control of access by mobile agents. While detective approach may provide some protection, its primary shortcoming is that it does not provide protection of resources in advance, before access, and in fact requires post-fact manual intervention and activation of countermeasures. With our solution we provide a solution to authenticate and authorize agents at remote hosts before executing any action. The architecture of our system is based on RBAC XACML policies and SAML standards.
|
|
| 48. |
- Shibli, Muhammad Awais, et al.
(författare)
-
MagicNET : Security Architecture for Creation, Classification, and Validation of Trusted Mobile Agents
- 2009
-
Ingår i: 11TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III, PROCEEDINGS, - UBIQUITOUS ICT CONVERGENCE MAKES LIFE BETTER!. - TAEJON : ELECTRONICS TELECOMMUNICATIONS RESEARCH INST. - 9788955191387 ; , s. 1467-1471
-
Konferensbidrag (refereegranskat)abstract
- Most of the current research and development results dealing with security of mobile agents describe solutions only for usage of mobile agents. These contributions usually assume agents posses unique and recognizable identities, cryptographic keys, assigned assurance level, and various other security parameters. But, very few papers describe how to create, classify, and evaluate mobile agents before their adoption and deployment. These are the issues we address in this paper: how mobile agents are created, validated, tested, and classified before their deployment. Based on certain security parameters, we establish classification scheme for mobile agents into three assurance levels: low, medium, and high. Our solution and procedures are based on a comprehensive security service-oriented architecture. We also describe roles, procedures, and security components used in that architecture. The most important results are the definition of assurance levels for mobile agents and procedures for their classification into those assurance levels.
|
|
| 49. |
- Shibli, Muhammad Awais, et al.
(författare)
-
MagicNET : Security System for Development, Validation and Adoption of Mobile Agents
- 2009
-
Ingår i: NSS. - NEW YORK : IEEE. - 9781424450879 ; , s. 389-396
-
Konferensbidrag (refereegranskat)abstract
- Current research in the area of mobile agents' security mainly deals with protection and security for agents and agents' runtime platforms. Mobile agent systems usually do not provide an extensive security methodology for the entire agent's life cycle, from agent's creation to its deployment and execution. In this paper we propose a comprehensive secure system for deployment of mobile agents. The system provides methodology that spans a number of phases in agent's lifetime: it starts from agent creation and ends with agent's execution. It addresses classification, validation, publishing, discovery, adoption, authentication and authorization of agents. Our system is based on secure web services and uses RBAC XACML policies and SAML protocol.
|
|
| 50. |
- Shibli, Muhammad Awais, et al.
(författare)
-
MagicNET : Secure communication methodology for mobile agents
- 2010
-
Ingår i: The 12th International Conference on Advanced Communication Technology. - 9788955191455 ; , s. 1567-1573
-
Konferensbidrag (refereegranskat)abstract
- Most of the current research and development results, dealing with authentication of mobile agents, describe solutions that address only agent-to-platform authentication. These solutions assign privileges to agents so that they can be executed and then, by using the same privileges, also to communicate with other agents running on the same platform. They do not address broader agent-to-agent communication security requirements. Moreover, communication protocols are not based on any standards, what increases the possibilities of communications between benign and malicious agents. In this paper we describe agent-to-agent secure communication methodology that guarantees authenticated, authorized and confidential communication between agents. We use FIPA ACL standard for effective and interoperable communication in our agent-based system.
|
|
