The Experts below are selected from a list of 86667 Experts worldwide ranked by ideXlab platform
Sungwon Sohn - One of the best experts on this subject based on the ideXlab platform.
-
ICCSA (1) - Development of XKMS-Based Service Component for Using PKI in XML Web Services Environment
Computational Science and Its Applications – ICCSA 2004, 2004Co-Authors: Namje Park, Kiyoung Moon, Jongsu Jang, Sungwon SohnAbstract:The emerging Web Services technology provides a systematic and standard-based approach to enable application-to-application integration. In this paper, we propose XKMS(XML Key Management Specification)-based Key Management Service model and design protocol component based on standard specification. Also describes the analysis and security method of Key Management Service for secure global XML Web Services, paying attention to the features of XML based security Service. This Service model offers the security construction guideline for future e-business and global XML Web Services frameworks.
-
A study on the XKMS-based Key Management system for secure global XML web Services
The 6th International Conference on Advanced Communication Technology 2004., 1Co-Authors: Namje Park, Kiyoung Moon, Sungwon SohnAbstract:In this paper, we propose XKMSWML Key Management Specification)-based Key Management Service model and design protocol component based on standard specification. Also describes the analysis and security method of Key Management Service for secure global XML web Services, paying attention to the features of XML based security Service. This Service model offers the security construction guideline for future e-business and global XML web Services frameworks.
Antonio Capone - One of the best experts on this subject based on the ideXlab platform.
-
Optimal Node Placement in Distributed Wireless Security Architectures
2011Co-Authors: Fabio Martignon, Stefano Paris, Antonio CaponeAbstract:Wireless mesh networks (WMNs) are currently accepted as a new communication paradigm for next-generation wireless networking. They consist of mesh routers and clients, where mesh routers are almost static and form the backbone of WMNs.Several architectures have been proposed to distribute the authentication and authorization functions in the WMN backbone. In such distributed architectures, new mesh routers authenticate to a Key Management Service (consisting of several servers, named core nodes), which can be implemented using threshold cryptography, and obtain a temporary Key that is used both to prove their credentials to neighbor nodes and to encrypt all the traffic transmitted on wireless backbone links.This paper analyzes the optimal placement of the core nodes that collaboratively implement the Key Management Service in a distributed wireless security architecture. The core node placement is formulated as an optimization problem, which models closely the behavior of real wireless channels; the performance improvement achieved solving our model is then evaluated in terms of Key distribution/authentication delay in several realistic network scenarios.Numerical results show that our proposed model increases the responsiveness of distributed security architectures with a short computing time, thus representing a very effective tool to plan efficient and secure wireless networks.
-
DSA-Mesh: a distributed security architecture for wireless mesh networks
Security and Communication Networks, 2011Co-Authors: Fabio Martignon, Stefano Paris, Antonio CaponeAbstract:Wireless Mesh Networks (WMNs) have emerged recently as a technology for next-generation wireless networking. They consist of mesh routers and clients, where mesh routers are almost static and form the backbone of WMNs. WMNs provide network access for both mesh and conventional clients. In this paper, we propose DSA-Mesh, a fully distributed security architecture that provides access control for mesh routers as well as a Key distribution scheme that supports layer-2 encryption to ensure security and data confidentiality of all communications that occur in the backbone of the WMN. DSA-Mesh exploits the routing capabilities of mesh routers: after connecting to the access network as generic wireless clients, new mesh routers authenticate to a Key Management Service (consisting of several servers) implemented using threshold cryptography, and obtain a temporary Key that is used both to prove their credentials to neighbor nodes and to encrypt all the traffic transmitted on wireless backbone links. A Key feature in the design of DSA-Mesh is its independence from the underlying wireless technology used by network nodes to form the backbone. Furthermore, DSA-Mesh enables seamless mobility of mesh routers. Since it is completely distributed, DSA-Mesh permits to deploy automatically and incrementally large WMNs, while increasing, at the same time, the robustness of the system by eliminating the single point of failure typical of centralized architectures. DSA-Mesh has been implemented in Network Simulator, and extensive simulations have been performed in large-scale network scenarios, comparing it to a static Key approach and to a centralized architecture where a single Key server is deployed. Numerical results show that our proposed architecture considerably increases the WMN security and reliability, with a negligible impact on the network performance, thus representing an effective solution for wireless mesh networking. Copyright © 2010 John Wiley & Sons, Ltd.
-
Networking (1) - Optimal node placement in distributed wireless security architectures
NETWORKING 2011, 2011Co-Authors: Fabio Martignon, Stefano Paris, Antonio CaponeAbstract:Wireless mesh networks (WMNs) are currently accepted as a new communication paradigm for next-generation wireless networking. They consist of mesh routers and clients, where mesh routers are almost static and form the backbone of WMNs. Several architectures have been proposed to distribute the authentication and authorization functions in the WMN backbone. In such distributed architectures, new mesh routers authenticate to a Key Management Service (consisting of several servers, named core nodes), which can be implemented using threshold cryptography, and obtain a temporary Key that is used both to prove their credentials to neighbor nodes and to encrypt all the traffic transmitted on wireless backbone links. This paper analyzes the optimal placement of the core nodes that collaboratively implement the Key Management Service in a distributed wireless security architecture. The core node placement is formulated as an optimization problem, which models closely the behavior of real wireless channels; the performance improvement achieved solving our model is then evaluated in terms of Key distribution/authentication delay in several realistic network scenarios. Numerical results show that our proposed model increases the responsiveness of distributed security architectures with a short computing time, thus representing a very effective tool to plan efficient and secure wireless networks.
Yubin Xia - One of the best experts on this subject based on the ideXlab platform.
-
tz kms a secure Key Management Service for joint cloud computing with arm trustzone
Service Oriented Software Engineering, 2018Co-Authors: Shiyu Luo, Zhichao Hua, Yubin XiaAbstract:The Key Management Service (KMS) has become a fundamental component of cloud computing. For enforce security, existing clouds usually deploy a centralized KMS protected by specialized hardware, i.e., hardware security module (HSM), which is exclusively controlled by the cloud provider. Joint cloud computing (JointCloud) is a new architecture of cloud computing, which makes the best use of the advantage of different clouds. However, in JointCloud, different cloud providers have their respective KMS. Thus it is impossible for one user’s different applications in different clouds to share the same Key in different KMS. The Key stored in KMS will be unreachable after the application is migrated to a new cloud, which makes the encrypted data being unusable. To address these problems, we introduce TZ-KMS which provides a trusted distributed Key Management Service with ARM TrustZone technology. We locate a TZ-KMS instance in the secure world (a trusted execution environment provided by ARM TrustZone) of each machine, and the instance handles requests from the user application. A distributed Key Management method is further provided to synchronize user Keys among different TZ-KMS instances. TZ-KMS allows one user’s applications, located in different clouds, to share the same Key Management Service securely. User Keys are still reachable after the application is migrated to a new cloud. We have implemented a prototype of TZ-KMS, and the evaluation shows that our system has a good performance and scalability.
-
SOSE - TZ-KMS: A Secure Key Management Service for Joint Cloud Computing with ARM TrustZone
2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), 2018Co-Authors: Shiyu Luo, Zhichao Hua, Yubin XiaAbstract:The Key Management Service (KMS) has become a fundamental component of cloud computing. For enforce security, existing clouds usually deploy a centralized KMS protected by specialized hardware, i.e., hardware security module (HSM), which is exclusively controlled by the cloud provider. Joint cloud computing (JointCloud) is a new architecture of cloud computing, which makes the best use of the advantage of different clouds. However, in JointCloud, different cloud providers have their respective KMS. Thus it is impossible for one user’s different applications in different clouds to share the same Key in different KMS. The Key stored in KMS will be unreachable after the application is migrated to a new cloud, which makes the encrypted data being unusable. To address these problems, we introduce TZ-KMS which provides a trusted distributed Key Management Service with ARM TrustZone technology. We locate a TZ-KMS instance in the secure world (a trusted execution environment provided by ARM TrustZone) of each machine, and the instance handles requests from the user application. A distributed Key Management method is further provided to synchronize user Keys among different TZ-KMS instances. TZ-KMS allows one user’s applications, located in different clouds, to share the same Key Management Service securely. User Keys are still reachable after the application is migrated to a new cloud. We have implemented a prototype of TZ-KMS, and the evaluation shows that our system has a good performance and scalability.
Michael K. Reiter - One of the best experts on this subject based on the ideXlab platform.
-
An authorization model for a public Key Management Service
ACM Transactions on Information and System Security, 2001Co-Authors: Pierangela Samarati, Michael K. Reiter, Sushil JajodiaAbstract:Public Key Management has received considerable attention from both the research and commercial communities as a useful primitive for secure electronic commerce and secure communication. While the mechanics of certifying and revoking public Keys and escrowing and recovering private Keys have been widely explored, less attention has been paid to access control frameworks for regulating access to stored Keys by different parties. In this article we propose such a framework for a Key Management Service that supports public Key registration, lookup, and revocation, and private Key escrow, protected use (e.g., to decrypt selected messages), and recovery. We propose an access control model using a policy based on principal, ownership, and authority relationships on Keys. The model allows owners to grant to others (and revoke) privileges to execute various actions on their Keys. The simple authorization language is very expressive, enabling the specification of authorizations for composite subjects that can be fully specified (ground) or partially specified, thus making the authorizations applicable to all subjects satisfying some conditions. We illustrate how the access control policy and the authorizations can easily be expressed through a simple and restricted, hence efficiently computable, form of logic language.
-
The Ω Key Management Service
Proceedings of the 3rd ACM conference on Computer and communications security - CCS '96, 1996Co-Authors: Michael K. Reiter, Matthew K. Franklin, John Blakeway Lacy, Rebecca N. WrightAbstract:In this paper we i.ntroduce R, a distributed public Key Management Service for open networks. f’l offers interfaces by which clients can register, retrieve, and revoke public Keys, and escrow, use (to decrypt messages), and recover private Keys, all of which can be subjected to access control policy. R is built using multiple servers in a way that ensures its correct operation despite the malicious corruption of fewer than one-third of its component servers. We describe the design of R, the protocols underlying its operation, performance in our present implementation, and an experimental application of the Service.
Chandu Thota - One of the best experts on this subject based on the ideXlab platform.
-
A new architecture of Internet of Things and big data ecosystem for secured smart healthcare monitoring and alerting system
Future Generation Computer Systems, 2017Co-Authors: Gunasekaran Manogaran, Ramaiyer Varatharajan, Priyan Malarvizhi Kumar, Daphne Lopez, Revathi Sundarasekar, Chandu ThotaAbstract:Wearable medical devices with sensor continuously generate enormous data which is often called as big data mixed with structured and unstructured data. Due to the complexity of the data, it is difficult to process and analyze the big data for finding valuable information that can be useful in decision-making. On the other hand, data security is a Key requirement in healthcare big data system. In order to overcome this issue, this paper proposes a new architecture for the implementation of IoT to store and process scalable sensor data (big data) for health care applications. The Proposed architecture consists of two main sub architectures, namely, Meta Fog-Redirection (MF-R) and Grouping and Choosing (GC) architecture. MF-R architecture uses big data technologies such as Apache Pig and Apache HBase for collection and storage of the sensor data (big data) generated from different sensor devices. The proposed GC architecture is used for securing integration of fog computing with cloud computing. This architecture also uses Key Management Service and data categorization function (Sensitive, Critical and Normal) for providing security Services. The framework also uses MapReduce based prediction model to predict the heart diseases. Performance evaluation parameters such as throughput, sensitivity, accuracy, and f-measure are calculated to prove the efficiency of the proposed architecture as well as the prediction model.
