The Experts below are selected from a list of 111 Experts worldwide ranked by ideXlab platform
Simon Gibbs - One of the best experts on this subject based on the ideXlab platform.
-
DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers
2010 IEEE International Symposium on Policies for Distributed Systems and Networks, 2010Co-Authors: Joshua Schiffman, Xinwen Zhang, Simon GibbsAbstract:Web applications are becoming the predominant means by which users interact with online content. However, current Authentication approaches use a single Authentication Credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single Authentication Credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web Authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.
Joshua Schiffman - One of the best experts on this subject based on the ideXlab platform.
-
DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers
2010 IEEE International Symposium on Policies for Distributed Systems and Networks, 2010Co-Authors: Joshua Schiffman, Xinwen Zhang, Simon GibbsAbstract:Web applications are becoming the predominant means by which users interact with online content. However, current Authentication approaches use a single Authentication Credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single Authentication Credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web Authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.
-
POLICY - DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers
2010 IEEE International Symposium on Policies for Distributed Systems and Networks, 2010Co-Authors: Joshua Schiffman, Xinwen Zhang, Simon J. GibbsAbstract:Web applications are becoming the predominant means by which users interact with online content. However, current Authentication approaches use a single Authentication Credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single Authentication Credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web Authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.
Paul Steinbart - One of the best experts on this subject based on the ideXlab platform.
-
HICSS - Can Relaxing Security Policy Restrictiveness Improve User Behavior? A Field Study of Authentication Credential Usage
2016 49th Hawaii International Conference on System Sciences (HICSS), 2016Co-Authors: Jeffry Babb, Mark J. Keith, Paul SteinbartAbstract:Often, security policies take an overly proscriptive approach designed to shape "secure" behavior in the specification of constraints, controls, and impediments to free action. In the case of very detailed policies, the user may not even understand the logic behind the behavior. This research poses a simple premise: if a desired state of system security can be achieved with a policy that affords the user a range of behavioral options, would the user be more likely to comply with the policy? We present findings from a field experiment in the context of password selection where secure behavior was enhanced by relaxing proscription (and prescription) by allowing universal cues in additional feedback tools to take precedence over explicit behavioral requirements. This is in keeping with aspects of Activity Theory which proposes that familiar tools influence actor-structure interactions that lead to desired outcomes.
-
Can Relaxing Security Policy Restrictiveness Improve User Behavior? A Field Study of Authentication Credential Usage
2016 49th Hawaii International Conference on System Sciences (HICSS), 2016Co-Authors: Jeffry Babb, Mark Keith, Paul SteinbartAbstract:Often, security policies take an overly proscriptive approach designed to shape "secure" behavior in the specification of constraints, controls, and impediments to free action. In the case of very detailed policies, the user may not even understand the logic behind the behavior. This research poses a simple premise: if a desired state of system security can be achieved with a policy that affords the user a range of behavioral options, would the user be more likely to comply with the policy? We present findings from a field experiment in the context of password selection where secure behavior was enhanced by relaxing proscription (and prescription) by allowing universal cues in additional feedback tools to take precedence over explicit behavioral requirements. This is in keeping with aspects of Activity Theory which proposes that familiar tools influence actor-structure interactions that lead to desired outcomes.
Jianying Zhou - One of the best experts on this subject based on the ideXlab platform.
-
A Novel Authenticated Key Agreement Protocol With Dynamic Credential for WSNs
ACM Transactions on Sensor Networks, 2019Co-Authors: Zheng Yang, Jianying ZhouAbstract:Public key cryptographic primitive (e.g., the famous Diffie-Hellman key agreement, or public key encryption) has recently been used as a standard building block in authenticated key agreement (AKA) constructions for wireless sensor networks (WSNs) to provide perfect forward secrecy (PFS), where the expensive cryptographic operation (i.e., exponentiation calculation) is involved. However, realizing such complex computation on resource-constrained wireless sensors is inefficient and even impossible on some devices. In this work, we introduce a new AKA scheme with PFS for WSNs without using any public key cryptographic primitive. To achieve PFS, we rely on a new dynamic one-time Authentication Credential that is regularly updated in each session. In particular, each value of the Authentication Credential is wisely associated with at most one session key that enables us to fulfill the security goal of PFS. Furthermore, the proposed scheme enables the principals to identify whether they have been impersonated previously. We highlight that our scheme can be very efficiently implemented on sensors since only hash function and XOR operation are required.
-
Faster Authenticated Key Agreement with Perfect Forward Secrecy for Industrial Internet-of-Things
IEEE Transactions on Industrial Informatics, 1Co-Authors: Zheng Yang, Jun He, Yangguang Tian, Jianying ZhouAbstract:Industrial Internet-of-Things (IIoT) is the basis of Industry 4.0, which extends Internet connectivity beyond traditional computing devices like computers and smartphones to the physical world for improving efficiency and accuracy while reducing the production cost. However, there are tremendous security threats to IIoT, such as IIoT device hijacking and data leaks. Therefore, a lightweight authenticated key agreement (AKA) protocol is commonly applied to establish a session key for securing the communication between IIoT devices. To protect the previous session keys from being compromised, perfect forward secrecy (PFS) has been one of the most important security properties of AKA. In this work, we present an efficient PFS-enabled AKA protocol for IIoT systems, which is developed based on a new dynamic Authentication Credential (DAC) framework, without using any public-key cryptographic primitives. It is worth noting that our protocol is also faster than the state-of-the-art DAC-based AKA protocols with PFS. Moreover, we give the formal security result of the proposed protocol in the random oracle model.
Xinwen Zhang - One of the best experts on this subject based on the ideXlab platform.
-
DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers
2010 IEEE International Symposium on Policies for Distributed Systems and Networks, 2010Co-Authors: Joshua Schiffman, Xinwen Zhang, Simon GibbsAbstract:Web applications are becoming the predominant means by which users interact with online content. However, current Authentication approaches use a single Authentication Credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single Authentication Credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web Authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.
-
POLICY - DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers
2010 IEEE International Symposium on Policies for Distributed Systems and Networks, 2010Co-Authors: Joshua Schiffman, Xinwen Zhang, Simon J. GibbsAbstract:Web applications are becoming the predominant means by which users interact with online content. However, current Authentication approaches use a single Authentication Credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single Authentication Credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web Authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.
