Certification and Security Issues in Biomedical Grid Portals

User authentication and data security are very important aspects for the deployment and proper function of biomedical grid portals, since both sensitive data issues and controlled access to grid resources must be addressed. This chapter discusses certification and security issues in biomedical grid portals and presents the security infrastructure of GRISSOM (Grids for In Silico Systems biology and Medicine) platform. The platform consists of a web-based portal and a Web Service that enables statistical analysis of microarray cDNA data with the use of EGEE Grid infrastructure. The security infrastructure addresses user authentication and access issues, data encryption, Grid secure access and Web Service Security. The appendix of the chapter contains code snapshots on how to implement secure authentication in Web Services and create user SSL certificates on demand.

Download Full-text

Certification and Security Issues in Biomedical Grid Portals

Bioinformatics ◽

10.4018/978-1-4666-3604-0.ch065 ◽

2013 ◽

pp. 1283-1305

Author(s):

Charalampos Doukas ◽

Ilias Maglogiannis ◽

Aristotle Chatziioannou

Keyword(s):

Web Service ◽

User Authentication ◽

Data Encryption ◽

Proper Function ◽

Sensitive Data ◽

Web Based ◽

Security Issues ◽

Web Service Security ◽

Security Infrastructure ◽

Secure Authentication

User authentication and data security are very important aspects for the deployment and proper function of biomedical grid portals, since both sensitive data issues and controlled access to grid resources must be addressed. This chapter discusses certification and security issues in biomedical grid portals and presents the security infrastructure of GRISSOM (Grids for In Silico Systems biology and Medicine) platform. The platform consists of a web-based portal and a Web Service that enables statistical analysis of microarray cDNA data with the use of EGEE Grid infrastructure. The security infrastructure addresses user authentication and access issues, data encryption, Grid secure access and Web Service Security. The appendix of the chapter contains code snapshots on how to implement secure authentication in Web Services and create user SSL certificates on demand.

Download Full-text

Web Service Security

Network Security Technologies - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-4789-3.ch008 ◽

2014 ◽

pp. 108-128

Author(s):

Elena M. Torroglosa García ◽

Gabriel López Millán

Keyword(s):

Web Service ◽

User Authentication ◽

Wide Field ◽

End User ◽

Daily Lives ◽

Web Based ◽

Web Service Security ◽

Shared Information ◽

Authentication And Authorization ◽

New Generation

The high adoption in daily lives of services offered by the Web 2.0 has opened a wide field for the proliferation of new Web-based services and applications. Social networks, as the main exponent of this new generation of services, require security systems to ensure end user authentication and access control to shared information. Another feature that is becoming increasingly important in these scenarios is the delegation of controlled access between the different API (Application Programming Interfaces) to integrate services and information. The safe use of these Web services requires end user security credentials and different authentication and authorization technologies. This chapter provides an introduction to the most relevant protocols and standards in the area of Web service security, which are able to provide authentication and authorization mechanisms.

Download Full-text

Implementasi Keamanan pada Transaksi Data Menggunakan Sertifikat Digital X.509

Jurnal ULTIMATICS ◽

10.31937/ti.v8i1.496 ◽

2017 ◽

Vol 8 (1) ◽

pp. 1-10

Author(s):

Is Mardianto ◽

Kuswandi Kuswandi

Keyword(s):

Mobile Phone ◽

Web Service ◽

Data Exchange ◽

User Authentication ◽

Digital Certificate ◽

Security Issues ◽

Diffie Hellman ◽

Digital Certificates ◽

Mobile Phone Applications ◽

Secure Hash Algorithm

Security issues have become a major issue on the Internet. One of the security methods that are widely used today is to implement a digital certificate. Digital certificates have evolved over time, one of which is the X.509 digital certificate. Digital certificates have been widely used as authentication applications, web network authentication and other authentication systems that require digital certificates. This research is carried out by implementing an X.509 digital certificate technology as a mobile web service with its client. Secure Hash Algorithm (SHA), Diffie-Hellman, and Advanced Encryption Standard (AES) are used to secure the data exchange transaction between the web service and mobile phone. SHA algorithm will be used for user authentication, Diffie-Hellman algorithm will be used for public key exchange and AES algorithms will be used for symmetric cryptography data. The results of the application of digital certificates, the SHA algorithm, Diffie-Hellman, and AES in mobile phone applications, provide security application running on web service. Index Terms—Digital Certificate, X.509, SHA, Diffie Hellman, AES

Download Full-text

Cryptography in E-Mail and Web Services

Applied Cryptography for Cyber Security and Defense ◽

10.4018/978-1-61520-783-1.ch004 ◽

2011 ◽

pp. 79-129

Author(s):

Wasim A Al-Hamdani

Keyword(s):

Web Services ◽

Web Service ◽

Web Based ◽

Web Service Security ◽

Xml Signature ◽

Personal Use ◽

Remote System ◽

A Site ◽

Mail Service ◽

E Mail

Cryptography has been used since ancient times in many different shapes and forms to protect messages from being intercepted. However, since 1976, cryptography started to be part of protected public communication when e-mail became commonly used by the public. Webmail (or Web-based e-mail) is an e-mail service intended to be primarily accessed via a web browser, as opposed to through an e-mail client, such as Microsoft Outlook, Mozilla‘s Thunderbird Mail. Very popular webmail providers include Gmail, Yahoo! Mail, Hotmail and AOL. Web based email has its advantages, especially for people who travel. Email can be collected by simply visiting a website, negating the need for an email client, or to logon from home. Wherever a public terminal with Internet access exists one can check, sends and receive email quickly and easily. Another advantage of web based email is that it provides an alternate address allowing user to reserve his/her ISP address for personal use. If someone would like to subscribe to a newsletter, enter a drawing, register at a website, participate in chats, or send feedback to a site, a web based email address is the perfect answer. It will keep non-personal mail on a server for you to check when you wish, rather than filling up your private email box. Web service is defined as “a software system designed to support interoperable machine-to-machine interaction over a network”. Web services are frequently just Internet application programming interfaces (API) that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services. Other approaches with nearly the same functionality as web services are Object Management Group‘s (OMG) Common Object Request Broker Architecture (CORBA), Microsoft‘s Distributed Component Object Model (DCOM) or SUN‘s Java/Remote Method Invocation (RMI). Integrating Encryption with web service could be performing in many ways such as: XML Encryption and XML Signature. In this article we present client and Web-based E-mail, next generation E-mail and secure E-mail, followed by cryptography in web service and the last part is the future of web service security. The article start with the integration of cryptography with E-mail client and web base then the integration of cryptography and web service is presented. At the end of the major two sections: e-mail service and web service there is a general prospect vision of encryption future for e-mail service and web service. This section presents our view for the cryptography integration with the second generation of e-mail and web service.

Download Full-text

Using SAML and XACML for Web Service Security&Privacy

Securing Web Services ◽

10.4018/978-1-59904-639-6.ch008 ◽

2008 ◽

pp. 182-205 ◽

Cited By ~ 7

Author(s):

Tuncay Namli ◽

Asuman Dogac

Keyword(s):

Web Services ◽

Access Control ◽

Web Service ◽

User Authentication ◽

Security And Privacy ◽

Web Service Security ◽

Technology Changes ◽

Attribute Information ◽

Healthcare Monitoring ◽

Service Standards

Web service technology changes the way of conducting business by opening their services to the whole business world over the networks. This property of Web services makes the security and privacy issues more important since the access to the services becomes easier. Many Web service standards are emerging to make Web services secure and privacy protected. This chapter discusses two of them; SAML (OASIS, 2005) and XACML (OASIS, 2005). SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. In other words, SAML handles the user authentication and also carries attribute information for authorization (access control). XACML is the complementary standard of OASIS to make the access control decisions. This work is realized within the scope of the IST 027074 SAPHIRE Project which is an intelligent healthcare monitoring and decision support system.

Download Full-text

Authorization of Data In Hadoop Using Apache Sentry

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.6.14978 ◽

2018 ◽

Vol 7 (3.6) ◽

pp. 234 ◽

Cited By ~ 1

Author(s):

N Sirisha ◽

K V.D. Kiran

Keyword(s):

Big Data ◽

Data Security ◽

Data Encryption ◽

Security Model ◽

Huge Amount ◽

Sensitive Data ◽

Major Drawback ◽

Security Issues ◽

On Demand ◽

Increasing Trend

Big Data has become more popular, as it can provide on-demand, reliable and flexible services to users such as storage and its processing. The data security has become a major issue in the Big data. The open source HDFS software is used to store huge amount of data with high throughput and fault tolerance and Map Reduce is used for its computations and processing. However, it is a significant target in the Hadoop system, security model was not designed and became the major drawback of Hadoop software. In terms of storage, meta data security, sensitive data and also the data security will be an serious issue in HDFS. With the importance of Hadoop in today's enterprises, there is also an increasing trend in providing a high security features in enterprises. Over recent years, only some level of security in Hadoop such as Kerberos and Transparent Data Encryption(TDE),Encryption techniques, hash techniques are shown for Hadoop. This paper, shows the efforts that are made to present Hadoop Authorization security issues using Apache Sentry in HDFS.

Download Full-text

Enhancing Security Modeling for Web Services Using Delegation and Pass-On

International Journal of Web Services Research ◽

10.4018/jwsr.2010010101 ◽

2010 ◽

Vol 7 (1) ◽

pp. 1-21 ◽

Cited By ~ 4

Author(s):

Wei She ◽

I-Ling Yen ◽

Bhavani Thuraisingham

Keyword(s):

Web Services ◽

Web Service ◽

Information Flow ◽

Security Model ◽

Security Issues ◽

Web Service Security ◽

Security Models ◽

Composite Services ◽

Service Environments ◽

Security Standards

In recent years, security issues in web service environments have been widely studied and various security standards and models have been proposed. However, most of these standards and models focus on individual web services and do not consider the security issues in composite services. In this article, the authors propose an enhanced security model to control the information flow in service chains. It extends the basic web service security models by introducing the concepts of delegation and pass-on. Based on these concepts, new certificates, certificate chains, delegation and pass-on policies, and how they are used to control the information flow are discussed. The authors also introduce a case study from a healthcare information system to illustrate the protocols.

Download Full-text

Enhancing Security Modeling for Web Services Using Delegation and Pass-On

Web Service Composition and New Frameworks in Designing Semantics ◽

10.4018/978-1-4666-1942-5.ch013 ◽

2012 ◽

pp. 286-307

Author(s):

Wei She ◽

I-Ling Yen ◽

Bhavani Thuraisingham

Keyword(s):

Web Services ◽

Web Service ◽

Information Flow ◽

Security Model ◽

Security Issues ◽

Web Service Security ◽

Security Models ◽

Composite Services ◽

Service Environments ◽

Security Standards

In recent years, security issues in web service environments have been widely studied and various security standards and models have been proposed. However, most of these standards and models focus on individual web services and do not consider the security issues in composite services. In this article, the authors propose an enhanced security model to control the information flow in service chains. It extends the basic web service security models by introducing the concepts of delegation and pass-on. Based on these concepts, new certificates, certificate chains, delegation and pass-on policies, and how they are used to control the information flow are discussed. The authors also introduce a case study from a healthcare information system to illustrate the protocols.

Download Full-text

Let’s Take it Offline: Boosting Brute-Force Attacks on iPhone’s User Authentication through SCA

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i3.496-519 ◽

2021 ◽

pp. 496-519

Author(s):

Oleksiy Lisovets ◽

David Knichel ◽

Thorben Moos ◽

Amir Moradi

Keyword(s):

Graphics Processing Unit ◽

User Authentication ◽

Realistic Model ◽

Data Encryption ◽

Processing Unit ◽

Brute Force ◽

Sensitive Data ◽

User Data ◽

Encryption Decryption ◽

Brute Force Attack

In recent years, smartphones have become an increasingly important storage facility for personal sensitive data ranging from photos and credentials up to financial and medical records like credit cards and person’s diseases. Trivially, it is critical to secure this information and only provide access to the genuine and authenticated user. Smartphone vendors have already taken exceptional care to protect user data by the means of various software and hardware security features like code signing, authenticated boot chain, dedicated co-processor and integrated cryptographic engines with hardware fused keys. Despite these obstacles, adversaries have successfully broken through various software protections in the past, leaving only the hardware as the last standing barrier between the attacker and user data. In this work, we build upon existing software vulnerabilities and break through the final barrier by performing the first publicly reported physical Side-Channel Analysis (SCA) attack on an iPhone in order to extract the hardware-fused devicespecific User Identifier (UID) key. This key – once at hand – allows the adversary to perform an offline brute-force attack on the user passcode employing an optimized and scalable implementation of the Key Derivation Function (KDF) on a Graphics Processing Unit (GPU) cluster. Once the passcode is revealed, the adversary has full access to all user data stored on the device and possibly in the cloud.As the software exploit enables acquisition and processing of hundreds of millions oftraces, this work further shows that an attacker being able to query arbitrary many chosen-data encryption/decryption requests is a realistic model, even for compact systems with advanced software protections, and emphasizes the need for assessing resilience against SCA for a very high number of traces.

Download Full-text