A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

The massive growth of the Internet and its services is currently being sustained by the mercantilization of users’ identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users’ identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities’ identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.

Securing XML with Role-Based Access Control

Today’s applications are often constructed by bringing together functionality from multiple systems that utilize varied technologies (e.g. application programming interfaces, Web services, cloud computing, data mining) and alternative standards (e.g. XML, RDF, OWL, JSON, etc.) for communication. Most such applications achieve interoperability via the eXtensible Markup Language (XML), the de facto document standard for information exchange in domains such as library repositories, collaborative software development, health informatics, etc. The use of a common data format facilitates exchange and interoperability across heterogeneous systems, but challenges in the aspect of security arise (e.g. sharing policies, ownership, permissions, etc.). In such situations, one key security challenge is to integrate the local security (existing systems) into a global solution for the application being constructed and deployed. In this chapter, the authors present a Role-Based Access Control (RBAC) security framework for XML, which utilizes extensions to the Unified Modeling Language (UML) to generate eXtensible Access Control Markup Language (XACML) policies that target XML schemas and instances for any application, and provides both the separation and reconciliation of local and global security policies across systems. To demonstrate the framework, they provide a case study in health care, using the XML standards Health Level Seven’s (HL7) Clinical Document Architecture (CDA) and the Continuity of Care Record (CCR). These standards are utilized for the transportation of private and identifiable information between stakeholders (e.g. a hospital with an electronic health record, a clinic’s electronic health record, a pharmacy system, etc.), requiring not only a high level of security but also compliance to legal entities. For this reason, it is not only necessary to secure private information, but for its application to be flexible enough so that updating security policies that affect millions of documents does not incur a large monetary or computational cost; such privacy could similarly involve large banks and credit card companies that have similar information to protect to deter identity theft. The authors demonstrate the security framework with two in-house developed applications: a mobile medication management application and a medication reconciliation application. They also detail future trends that present even more challenges in providing security at global and local levels for platforms such as Microsoft HealthVault, Harvard SMART, Open mHealth, and open electronic health record systems. These platforms utilize XML, equivalent information exchange document standards (e.g., JSON), or semantically augmented structures (e.g., RDF and OWL). Even though the primary use of these platforms is in healthcare, they present a clear picture of how diverse the information exchange process can be. As a result, they represent challenges that are domain independent, thus becoming concrete examples of future trends and issues that require a robust approach towards security.

Host–Based Intrusion Detection Systems

In this chapter, the reader explores both the founding ideas and the state-of-the-art research on host-based intrusion detection systems. HIDSs are categorized by their intrusion detection method. Each category is thoroughly investigated, and its limitations and benefits are discussed. Seminal research findings and ideas are presented and supplied with comments. Separate sections are devoted to the protection against tampering and to the HIDS evasion techniques that are employed by attackers. Existing research trends are highlighted, and possible future directions are suggested.

Mobile IPv6

Mobile Internet Protocol (MIP) enables a mobile node to be recognized via a single IP address while the node moves between different networks. MIP attains the connectivity to nodes everywhere without user intervention. One general improvement in Mobile IPv6 (MIPv6) compared to MIPv4 is the enhanced security. However, there are areas still susceptible to various kinds of attacks. Security approaches for the MIPv6 are still in progress and there are few unsolved concerns and problems. This chapter focuses on MIPv6 security considerations, potential threats, and possible defense mechanisms. The authors discuss and analyze in detail the MIPv6 mobility management and security approaches with respect to the efficiency and complexity and bring forward some constructive recommendations.

A New Encryption Algorithm based on Chaotic Map for Wireless Sensor Network

A new and secure chaos-based block cipher for image encryption in wireless sensor networks is proposed. The security analysis and the performances of the proposed algorithm have been investigated. The statistical analysis includes the histograms and correlation coefficients of adjacent pixels. In the differential analysis, the authors use the Number of Pixels Change Rate (NPCR) and the Unified Changing Average (UACI) measures to demonstrate the security against differential attacks. Key sensitivity analysis and key space analysis show that the proposed cipher is secure and resistant to brute force attack. The authors demonstrate that the performance of the cipher exceeds the studied encryption algorithms as well as AES (Advanced Encryption Standard). An implementation on a real wireless sensor network testbed is realized, and the energy consumption is investigated.

Towards a Certified Electronic Mail System

Most of the existent certified electronic mail proposals (found in scientific papers) have been designed without considering their deployment into traditional e-mail infrastructure (e.g., Internet mail system). In fact, there is not any implementation used for commercial purposes of those proposals. On the other hand, in different countries, private companies and public administrations have developed their own applications for certified electronic mail, but these solutions are tailored to their needs and present serious drawbacks. They consider the mail providers as Trusted Third Parties (TTPs), but without being verifiable (if they cheat or fail, users cannot prove it). In most cases, users (typically recipients) cannot choose their mail provider; it is imposed, and even worse, sometimes a message is considered to have been delivered when it has been deposited in the recipient’s mailbox (and perhaps, he will not be able to access it). In this chapter, the authors give a broad picture on the current state of certified e-mail, including a brief description of the current e-mail architecture and the need of certified e-mail services, and a definition of the security requirements needed for such a service. Next, they review the scientific and existent proposals. Finally, the authors give some guidelines for developing practical solutions for certified e-mail services that meet all the security requirements.

Developing Secure, Unified, Multi-Device, and Multi-Domain Platforms

The need for integrated cross-platform systems is growing. Such systems can enrich the user experience, but also lead to greater security and privacy concerns than the sum of their existing components. To provide practical insights and suggest viable solutions for the development, implementation, and deployment of complex cross-domain systems, in this chapter, the authors analyse and critically discuss the security-relevant decisions made developing the Webinos security framework. Webinos is an EU-funded FP7 project, which aims to become a universal Web application platform for enabling development and usage of cross domain applications. Presently, Webinos runs on a number of different devices (e.g. mobile, tables, PC, in-car systems, etc.) and different Operating Systems (e.g. various Linux distributions, different Windows and MacOSx versions, Android 4.x, iOS). Thus, Webinos is a representative example of cross-platform framework, and even if yet at beta level, is presently one of the most mature, as a prototype has been publicly available since February 2012. Distilling the lessons learned in the development of the Webinos public specification and prototype, the authors describe how potential threats and risks are identified and mitigated, and how techniques from user-centred design are used to inform the usability of security decisions made while developing the alpha and beta versions of the platform.

Towards Building Efficient Malware Detection Engines Using Hybrid CPU/GPU-Accelerated Approaches

This chapter presents an outline of the challenges involved in constructing efficient malware detection engines using hybrid CPU/GPU-accelerated architectures and discusses how one can overcome such challenges. Starting with a general problem description for malware detection and moving on to the algorithmic background involved for solving it, the authors present a review of the existing approaches for detecting malware and discuss how such approaches may be improved through GPU-accelerated processing. They describe and discuss several hybrid hardware architectures built for detecting malicious software and outline the particular characteristics of each, separately, followed by a debate on their performance and most suitable application in real-world environments. Finally, the authors tackle the problem of performing real-time malware detection and present the most important aspects that need to be taken into account in intrusion detection systems.

A Polling Booth-Based Electronic Voting Scheme

A Polling booth-based Electronic Voting Scheme (PEVS) is presented in this chapter. The scheme allows only eligible voters to cast their ballots inside polling booths, and the ballots cast by the eligible voters are inalterable and non-reusable. The scheme provides vote-privacy and receipt-freeness. The scheme is modeled to fend off forced-abstention attacks, simulation attacks, or randomization attacks. Thus, the scheme is coercion-resistant. The scheme also satisfies voter verifiability, universal verifiability, and eligibility verifiability requirements. The ProVerif tool is used to formally analyze soundness, vote-privacy, receipt-freeness, and coercion-resistance of the scheme. The analysis shows that PEVS satisfies these properties. PEVS is the first electronic voting scheme (polling booth-based) that satisfies all the requirements listed above.

Security and Privacy Issues in Cloud Computing

Cloud computing transforms the way Information Technology (IT) is consumed and managed, promising improved cost efficiencies, accelerated innovation, faster time-to-market, and the ability to scale applications on demand (Leighton, 2009). According to Gartner, while the hype grew exponentially during 2008 and continued since, it is clear that there is a major shift towards the cloud computing model and that the benefits may be substantial (Gartner Hype-Cycle, 2012). However, as the shape of cloud computing is emerging and developing rapidly both conceptually and in reality, the legal/contractual, economic, service quality, interoperability, security, and privacy issues still pose significant challenges. In this chapter, the authors describe various service and deployment models of cloud computing and identify major challenges. In particular, they discuss three critical challenges: regulatory, security, and privacy issues in cloud computing. Some solutions to mitigate these challenges are also proposed along with a brief presentation on the future trends in cloud computing deployment.