Spelling suggestions: "subject:"iki"" "subject:"2ki""
61 |
Services d'autorisation et Intégration au protocole d'attribution dynamique des adressesDEMERJIAN, JACQUES 09 December 2004 (has links) (PDF)
La sécurité est un enjeu majeur des technologies numériques modernes. Avec le développement de l'Internet, les besoins de sécurité sont de plus en plus importants. Le développement d'applications Internet telles que le commerce électronique, les applications médicales ou la vidéoconférence, implique de nouveaux besoins comme, l'identification des entités communicantes, l'intégrité des messages échangés, la confidentialité de la transaction, l'authentification des entités, l'anonymat du propriétaire du certificat, l'habilitation des droits, la procuration, etc..<br /><br />Qu'il s'agisse de données médicales, fiscales ou bancaires, le besoin en sécurité est essentiel afin de crédibiliser le système, tout en respectant à la fois les besoins des utilisateurs et des applications. Cette sécurité a néanmoins un prix : celui de l'établissement de la confiance entre les partenaires en communication. La confiance des utilisateurs passe par la sécurisation des transactions, par exemple au moyen d'une procédure de certification, et la reconnaissance des signatures électroniques.<br /><br />Malgré la diversité des certificats numériques existants (certificat d'identité X.509, SPKI, certificat d'attributs, etc.), ils sont encore limités, génériques et répondent ainsi insuffisamment aux besoins spécifiques des applications électroniques et des utilisateurs. D'où la nécessité de spécifier une nouvelle approche pour la génération de certificats numériques répondant à ces exigences, légers, simplifiés et plus ouverts que ceux existants.<br /><br />Les travaux de recherche présentés dans cette thèse consistent à proposer une nouvelle approche pour la génération de certificats numériques pour contribuer aux services d'autorisation, puis à intégrer cette contribution au protocole d'attribution dynamique des adresses DHCP (Dynamic Host Configuration Protocol)afin de le renforcer.<br /><br />Cette thèse est constituée de deux parties.<br /><br />Dans la première partie, nous traitons les différents types de certificats existants ainsi que leurs limites. Nous proposons et spécifions une approche qui permet de garantir à l'application et à l'utilisateur la bonne mise en forme des informations dans le certificat et l'adéquation du contenu de leur certificat vis-à-vis de leurs besoins.<br />Ces certificats sont des certificats d'attributs spécifiés en XML, flexibles et respectant les besoins de l'application et la personnalisation de l'utilisateur durant la génération du certificat.<br />Pour chaque application, nous avons défini une grammaire DTD (Document Type Definition) pour préciser tous les champs dont l'application a besoin. L'idée principale est de stocker, sur le serveur, des DTDs c'est-à-dire, des fichiers contenant un certain nombre de paramètres correspondant aux données qui seront insérées dans le certificat d'attributs final. La génération de ces certificats d'attributs respecte la grammaire associée à<br />l'application. En effet, c'est grâce à celles-ci que l'administrateur personnalisera les certificats d'attributs que<br />l'utilisateur pourra demander. Ainsi, si le besoin d'un nouveau type de certificat d'attributs émane, il suffit de créer la DTD correspondant à la nouvelle application ajoutée.<br /><br />Pour satisfaire les besoins de l'utilisateur, l'E-IGP (Extension de l'Infrastructure de Gestion des Privilèges)permet à ce dernier de personnaliser sa demande de certificats d'attributs. C'est l'utilisateur qui précise les valeurs des paramètres de l'application, la date de validité de son certificat d'attributs, les rôles qu'il souhaite avoir ou les délégations qu'il souhaite fournir à quelqu'un suivant ces besoins. La mise en oeuvre de l'E-IGP a nécessité l'existence d'une Infrastructure de Gestion des Clefs, à laquelle l'E-IGP est rattaché.<br /><br />Pour prouver la faisabilité et l'efficacité de l'approche proposée, nous l'intégrons dans le fonctionnement du protocole DHCP. Destiné à faciliter le travail des administrateurs systèmes en automatisant l'attribution des adresses IP et les paramètres de configurations aux clients du réseau, le protocole DHCP souffre de nombreux problèmes de sécurité. Il ne supporte pas le mécanisme avec lequel les clients et les serveurs DHCP<br />s'authentifient. De plus, le protocole DHCP n'assure pas l'intégrité des données échangées, ni leur confidentialité et il ne possède aucun mécanisme de contrôle d'accès.<br /><br />La deuxième contribution majeure de cette thèse est la spécification et l'implémentation d'une extension du protocole DHCP, appelée E-DHCP (Extended Dynamic Host Configuration Protocol). E-DHCP présente une méthode d'authentification d'entités (client et serveur) DHCP et des contenus des messages DHCP. E-DHCP propose une nouvelle option DHCP. La technique utilisée par cette option est basée sur l'utilisation<br />d'algorithmes de clefs de chiffrement asymétrique, de certificats d'identité X.509 et de certificats d'attributs simplifiés spécifiés en XML, proposés dans la première contribution de cette thèse. L'idée principale de E-DHCP est d'adosser au serveur DHCP un serveur AA (Attribute Authority) d'un E-IGP pour former un nouveau serveur appelé serveur E-DHCP. Ce nouveau serveur crée un certificat d'attributs pour le client contenant l'adresse Internet attribuée dynamiquement. L'utilisation du certificat d'attributs confirme la possession du client de son adresse IP.
|
62 |
Refined Access Control in a Distributed Environment / Finkornig åtkomstkontroll i en distribuerad miljöBoström, Erik January 2002 (has links)
<p>In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing. </p><p>This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions. </p><p>In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.</p>
|
63 |
Rekommendationer för införande av public key infrastructure / Recommendations for implementing Public Key InfrastructureAndersson, Johan January 2002 (has links)
<p>The use of insecure networks -such as the Internet- to send and receive information has made the need for preventing unauthorised people reading it yet more important. One of the easiest way to do this is through public key cryptography. However, the problem with this solution is how to tie a specific public key to a certain subject. This is solved by letting a trusted third party issue a certificate that holds, as a minimum, the name of the subject and the subject's public key along with the issuer's digital signature on the information. The rules we make for issuing, revoking and verifying of certificates and the entities that are being used to do so are called PKI - Public Key Infrastructure. In this thesis we shall se what PKI really is in a more detailed way and which entities it constitutes of. We will also investigate some of the areas in which we could make use of it, for instance secure e-mail and virtual private networks. Next, we will look into some of the drawbacks with PKI and what you should think of in order to aviod these. Finally, we'll give recommendations for the implementation itself. As for the theory of cryptography, the basics is presented to the interested reader in a separate appendix.</p>
|
64 |
Use Of Pki For Process AuthorizationTaskazan, Feyza 01 January 2004 (has links) (PDF)
Enterprises require an information security solution that provides privacy, integrity, authentication and access controls for processes. License management systems are developed to be a solution for process authorization in different platforms. However, security threats on processes cannot be controlled with existing license management mechanisms. The need is a complete system that is independent from implementation, platform, and application. In this thesis, we design a complete system for process authorization based on Public Key Infrastructure (PKI) technology.
|
65 |
Rekommendationer för införande av public key infrastructure / Recommendations for implementing Public Key InfrastructureAndersson, Johan January 2002 (has links)
The use of insecure networks -such as the Internet- to send and receive information has made the need for preventing unauthorised people reading it yet more important. One of the easiest way to do this is through public key cryptography. However, the problem with this solution is how to tie a specific public key to a certain subject. This is solved by letting a trusted third party issue a certificate that holds, as a minimum, the name of the subject and the subject's public key along with the issuer's digital signature on the information. The rules we make for issuing, revoking and verifying of certificates and the entities that are being used to do so are called PKI - Public Key Infrastructure. In this thesis we shall se what PKI really is in a more detailed way and which entities it constitutes of. We will also investigate some of the areas in which we could make use of it, for instance secure e-mail and virtual private networks. Next, we will look into some of the drawbacks with PKI and what you should think of in order to aviod these. Finally, we'll give recommendations for the implementation itself. As for the theory of cryptography, the basics is presented to the interested reader in a separate appendix.
|
66 |
Analysis of Methods for Chained Connections with Mutual Authentication Using TLS / Analys av metoder för kedjade anslutningar med ömsesidig autentisering användandes TLSPetersson, Jakob January 2015 (has links)
TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS.
|
67 |
Realizace certifikační autority a digitálního podpisu / Implementation of certification authority and digital signatureTroják, Martin January 2008 (has links)
This master´s thesis deals with problems of certification authorities and digital signature. There are analyzed principles of digital certificates and certification authorities. It describes the the most widely used cryptosystems and hash functions, which are used in communications with certificates and digital signature. Analysis is focused on Public key infrastructure standard, which describes rules of creating of certification authority and digital signature. There is also described detailed principle of digital signature. Next chapters deals with studying of protocol SSL, principles of functions and usage of SSL. Practical part of this thesis realizes certification authority and information system. There is shown used software and configuration of it. Last part describes procedures during using aplication and her realization.
|
68 |
Secure Vehicular Communication Systems: Design and Implementation of a Vehicular PKI (VPKI)Khodaei, Mohammad January 2012 (has links)
The idea of vehicular communication systems could bring more safety, immunity and assurance in driving while it poses a variety of applications in traffic efficiency, driver assistance, environmental hazards, road conditions and infotainment. The aim is to make driving safer and to facilitate driving to the full extent, even on dangerous roads. However, having effective and robust operations within the VC system needs an infrastructure to handle threats, faults, illegitimate activities and unexpected incidents. Message authentication, integrity, non-repudiation and privacy within such a system are considered as the most controversial issues from security perspective. The idea is to protect privacy not only from legal point of view, but also from technical perspective in terms of using privacy enhancing technologies. To provide security within such a system, the idea of Public Key Infrastructure is considered as a promising solution. Using long-term certificates does reveal the real identity of the owner. Since users’ privacy is considered as the main security requirement in the VC system, standard certificates (X.509) and normal PKI cannot be used within a VC network. There are some functionalities and features for vehicular communication systems that do not exist in standard PKI. As a result, using pseudonym certificates to perform transactions within the VC system is a solution. In this report, a vehicular public key infrastructure, called VPKI, is proposed. OpenCA is used as the PKI, equipped with Pseudonym Certificate Authority (PCA), Long-Term Certificate Authority (LTCA) and Pseudonym Resolution Authority (PRA). These authorities are certified by the RCA and they have privileges to perform their tasks. LTCA is responsible for issuing long-term certificates while PCA is responsible for issuing pseudonym certificates. PRA is the authority to perform pseudonym resolution to identify the real identity of a pseudonym certificate. When it comes to CRL, PCA is the responsible authority to determine revoked pseudonym certificates in order to keep the system secure. Three protocols are then proposed to obtain pseudonym certificates, latest version of pseudonym CRL as well as performing pseudonym resolution. Obtaining pseudonym certificates is done in two phases. Firstly, each vehicle sends a request to LTCA to get a valid token. In the second step, the token is used by PCA to issue pseudonym certificates.
|
69 |
Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management InfrastructureKhodaei, Mohammad January 2016 (has links)
Vehicular Communication (VC) systems can greatly enhance road safety and transportation efficiency. Vehicles are equipped with sensors to sense their surroundings and the internal Controller Area Network (CAN) bus. Hence, vehicles are becoming part of a large-scale network, the so-called Internet of Vehicles (IoV). Deploying such a large-scale VC system cannot materialize unless the VC systems are secure and do not expose their users’ privacy. Vehicles could be compromised or their sensors become faulty, thus disseminating erroneous information across the network. Therefore, participating vehicles should be accountable for their actions. Moreover, user privacy is at stake: vehicles should disseminate spatio-temporal information frequently. Due to openness of the wireless communication, an observer can eavesdrop the communication to infer users’ sensitive information, thus profiling users. The objective is to secure the communication, i.e., prevent malicious or compromised entities from affecting the system operation, and ensure user privacy, i.e., keep users anonymous to any external observer but also for security infrastructure entities and service providers.In this thesis, we focus on the identity and credential management infrastructure for VC systems, taking security, privacy, and efficiency into account. We begin with a detailed investigation and critical survey of the standardization and harmonization efforts. We point out the remaining challenges to be addressed in order to build a Vehicular Public-Key Infrastructure (VPKI). We provide a VPKI design that improves upon existing proposals in terms of security and privacy protection and efficiency. More precisely, our scheme facilitates multi-domain operations in VC systems and enhances user privacy, notably preventing linking of pseudonyms based on timing information and offering increased protection in the presence of honest-but-curious VPKI entities. We further extensively evaluate the performance of the full-blown implementation of our VPKI for a large-scale VC deployment. Our results confirm the efficiency, scalability and robustness of our VPKI. / <p>QC 20160927</p>
|
70 |
Framework to Secure Cloud-based Medical Image Storage and Management System CommunicationsRostrom, Timothy James 12 December 2011 (has links) (PDF)
Picture Archiving and Communication Systems (PACS) have been traditionally constrained to the premises of the healthcare provider. This has limited the availability of these systems in many parts of the world and mandated major costs in infrastructure for those who employ them. Public cloud services could be a solution that eases the cost of ownership and provides greater flexibility for PACS implementations. This could make it possible to bring medical imaging services to places where it was previously unavailable and reduce the costs associated with these services for those who utilize them. Moving these systems to public cloud infrastructure requires that an authentication and encryption policy for communications is established within the PACS environment to mitigate the risks incurred by using the Internet for the communication of medical data. This thesis proposes a framework which can be used to create an authenticated and encrypted channel to secure the communications with a cloud-based PACS. This framework uses the Transport Layer Security (TLS) protocol and X.509 certificates to create a secured channel. An enterprise style PKI is used to provide a trust model to authorize endpoints to access the system. The validity of this framework was tested by creating a prototype cloud-based PACS with secured communications. Using this framework will provide a system based on trusted industry standards which will protect the confidentiality and integrity of medical data in transit when using a cloud-based PACS service.
|
Page generated in 0.0491 seconds