A Message-Level Security Model Consisting of Multiple Security-Tokens Mechanism

Current Web services architectures are confronted with a few stubborn problems, and the security problem becomes one of the bottlenecks that restrict the extensive application of Web service. After compared transport level with message level security, the limitation of transport level security became clearly. And then on the basis of the analysis message level security, especially WS-Security, XML security protocol was adopted to guarantee message level security. Because WS-Security is a new protocol jointly developed by Microsoft and IBM among these XML security protocols, and a security-token mechanism of WS-Security mechanism was improved, added a table with security-token types. And a new model consisting of multiple security-token is put forward to guarantee the security of message transmission.

Design and Implementation of Web Services Security Based on Message Layer

Along with the development of Internet, Web Services technology is a new branch of Web application program, and it has become a hotspot in computer science. However, it has not made great progress in research on Web Services security. Traditional security solutions cannot satisfy the Web Services security require of selective protection, end-to-end security and application layer security. Web Services technology needs a solution integrated in Web Services framework to realize end-to-end security. Based on cryptography and Web Services technology and according to W3C, XML encryption specification, XML digital Signature specification and WS-Security, which proposed by IBM and Microsoft, a new Web services security model based on message layer is put forward in this paper. The message layer is composed of message handlers. It is inserted into the message processing sequence and provides transparent security services for Web Services. To verify the model, a Web Services security system is realized on, net platform. The implementation version of the model can provide various security services, and has advantages such as security, scalability, security controllability and end-to-end security in message level. Key words Web services - Web services security - message layer CLC number TP 393.08 Biography: WANG Cui-ru (1954-), female, Professor, research direction: database and information management system.

Confidentiality-aware message scheduling for security-critical wireless networks

Without considering security, existing message scheduling mechanisms may expose critical messages to malicious threats like confidentiality attacks. Incorporating confidentiality improvement into message scheduling, this paper investigates the problem of scheduling aperiodc messages with time-critical and security-critical requirements. A risk-based security profit model is built to quantify the security quality of messages; and a dynamic programming based approximation algorithm is proposed to schedule aperiodic messages with guaranteed security performance. Experimental results illustrate the efficiency and effectiveness of the proposed algorithm.

A Lightweight ABE Security Protection Scheme in Cloud Environment Based on Attribute Weight

Attribute-based encryption(ABE)is a technique used to encrypt data,it has the flexibility of access control,high security,and resistance to collusion attacks,and especially it is used in cloud security protection.However,a large number of bilinear mappings are used in ABE,and the calculation of bilinear pairing is time-consuming.So there is the problem of low efficiency.On the other hand,the decryption key is not uniquely associated with personal identification information,if the decryption key is maliciously sold,ABE is unable to achieve accountability for the user.In practical applications,shared message requires hierarchical sharing in most cases,in this paper,we present a message security hierarchy ABE scheme for this scenario.Firstly,attributes were grouped and weighted according to the importance of attributes,and then an access structure based on a threshold tree was constructed according to attribute weight.This method saved the computing time for decryption while ensuring security and on-demand access to information for users.In addition,with the help of computing power in the cloud,two-step decryption was used to complete the access,which relieved the computing and storage burden on the client side.Finally,we simulated and tested the scheme based on CP-ABE,and selected different security levels to test its performance.The security proof and the experimental simulation result showthat the proposed scheme has high efficiency and good performance,and the solution implements hierarchical access to the shared message.

Secure Transmissions in Wireless Multiuser Networks Using Message Correlation

Due to the openness of wireless multiuser networks,the private information transmitted in uplink or downlink is vulnerable to eavesdropping.Especially,when the downlink transmissions use nonorthogonal multiple access(NOMA)techniques,the system further encounters interior eavesdropping.In order to address these security problems,we study the secret communication in multiuser networks with both uplink and downlink transmissions.Specifically,in uplink transmissions,the private messages transmitted in each slot are correlated,so any loss of the private information at the eavesdropper will prevent the eavesdropper from decoding the private information in later time slots.In downlink transmissions,the messages are correlated to the uplink information.In this way,any unexpected users who lose the expected user’s uplink information cannot decode its downlink information.The intercept probability is used to measure security performance and we analyze it in theory.Finally,simulation results are provided to corroborate our theoretical analysis.

Encoding-decoding message for secure communication based on adaptive chaos synchronization

In this paper, based on an adaptive chaos synchronization scheme, two methods of encoding-decoding message for secure communication are proposed. With the first method, message is directly added to the chaotic signal with parameter uncertainty. In the second method, multi-parameter modulation is used to simultaneously transmit more than one digital message （i.e., the multichannel digital communication） through just a single signal, which switches among various chaotic attractors that differ only subtly. In theory, such a treatment increases the difficulty for the intruder to directly intercept the information, and meanwhile the implementation cost decreases significantly. In addition, numerical results show the methods are robust against weak noise, which implies their practicability.

A Secure Short Message Communication Protocol

According to the security requirement of the short message service （SMS） industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure （WPKI）. Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module （SIM） tool kit （STK） applications based on our protocol suit well for all kinds of mobile terminals in practical application.

End-to-End Encryption in Messaging Services and National Security—Case of WhatsApp Messenger

The ubiquity of instant messaging services on mobile devices and their use of end-to-end encryption in safeguarding the privacy of their users have become a concern for some governments. WhatsApp messaging service has emerged as the most popular messaging app on mobile devices today. It uses end-to-end encryption which makes government and secret services efforts to combat organized crime, terrorists, and child pornographers technically impossible. Governments would like a “backdoor” into such apps, to use in accessing messages and have emphasized that they will only use the “backdoor” if there is a credible threat to national security. Users of WhatsApp have however, argued against a “backdoor”;they claim a “backdoor” would not only be an infringement of their privacy, but that hackers could also take advantage of it. In light of this security and privacy conflict between the end users of WhatsApp and government’s need to access messages in order to thwart potential terror attacks, this paper presents the advantages of maintaining E2EE in WhatsApp and why governments should not be allowed a “backdoor” to access users’ messages. This research presents the benefits encryption has on consumer security and privacy, and also on the challenges it poses to public safety and national security.

基于SOAP协议的Web Service安全基础规范(WS-Security)

讨论了WebService现有安全解决方案存在的问题,阐述了WS Security规范的内容和架构,以及对此的解决方法;随后给出了一个在WS Security框架内进行安全信息交换的实例;最后,介绍了WS Secu rity现有的实现以及未来的发展方向。

A Practical Approach to Attaining Chosen Ciphertext Security

Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications （e. g. key transport）, and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the （adaptively） chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.

Analysis and Application of Covert Channels of Internet Control Message Protocol

Based on the analysis of the covert channel＇s working mechanism of the internet control message protocol （ICMP） in internet protocol version 4 （IPv4） and Internet Protocol version 6 （IPv6）, the ICMP covert channd＇s algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel＇s algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.

A Hybrid IoT Security Model of MQTT and UMA

IoT applications are promising for future daily activities;therefore, the number of IoT connected devices is expected to reach billions in the coming few years. However, IoT has different application frameworks. Furthermore, IoT applications require higher security standards. In this work, an IoT application framework is presented with a security embedded structure using the integration between message queue telemetry transport (MQTT) and user-managed access (UMA). The performance analysis of the model is presented. Comparing the model with existing models and different design structures shows that the model presented in this work is promising for a functioning IoT design model with security. The security in the model is a built-in feature in its structure. The model is built on recommended frameworks;therefore, it is ready for integration with other web standards for data sharing, which will help in making IoT applications integrated from different developing parties.

Secure Messaging Implementation in OpenSC

Smartcards are used for a rapidly increasing number of applications including electronic identity, driving licenses, physical access, health care, digital signature, and electronic payments. The use of a specific smartcard in a 'closed' environment generally provides a high level of security. In a closed environment no other smartcards are employed and the card use is restricted to the smartcard's own firmware, approved software applications, and approved card reader. However, the same level of security cannot be claimed for open environments where smartcards from different manufacturers might interact with various smartcard applications. The reason is that despite a number of existing standards and certification protocols like Common Criteria and CWA 14169, secure and convenient smartcard interoperability has remained a challenge. Ideally, just one middleware would handle the interactions between various software applications and different smartcards securely and seamlessly. In our ongoing research we investigate the underlying interoperability and security problems specifically for digital signature processes. An important part of such a middleware is a set of utilities and libraries that support cryptographic applications including authentication and digital signatures for a significant number of smartcards. The open-source project OpenSC provides such utilities and libraries. Here we identify some security lacks of OpenSC used as such a middleware. By implementing a secure messaging function in OpenSC 0.12.0 that protects the PIN and data exchange between the SC and the middleware, we address one important security weakness. This enables the integration of digital signature functionality into the OpenSC environment.

Design and Development of a House-Mobile Security System

The objective of this work is to design, develop and implement an alarm system that triggers the alarm and alerts the owner via a mobile text message if the house has been opened or an attempt has been made to open it illegally. The system will also feature two different forms of activation/deactivation and will automatically open or close the door for the user. The advantages of this house-mobile security system (HMSS) are its high security level, robustness, low cost and ease of use (uncomplicated) and that there is no distance limitation for contact. The system integrates different sensors via a microcontroller, which is the brain of the system, in order to avoid the problem of false alarms sent by other alarm monitoring systems to ‘Alarm Receiving Centers’ or Police departments. The HMSS is useful in homes, small businesses, offices, warehouses, etc.

C3SM: Information Assurance Based on Cryptographic Checksum with Clustering Security Management Protocol

Wireless Sensor Networks (WSNs) are resource-constrained networks in which sensor nodes operate in an aggressive and uncontrolled environment and interact with sensitive data. Traffic aggregated by sensor nodes is susceptible to attacks and, due to the nature of WSNs, security mechanisms used in wired networks and other types of wireless networks are not suitable for WSNs. In this paper, we propose a mechanism to assure information security against security attacks and particularly node capturing attacks. We propose a cluster security management protocol, called Cryptographic Checksum Clustering Security Management (C3SM), to provide an efficient decentralized security management for hierarchal networks. In C3SM, every cluster selects dynamically and alternately a node as a cluster security manager (CSM) which distributes a periodic shared secrete key for all nodes in the cluster. The cluster head, then, authenticates identity of the nodes and derive a unique pairwise key for each node in the cluster. C3SM provides sufficient security regardless how many nodes are compromised, and achieves high connectivity with low memory cost and low energy consumption. Compared to existing protocols, our protocol provides stronger resilience against node capture with lower key storage overhead.

Design and Implementation of End to End Encrypted Short Message Service (SMS) Using Hybrid Cipher Algorithm

The study on design and implementation of end to end encrypted Short Message Service (SMS) using hybrid cipher algorithm is motivated by high rate of insecurity of data observed during Short Message Service (SMS) on Mobile devices. SMS messages are one of the popular ways of communication. The aim therefore is to design a software for end to end encryption short message service (SMS) that can conceal message while on transit to another mobile device using Hybrid Cipher Algorithm on Android Operating System and implement it for security of mobile SMS. Hybrid encryption incorporates a combination of asymmetric and symmetric encryption to benefit from the strengths of each form of encryption. Various encryption algorithms have been discussed. Secondary sources were employed in gathering useful data. In this research work three methodologies are employed—Structured System Analysis Design Methodology (SSADM), Object Oriented Analysis Design Methodology (OOADM) and prototyping. With the help of the three cryptographic algorithms employed—Message digest 5 (MD5), Blowfish and Rivest-Shamir Adleman (RSA);integrity, confidentiality, authentication and security of messages were achieved. The messages encrypted by developed application are also resistant to brute force attack. The implementing programs were coded in Java.

Deployment of Hash Function to Enhance Message Integrity in Wireless Body Area Network (WBAN)

Message integrity is found to prove the transfer information of patient in health care monitoring system on the human body in order to collect and communicate the human personal data. Wireless body area network (WBAN) applications are the fast growing technology trend but security and privacy are still largely ignored, since they are hard to achieve given the limited computation and energy resources available at sensor node level. In this paper, we propose simple hash based message authentication and integrity code algorithm for wireless sensor networks. We test the proposed algorithm in MATLAB on path loss model around the human body in two scenarios and compare the result before and after enhancement and show how sensors are connected with each other to prove the message integrity in monitoring health environment.

Performance Analysis of the Hybrid MQTT/UMA and Restful IoT Security Model

Internet of Things (IoT) environments are being deployed all over the globe. They have the potential to form solutions to applications, from small scale applications to national and international ones. Therefore, scalability, performance, and security form a triangle of requirements that must be carefully set. Furthermore, IoT applications require higher security standards. A previously proposed IoT application framework with a security embedded structure using the integration between message queue telemetry transport (MQTT) and user-managed access (UMA) is analyzed in this work. The performance analysis of the model is presented. Comparing the model with existing models and different design structures shows that the model presented in this work is promising for a functioning IoT design model with security. The results and analysis showed that the built-in security model had performed better than models with other frameworks, especially with fog implementation.

EBAKE-SE: A novel ECC-based authenticated key exchange between industrial IoT devices using secure element

Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.