Tradeoffs in Protocol Designs for Collaborative Authentication

Venne, Jacob

24 March 2017

Authentication is a crucial tool used in access control mechanisms to verify a user’s identity. Collaborative Authentication (co-authentication) is a newly proposed authentication scheme designed to improve on traditional token authentication. Co-authentication works by using multiple user devices as tokens to collaborate in a challenge and authenticate a user request on single device. This thesis adds two contributions to the co-authentication project. First, a detailed survey of applications that are suitable for adopting co-authentication is presented. Second, an analysis of tradeoffs between varying protocol designs of co-authentication is performed to determine whether, and how, any designs are superior to other designs.

access control

co-authentication

collaborative authentication

computer security

token authentication

Computer Sciences

Modélisation de politiques de sécurité à l'aide de méthode de spécifications formelles / Security policies modeling by using formal methods

Konopacki, Pierre

04 May 2012

Le contrôle d'accès permet de spécifier une partie de la politique de sécurité d'un SI (système d'informations). Une politique de CA (Contrôle d'accès) permet de définir qui a accès à quoi et sous quelles conditions. Les concepts fondamentaux utilisés en CA sont : les permissions, les interdictions (ou prohibitions), les obligations et la SoD (séparation des devoirs). Les permissions permettent d'autoriser une personne à accéder à des ressources. Au contraire les prohibitions interdisent à une personne d'accéder à certaines ressources. Les obligations lient plusieurs actions. Elles permettent d'exprimer le fait qu'une action doit être réalisée en réponse à une première action. La SoD permet de sécuriser une procédure en confiant la réalisation des actions composant cette procédure à des agents différents. Différentes méthodes de modélisation de politiques de contrôle d'accès existent. L'originalité de la méthode EB3Sec issue de nos travaux repose sur deux points :- permettre d'exprimer tous les types de contraintes utilisées en CA dans un même modèle,- proposer une approche de modélisation basée sur les événements. En effet, aucune des méthodes actuelles ne présente ces deux caractéristiques, au contraire de la méthode EB3Sec. Nous avons défini un ensemble de patrons, chacun des patrons correspond à un type de contraintes de CA. Un modèle réalisé à l'aide de la méthode EB3Sec peut avoir différentes utilisations :- vérification et simulation,- implémentation. La vérification consiste à s'assurer que le modèle satisfait bien certaines propriétés, dont nous avons défini différents types. Principalement, les blocages doivent être détectés. Ils correspondent à des situations où une action n'est plus exécutable ou à des situations où plus aucune action n'est exécutable. Les méthodes actuelles des techniques de preuves par vérification de modèles ne permettent pas de vérifier les règles dynamiques de CA. Elles sont alors combinées à des méthodes de simulation. Une fois qu'un modèle a été vérifié, il peut être utilisé pour implémenter un filtre ou noyau de sécurité. Deux manières différentes ont été proposées pour réaliser cette implémentation : transformer le modèle EB3Sec vers un autre langage, tel XACML, possédant une implémentation ayant déjà atteint la maturité ou réaliser un noyau de sécurité utilisant le langage EB3Sec comme langage d'entrée / Access control allows one to specify a part of the security Policy of an IS (information system). An AC (access control) policy defines which conditions must old for someone to have access to something. Main concepts used in AC are: permissions, prohibitions, obligations and SoD (separation of duty). Permissions allow someone to access to some resources. On the opposite, prohibitions forbid users to have access to some resources. Obligations link at least two actions: when a user performs an action, he must perform another one. SoD secures an action by dividing it in different tasks, and entrusting the execution of these tasks to different users. Many AC policies modelling methods already exist. The main particularities of the EB3Sec methods are:- All AC concepts can be expressed in a unique model,- This modelling method is event-based. No existing AC modelling methods presents these two characteristics. We define a set of patterns; each pattern corresponds to a specific AC constraint. An EB3Sec model can be used for different purposes:- Simulation and verification,- Implementation.Verifying a model consists in checking that the model complies with some properties that we have defined. Mainly, blocking must be detected. Blocking corresponds to a step of execution where no action can be executed or to situations where an action cannot be performed anymore. Current model checking methods cannot be used to check properties on dynamic AC constraints. Thus, model-checking techniques are combined to simulation techniques. Once a model is verified, it can be transformed in an implementation. To implement an EB3Sec model two ways can be considered: the EB3Sec model can be translated into an other language, such as XACML, which possesses a mature implementation, or a security kernel using EB3Sec as input language can be implemented

Méthodes formelles

Contrôle d\'accès

Sécurité

Formal methods

Access control

Security

Contribution à la qualité de service dans les réseaux de capteurs sans fil / Contribution to quality of service in wireless sensor networks

Souil, Marion

09 October 2013

L’apparition récente de petits capteurs peu couteux fonctionnant sur batteries, capables de traiter les données acquises et de les transmettre par ondes radio ont le potentiel de révolutionner les applications de surveillance traditionnelles. Les réseaux sans fils composés de nœuds capteurs autonomes proches de la cible à surveiller permettent des tâches de surveillance précises allant du contrôle de la température dans des bâtiments jusqu`a la détection de feux de forêt. Récemment, de nouvelles applications de réseaux de capteurs sans fil telles que des applications multimédia ou dans le domaine de la santé ont émergé. Les réseaux sous-jacents déployés pour ces applications sont souvent compos´es de nœuds hétérogènes comportant différents capteurs et doivent fournir un niveau de service conforme aux exigences des différents types de trafic en s’adaptant à la charge variable. Cependant, concevoir des protocoles efficaces adaptés à ces applications tout en s’accommodant des ressources limitées des réseaux de capteurs est une tâche difficile. Dans cette thèse, nous nous focalisons sur le support de la qualité de service au niveau de la couche MAC, car cette couche conditionne et détermine largement les performances du réseau étant donné qu’elle est responsable de l’organisation de l’accès au canal. Dans un premier temps, nous étudions les contraintes spécifiques des applications ayant des exigences fortes ainsi que des applications hétérogènes et nous examinons les travaux proposés dans la littérature. Etant donné l’inadéquation des solutions existantes en présence d’un trafic important, nous proposons AMPH, un protocole MAC adaptatif avec qualité de service pour les réseaux de capteurs sans fil hétérogènes. Notre solution consiste en une méthode d’accès au canal hybride basée sur le multiplexage temporel, dans laquelle tous les nœuds peuvent accéder au canal à chaque division de temps en utilisant un nouveau mécanisme de compétition qui favorise le trafic prioritaire. Grâce à ces techniques, AMPH utilise efficacement le canal quelque soit la charge de trafic et assure une latence faible au trafic temps réel. Nous vérifions les performances d’AMPH à l’aide de simulations et d’un modèle mathématique. / The availability of small, low-cost, battery operated devices capable of sensing, performing simple processing and transmitting data via wireless communications have the potential to revolutionize traditional monitoring applications. Wireless networks composed of autonomous sensor nodes enable ubiquitous monitoring tasks from environmental control of office buildings to the detection of forest fires. Recently, new applications for wireless sensor networks such as healthcare and multimedia applications have emerged. These applications often have heterogeneous sensing capabilities and require that the network supports different types of QoS-constrained traffic at variable rates. However, designing efficient protocols that provide an appropriate level of performance to these applications while coping with the limited resources of sensor networks is a challenging task. In this thesis, we focus on QoS provisioning at the MAC layer. Since this layer is responsible for the organization of channel access, it determines to a large extent the overall performance of the network. We start by studying the specific requirements of demanding and heterogeneous applications, then we discuss related work of the literature. Given the inadequacy of existing solutions in the presence of important traffic loads, we propose AMPH, an adaptive MAC protocol with QoS support for heterogeneous wireless sensor networks. Our solution is a hybrid channelaccess method based on time division where all nodes may contend to access the channel at each time slot using a new contention mechanism which favors high priority traffic. Through these efficient techniques, AMPH achieves high channel utilization under variable traffic loads and provides low latency to real-time traffic. We verify the efficiency of AMPH through simulation experiments and a mathematical analysis.

Réseaux de capteurs sans fils

Modélisation

Simulations

Wireless sensor networks

Quality of service

Medium access control

Design and analysis of energy-efficient media access control protocols in wireless sensor networks : design and analysis of MAC layer protocols using low duty cycle technique to improve energy efficient and enhance communication performance in wireless sensor networks

Ammar, Ibrahim Ammer Musbah

January 2014

Wireless sensor network (WSN) technology has gained significant importance due to its potential support for a wide range of applications. Most of the WSN applications consist of a large numbers of distributed nodes that work together to achieve common objects. Running a large number of nodes requires an efficient mechanism to bring them all together in order to form a multi-hop wireless network that can accomplish some specific tasks. Even with recent developments made in WSN technology, numbers of important challenges still stand as vulnerabilities for WSNs, including energy waste sources, synchronisation leaks, low network capacity and self-configuration difficulties. However, energy efficiency remains the priority challenging problem due to the scarce energy resources available in sensor nodes. These concerns are managed by medium access control (MAC) layer protocols. MAC protocols designed specifically for WSN have an additional responsibility of managing radio activity to conserve energy in addition to the traditional functions. This thesis presents advanced research work carried out in the context of saving energy whilst achieving the desired network performance. Firstly the thesis contributes by proposing Overlapped Schedules for MAC layer, in which the schedules of the neighbour clusters are overlapped by introducing a small shift time between them, aiming to compensate the synchronisation errors. Secondly, this thesis proposed a modified architecture derived from S-MAC protocol which significantly supports higher traffic levels whilst achieving better energy efficiency. This is achieved by applying a parallel transmission concept on the communicating nodes. As a result, the overall efficiency of the channel contention mechanism increases and leads to higher throughput with lower energy consumption. Finally, this thesis proposed the use of the Adaptive scheme on Border Nodes to increase the power efficiency of the system under light traffic load conditions. The scheme focuses on saving energy by forcing the network border nodes to go off when not needed. These three contributions minimise the contention window period whilst maximising the capacity of the available channel, which as a result increase network performance in terms of energy efficiency, throughput and latency. The proposed system is shown to be backwards compatible and able to satisfy both traditional and advanced applications. The new MAC protocol has been implemented and evaluated using NS-2 simulator, under different traffic loads and varying duty cycle values. Results have shown that the proposed solutions are able to significantly enhance the performance of WSNs by improving the energy efficiency, increasing the system throughput and reducing the communication delay.

621.382

A model for the evaluation of control with reference to a simple path context model in a UNIX environment

08 September 2015

M.Com. / Information and the IT systems that support it are important business assets. Their availability, integrity and confidentiality are essential to maintain an organisations competitive edge, cash flow, profitability, company image and compliance with legal requirements. Organisations world-wide are now facing increased security threats from a wide range of sources. Information systems may be the target of a range of serious threats including computer-based fraud, espionage, sabotage, vandalism and other sources of failure or disaster ...

Computer security - Evaluation

UNIX (Computer file)

Auditing - Access control

Computer networks - Security measures

Quantifying Performance Costs of Database Fine-Grained Access Control

Kumka, David Harold

01 January 2012

Fine-grained access control is a conceptual approach to addressing database security requirements. In relational database management systems, fine-grained access control refers to access restrictions enforced at the row, column, or cell level. While a number of commercial implementations of database fine-grained access control are available, there are presently no generalized approaches to implementing fine-grained access control for relational database management systems. Fine-grained access control is potentially a good solution for database professionals and system architects charged with designing database applications that implement granular security or privacy protection features. However, in the oral tradition of the database community, fine-grained access control is spoken of as imposing significant performance penalties, and is therefore best avoided. Regardless, there are current and emerging social, legal, and economic forces that mandate the need for efficient fine-grained access control in relational database management systems. In the study undertaken, the author was able to quantify the performance costs associated with four common implementations of fine-grained access control for relational database management systems. Security benchmarking was employed as the methodology to quantify performance costs. Synthetic data from the TPC-W benchmark as well as representative data from a real-world application were utilized in the benchmarking process. A simple graph-base performance model for Fine-grained Access Control Evaluation (FACE) was developed from benchmark data collected during the study. The FACE model is intended for use in predicting throughput and response times for relational database management systems that implement fine-grained access control using one of the common fine-grained access control mechanisms - authorization views, the Hippocratic Database, label-based access control, and transparent query rewrite. The author also addresses the issue of scalability for fine-grained access control mechanisms that were evaluated in the study.

Benchmarking

Fine-Grained Access Control

Information Security

Performance

Privacy Preservation

Relational Databases

Computer Sciences

A Prudent Access Control Behavioral Intention Model for the Healthcare Domain

Mussa, Constance Cecilia

01 January 2011

In recent years, many health care organizations have begun to take advantage of computerized information systems to facilitate more effective and efficient management and processing of information. However, commensurate with the vastly innovative enhancements that computer technology has contributed to traditional paper-based health care information systems, are security vulnerabilities that have potentially devastating effects on these systems. To ensure the confidentiality, integrity, and availability of information and to ensure compliance with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), health care organizations have implemented a number of security controls. Although the objectives of these controls are understood and acknowledged by users of computerized patient care information management systems, the controls are sometimes circumvented or ignored. The purpose of this study was the development of an instrument that measures key determinants of healthcare professionals' prudent access control behavior. The study examined healthcare professionals' prudent access control behavior using a model that integrates the Theory of Planned Behavior (TPB) and the Health Belief Model (HBM). Two additional variables - information security awareness and perceived information security responsibility were incorporated into the model. Rather than focusing on a single behavior or a few specific behaviors, a category of behaviors was proposed. Results of the study indicate that the HBM and TPB constructs as well as the two additional constructs included in the model are indeed key determinants of healthcare professionals' intention to engage in prudent access control behavior that mitigate security threats. Additionally, results of the study provide support for the partial mediating effects of perceived benefits and perceived responsibility for information security on attitude, information security awareness, subjective norm, perceived behavioral control, and perceived severity. The study contributes to the IS knowledge domain by providing theoretically grounded explanations for a subset of prudent information security behaviors of healthcare professionals.

access control

confidentiality

health belief model

information security

security threats

theory of planned behavior

Computer Sciences

A tree grammar-based visual password scheme

Okundaye, Benjamin

January 2016

A thesis submitted to the Faculty of Science, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Doctor of Philosophy. Johannesburg, August 31, 2015. / Visual password schemes can be considered as an alternative to alphanumeric passwords. Studies have shown that alphanumeric passwords can, amongst others, be eavesdropped, shoulder surfed, or guessed, and are susceptible to brute force automated attacks. Visual password schemes use images, in place of alphanumeric characters, for authentication. For example, users of visual password schemes either select images (Cognometric) or points on an image (Locimetric) or attempt to redraw their password image (Drawmetric), in order to gain authentication. Visual passwords are limited by the so-called password space, i.e., by the size of the alphabet from which users can draw to create a password and by susceptibility to stealing of passimages by someone looking over your shoulders, referred to as shoulder surfing in the literature. The use of automatically generated highly similar abstract images defeats shoulder surfing and means that an almost unlimited pool of images is available for use in a visual password scheme, thus also overcoming the issue of limited potential password space. This research investigated visual password schemes. In particular, this study looked at the possibility of using tree picture grammars to generate abstract graphics for use in a visual password scheme. In this work, we also took a look at how humans determine similarity of abstract computer generated images, referred to as perceptual similarity in the literature. We drew on the psychological idea of similarity and matched that as closely as possible with a mathematical measure of image similarity, using Content Based Image Retrieval (CBIR) and tree edit distance measures. To this end, an online similarity survey was conducted with respondents ordering answer images in order of similarity to question images, involving 661 respondents and 50 images. The survey images were also compared with eight, state of the art, computer based similarity measures to determine how closely they model perceptual similarity. Since all the images were generated with tree grammars, the most popular measure of tree similarity, the tree edit distance, was also used to compare the images. Eight different types of tree edit distance measures were used in order to cover the broad range of tree edit distance and tree edit distance approximation methods. All the computer based similarity methods were then correlated with the online similarity survey results, to determine which ones more closely model perceptual similarity. The results were then analysed in the light of some modern psychological theories of perceptual similarity. This work represents a novel approach to the Passfaces type of visual password schemes using dynamically generated pass-images and their highly similar distractors, instead of static pictures stored in an online database. The results of the online survey were then accurately modelled using the most suitable tree edit distance measure, in order to automate the determination of similarity of our generated distractor images. The information gathered from our various experiments was then used in the design of a prototype visual password scheme. The generated images were similar, but not identical, in order to defeat shoulder surfing. This approach overcomes the following problems with this category of visual password schemes: shoulder surfing, bias in image selection, selection of easy to guess pictures and infrastructural limitations like large picture databases, network speed and database security issues. The resulting prototype developed is highly secure, resilient to shoulder surfing and easy for humans to use, and overcomes the aforementioned limitations in this category of visual password schemes.

Content-based image retrieval.

Pattern recognition systems.

Une approche sécurisée pour la délégation dynamique de tâches dans les systèmes de gestion de Workflow / A Secure Framework for Dynamic Task Delegation in Workflow Management Systems

Gaaloul, Khaled

05 October 2010

Les systèmes de gestion de workflow font maintenant partie de l'environnement classique des grandes organisations. Ces systèmes sont cependant aujourd'hui considérés comme trop rigides et de nombreux travaux ont pour but d'introduire de la flexibilité dans la modélisation et l'exécution de leurs procédés. Dans cette problématique, la prise en compte de la flexibilité organisationnelle est une étape importante. C'est à cette dernière que nous allons nous intéresser à travers un mécanisme particulier : la délégation de tâches. En effet, la délégation est un mécanisme qui permet d'obtenir une certaine flexibilité organisationnelle dans un système de gestion de workflow. Elle permet également d'assurer une forme de délégation des autorisations dans un système de contrôle d'accès. Dans ce contexte, une délégation sécurisée de tâches implique la présence d'un ensemble d'évènements de délégation et de règles définissant les possibles délégations d'autorisation ainsi que les moyens de contrôler les politiques associées.Dans ce mémoire, nous définissons une approche sécurisée pour la délégation dynamique de tâches dans les systèmes de gestion de workflow. Pour ce faire, nous identifions les évènements spécifiques du modèle de tâches correspondant à la délégation qui entrainent des changements dynamiques de la politique d'autorisation. Puis, nous montrons comment notre approche permet de contrôler dynamiquement les autorisations liées à la délégation et comment elle peut être intégrée dans les systèmes de contrôle d'accès existants. Afin de contrôler le comportement de délégation et de spécifier ses politiques d'autorisation, nous recueillons les événements pertinents qui définissent le chemin d'exécution des tâches ainsi que les politiques générées pour la délégation. Finalement, nous proposons une technique qui automatise les politiques de délégation et qui permet d'accroître la conformité des changements dus à la délégation dans la politique d'autorisation existante / Task delegation presents one of the business process security leitmotifs. We currently observe a move away from predefined strict workflow modelling towards dynamic approaches supporting flexibility on the organisational level and dynamic authorisation on the security level. One specific approach is that of task delegation. Delegation defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task delegation to complete, and having a secure delegation within a workflow. Delegation completion and authorisation enforcement are specified under specific constraints. Constraints are defined from the delegation context implying the presence of a fixed set of delegation events to control the delegation execution. In this dissertation, we aim to reason about delegation events to model task delegation and to specify delegation policies dynamically. To that end, we present an event-based task delegation model to monitor the delegation process. We then identify relevant events for authorisation enforcement to specify delegation policies. Subsequently, we propose a task-oriented access control model to address these requirements. Using our access control model, we analyse and specify delegation constraints into authorisation policies. Moreover, we propose a technique that automates delegation policies using event calculus to control the delegation execution and to increase the compliance of all delegation changes in the existing policy of the workflow

Workflow

Tâche

Délégation

Contrôle d'accès

Politique d'autorisation

Workflow

Access control

Task

Delegation

Authorisation policy

Password-authenticated two-party key exchange with long-term security

Unknown Date

In the design of two-party key exchange it is common to rely on a Die-Hellman type hardness assumption in connection with elliptic curves. Unlike the case of nite elds, breaking multiple instances of the underlying hardness assumption is here considered substantially more expensive than breaking a single instance. Prominent protocols such as SPEKE [12] or J-PAKE [8, 9, 10] do not exploit this, and here we propose a password-authenticated key establishment where the security builds on the intractability of solving a specied number of instances v of the underlying computational problem. Such a design strategy seems particularly interesting when aiming at long-term security guarantees for a protocol, where expensive special purpose equipment might become available to an adversary. In this thesis, we give one protocol for the special case when v = 1 in the random oracle model, then we provide the generalized protocol in the random oracle model and a variant of the generalized protocol in the standard model for v being a polynomial of the security parameter `. / by WeiZheng Gao. / Thesis (Ph.D.)--Florida Atlantic University, 2012. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2012. Mode of access: World Wide Web.

Data encryption (Computer science)

Computer networks (Security measures)

Software protection

Computers--Access control--Passwords