A structured approach to electronic authentication assurance level derivation

Yao, Li

January 2010

We envisage a fine-grained access control solution that allows a user's access privilege to be linked to the confidence level (hereafter referred to as the assurance level) in identifying the user. Such a solution would be particularly attractive to a large-scale distributed resource sharing environment, where resources are likely to be more diversified and may have varying levels of sensitivity and resource providers may wish to adjust security protection levels to adapt to resource sensitivity levels or risk levels in the underlying environment. However, existing electronic authentication systems largely identify users through the verification of their electronic identity (ID) credentials. They take into account neither assurance levels of the credentials, nor any other factors that may affect the assurance level of an authentication process, and this binary approach to access control may not provide cost-effective protection to resources with varying sensitivity levels. To realise the vision of assurance level linked access control, there is a need for an authentication framework that is able to capture the confidence level in identifying a user, expressed as an authentication Level of Assurance (LoA), and link this LoA value to authorisation decision-making. This research investigates the feasibility of estimating a user's LoA at run-time by designing, prototyping and evaluating an authentication model that derives an LoA value based upon not only users' ID credentials, but also other factors such as access location, system environment and authentication protocol used. To this aim, the thesis has identified and analysed authentication attributes, processes and procedures that may influence the assurance level of an authentication environment. It has examined various use-case scenarios of authentication in Grid environments (a well-known distributed system) and investigated the relationships among the attributes in these scenarios. It has then proposed an authentication model, namely a generic e-authentication LoA derivation model (GEA-LoADM). The GEA-LoADM takes into account multiple authentication attributes along with their relationships, abstracts the composite effect by the multiple attributes into a generic value called the authentication LoA, and provides algorithms for the run-time derivation of LoA values. The algorithms are tailored to reflect the relationships among the attributes involved in an authentication instance. The model has a number of valuable properties, including flexibility and extensibility; it can be applied to different application contexts and supports easy addition of new attributes and removal of obsolete ones. The prototypes of the algorithms and the model have been developed. The performance and security properties of the LoA derivation algorithms and the model are analysed here and evaluated based on the prototypes. The performance costs of the GEA-LoADM are also investigated and compared against conventional authentication mechanisms, and the security of the model is tested against various attack scenarios. A case study has also been conducted using a live system, the Multi-Agency Information Sharing (MAIS) system.

621.382

A prototype design for RBAC in a workflow environment

Cholewka, Damian Grzegorz

13 February 2012

M.Sc. / Role-based access control (RBAC) associates roles with privileges and users with roles. These associations are, however, static in that changes are infrequent and explicit. In certain instances this does not reflect business requirements. Access to an object should be based not only on the identity of the object and the user, but also on the actual task that must be performed. Context-sensitive access control meets the requirements in that it also considers the actual task, i.e. the context of the work to be done, when deciding whether an access should be granted or not. Workflow technology provides an appropriate environment for establishing the context of work. This dissertation discusses the implementation of a context-sensitive access control mechanism within a workflow environment. Although the prototype represents scaled-down workflow functionality, it illustrates the concept of context-sensitive access control. Access control was traditionally aimed at physically controlling access to a computer terminal. Large doors were put in place and time was divided between users who needed to work on a terminal. Today, however, physical means of restraining access have to a large extent given way to logical controls. Current access control mechanisms frequently burden the end-users with unnecessary security-related tasks. A user may, for example, be expected to assume a specific role at the beginning of a session, resulting in unnecessary multi-logons. Alternatively, users can automatically play the most senior role that they can hold and consequently receive the permissions associated with that role. The user is therefore trusted to implement the security policy and not misuse granted privileges. It is also possible for an end-user to bypass security functionality inadvertently- end-users do not always remember to do the correct thing. End-users are furthermore not necessarily adequately educated in security principles and may thus regard security-related tasks as hampering the tasks that they regard as being more important.

Data protection

Workflow

Computer security

Computer access control

CoSAWoE - a model for context-sensitive access control in workflow environments.

Botha, Reinhardt A

29 May 2008

Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a “typed” role hierarchy. In a “typed” role hierarchy a role is of a speci fic type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a “typed” role hierarchy. Since the “typed” nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies. / Eloff, J.H.P., Prof.

workflow

data protection

computer security

computers access control

Secure multimedia databases.

Pedroncelli, Antony

02 June 2008

A message can be communicated to other people using a combination of pictures, sounds, and actions. Ensuring that the message is understood as intended often depends on the presentation of these forms of multimedia. In today’s digital world, traditional multimedia artefacts such as paintings, photographs, audiotapes and videocassettes, although still used, are gradually being replaced with a digital equivalent. It is normally easy to duplicate these digital multimedia files, and they are often available within public repositories. Although this has its advantages, security may be a concern, especially for sensitive multimedia data. Information security services such as identification and authentication, authorisation, and confidentiality can be implemented to secure the data at the file level, ensuring that only authorised entities gain access to the entire multimedia file. It may not always be the case however that a message must be conveyed in the same way for every entity (user or program) that makes a request for the multimedia data. Although access control measures can be ensured for the multimedia at the file level, very little work has been done to ensure access control for multimedia at the content level. A number of models will be presented in this dissertation that should ensure logical access control at the content level for the three main types of multimedia, namely images, audio, and video. In all of these models, the multimedia data is securely stored in a repository, while the associated security information is stored in a database. The objects that contain the authorisation information are created through an interface that securely communicates with the database. Requests are made through another secure interface, where only the authorised multimedia data will be assembled according to the requesting entity’s security classification. Certain important side issues concerning the secure multimedia models will also be discussed. This includes security issues surrounding the model components and suspicion i.e. reducing the probability that a requesting entity would come to the conclusion that changes were made to the original multimedia data. / Prof. M.S. Olivier

Multimedia systems

access control

computer security

data protection

databases

TEpla: A Certified Type Enforcement Access-Control Policy Language

Eaman, Amir

25 November 2019

In today's information era, the security of computer systems as resources of invaluable information is of crucial importance not just to security administrators but also to users of these systems. Access control is an information security process which guards protected resources against unauthorized access as specified by restrictions in security policies. One significant obstacle to regulate access in secure systems is the lack of formal semantics and specifications for the policy languages which are used in writing security policies. Expressing security policies that are implemented pursuant to required security goals and that accommodate security policy rules correctly is of high importance to the system's integrity, confidentiality, and availability. The semantics of the most widely used policy languages such as SELinux is expressed in a declarative manner using a colloquial natural language (e.g., English), which leads to ambiguity in the interpretation of the policy statements. For this reason, both the development and the analysis of security policies are generally imprecise and based on cognitive concepts; that is to say, they are not conducted in a mathematically-precise and verifiable way. Type Enforcement (TE) is a MAC (Mandatory Access Control) access control mechanism that is used in the SELinux security module. Type Enforcement (TE) is implemented based on the type/domain field of security contexts. TE allows the creation of different domains in the system by assigning subjects to domains and subsequently associating them with objects. TE mandates a central policy-driven approach to access control. We propose a small and certifiably correct TE policy language, TEpla, as an appropriate candidate for the primary access control feature of SELinux, Type Enforcement. TEpla can provide ease of use, analysis, and verification of its properties. TEpla is a certified policy language with formal semantics, exposing ease of reasoning and allowing verification. We use the Coq proof assistant to mechanize semantics and to machine-check the proofs of TEpla, ensuring correctness guarantees are provided. Having a certified semantics simplifies and fosters the development of certified tools for policy-related tasks such as automating various kind of policy analyses.

Formal Methods

Access Control

Policy Language

Type Enforcement

Testovací implementace protokolu ACP / Test implementation of the ACP protocol

Ležák, Petr

January 2012

In general this master’s thesis deals with access control methods and their individual modules and in particular with authentication of supplicants. There are listed authentication methods useful in the implementation of the ACP protocol. ACP protocol is also discussed including possibilities and uses. ACP message format is described in detail with AVP format and types. The transaction mechanism is also mentioned here. The main part of the thesis is focused on software design for protocol testing. Possibilities of the testing are discussed and test scenarios are suggested. Consequently, requirements for test software are listed and its implementation is designed. Furthermore, there is technical documentation of the program. The main ideas used in the program are explained in it. The purpose of each part of the program is written including links between them. Finally, there is a manual for the program. It also contains an illustrative example describing how to make and test a simple scenario of the authentication.

RFID přístupový systém v místnosti / RFID based access system in rooms

Mego, Roman

January 2012

The master’s thesis aims to design an access control system using the RFID technology. The system should reduce security risks associated with its use. While working on project two devices were created. First is the access terminal operating on frequency of 13.56 MHz and second is the RFID reader for PC operating at frequency 125 kHz. Software for devices was created as well as system control application for PC. The document contains an overview of the RFID principles and possibility of implementation access control system. Next part of the project describes in detail step by step the process of designing electrical circuit for system parts. Last part talks about realized software, libraries which are used and the system control application for PC.

Publish and subscribe for RDF in enterprise value networks

Frommhold, Marvin, Tramp, Sebastian, Arndt, Natanael, Petersen, Niklas

23 June 2017

Sharing information securely between business partners and managing large supply chains effciently will be a crucial competitive advantage for enterprises in the near future. In this paper, we present a concept that allows for building value networks between business partners in a distributed manner. Companies are able to publish Linked Data which participants of the network can clone and subscribe to. Subscribers get noticed as soon as new information becomes available. This provides a technical infrastructure for business communication acts such as supply chain communication or master data management. In addition to the conceptual analysis, we provide an implementation enabling companies to create such dynamic semantic value networks.

Secure and lightweight authentication schemes for Internet of Things (IoT)

Alshahrani, Mohammed M.

04 December 2019

IoT platforms face huge challenges in deploying robust authentication mechanisms due to the fact that edge devices and resource-constrained devices may not have enough compute and storage capabilities to deploy and run existing mechanisms, which involve in general complex computations. Moreover, establishing end-to-end device authentication in the Internet of Things (IoT) networks is challenging because of the heterogeneous nature of IoT devices. One of the well-known challenges confronting the IoT infrastructure is related to authentication. Many IoT devices rely on weak authentication schemes, which has led in the last few years to several successful and widely publicized hacking incidents. According to the ISO/IEC 27002 standard, authentication is the process of determining whether something is, in fact, what it is declared to be. Authentication is considered the main gate to protect IoT networks from various security threats; determining who the entity is (authentication) is of high importance to establish a secure session between IoT devices. This dissertation identifies gaps in the literature and presents new authentication schemes and security mechanisms to improve IoT security and privacy against common attacks such as replay and impersonation. This research enhances IoT security and privacy by introducing a new lightweight mutual authentication and key exchange protocol for IoT based on dynamic identity and cumulative chained-hash. Nodes can anonymously and mutually authenticate and establish a session with the controller node using dynamic identities and temporary symmetric keys in an unlinkable and untraceable manner. Moreover, the enforcement of security policies between nodes is guaranteed by setting up virtual domain segregation and restricting node capabilities of sending and receiving data to or from other nodes. The Cumulative chained-hash technique is introduced as a way to ensure the identity of the sender (through challenge-response). Additionally, we introduce a new anonymous device- to-device mutual authentication and key exchange protocol based on the ZigBee technique. The proposed protocol relies on symmetric encryption and counter and enables IoT devices to authenticate in the network and agree on a shared secret session key when communicating with each other via a trusted intermediary (home controller). To achieve forward secrecy, the session keys are changed frequently after every communication session. The proposed scheme achieves secure, anonymous authentication with the unlinkability and untraceability of IoT device transactions. The security of the protocols is evaluated and simulated using three different methods: informal analysis, formal analysis using the Burrows–Abadi–Needham logic (BAN), and model-checking using the automated validation of Internet security protocols and applica- tions (AVISPA) toolkit. The overhead and efficiency of the proposed schemes are analyzed and compared with other related schemes. The results showed that our protocols are in general more efficient. / Graduate

Internet of Things (IoT)

Smart home

Authentication

Access Control

CBAC – a model for conflict-based access control

Loock, Marianne

10 June 2013

Organisations that seek a competitive advantage cannot afford to compromise their brand reputation or expose it to disrepute. When employees leek information, it is not only the breach of confidentiality that is a problem, but it also causes a major brand reputation problem for the organisation. Any possible breach of confidentiality should be minimised by implementing adequate security within the organisation and among its employees. An important issue to address is the development of suitable access control models that are able to restrict access not only to unauthorised data sets, but also to unauthorised combinations of data sets. Within organisations such as banks, clients may exist that are in conflict with one another. This conflict results from the fact that clients are functioning in the same business domain and that their information should be shielded from one another because they are in competition for various reasons. When information on any of these conflicting clients is extracted from their data sets via a data-mining process and used to their detriment or to the benefit of the guilty party, this is considered a breach of confidentiality. In data-mining environments, access control usually strips the data of any identity so as to concentrate on tendencies and ensure that data cannot be traced back to a respondent. There is an active research field in data mining that focuses specifically on ‘preserving’ the privacy of the data during the data-mining process. However, this approach does not account for those situations when data mining needs to be performed to give answers to specific clients. In such cases, when the clients’ identity cannot be stripped, it is essential to minimise the chances of a possible breach of confidentiality. For this reason, this thesis investigated an environment where conflicting clients’ information can easily be gathered and used or sold, as to justify the inclusion of conflict management in the proposed access control model. This thesis presents the Conflict-based Access Control (CBAC) model. The model makes it possible to manage conflict on different levels of severity among the clients of an organisation – not only as specified by the clients, but also as calculated by the organisation. Both types of conflict have their own cut-off points when the conflict is considered to be of no value any longer. Finally, a proof-of-concept prototype illustrates that the incorporation of conflict management is a viable solution to the problem of access control as it minimises the chances of a breach of confidentiality / Thesis (PhD)--University of Pretoria, 2012. / Computer Science / unrestricted

Competitive advantage

Conflict-based access control

Confidentiality

UCTD