Heterogeneous Networks: from integration to mobility

Qachri, Naïm

16 September 2015

Français:La notion de réseaux hétérogènes correspond à l’intégration de plusieurs technologies de transmission de données sans-fil dans le but d’accroitre la qualité de service des communications dans les réseaux mobiles.Historiquement, les mécanismes de sécurité des réseaux mobiles et sans-fil ont été largement focalisés sur la protection d’équipement utilisateur au niveau du dernier saut de communication et sur base d’une connectivité simple et unique. Cette connectivité, réduite à sa plus simple expression, a restraint le développement des protocoles de sécurité à des protocoles bi-parties, qui couvrent l’authentification des équipements utilisateurs et le chiffrement sur des communicationsLes mécanismes de sécurité et de cryptographie ne sont donc pas suffisants pour protéger correctement et efficacement des connections parallèles ou leur mobilité au sein de réseaux hétérogènes. Le but de cette thèse de doctorat, à travers quatre contributions personnelles, est d’apporter de nouveaux mécanismes et protocoles de sécurité afin de protéger au mieux les réseaux hétérogènes:• La première contribution se focalise sur le développement d’une nouvelle primitive cryptographique pour la protection des transmissions sans-fil. La propriété principale de celle-ci est de protéger les trames en cas de capture. Cette primitive introduit, notamment, la notion de force brute probabiliste (ce qui veut dire qu’un attaquant ne peut pas choisir parmi différentes clés équiprobables laquelle est effectivement utilisée).• La seconde contribution propose un nouveau protocole pour gérer d’une manière sure et efficace la mobilité des équipements utilisateurs entre différentes technologies au sein de réseaux hétérogènes.• La troisième contribution couvre la gestion des clés maîtres des utilisateurs, embarqués au sein des cartes SIM, utilisées au sein des réseaux d’opérateurs mobiles. Nos protocoles et mécanismes automa- tisent des changements réguliers et sûrs de la clé maître, et ajoutent de la diversité dans la gestion des clés de sessions pour minimiser l’impact en cas de révélation de ces dernières (par le biais d’un vol de base de donnée, par exemple)• La quatrième contribution introduit un nouveau paradigme de connectivité pour les réseaux mo- biles basé sur des communications 1−à−n. Le paradigme redéfinit les frontières de sécurité et place l’équipement utilisateur au centre d’un groupe authentifié mobile. Par conséquent, le changement de paradigme mène à la création de nouveaux protocoles pour l’authentification, la gestion de la mo- bilité et la négociation protégées de clés afin de fournir une protection de bout en bout entre deux équipements utilisateurs ou plus. / English:Heterogeneous Networks (HetNets) is the integration of multiple wireless technologies to increase the quality of service of the communications in mobile networks. This evolution is the next generation of Public Land Mobile Networks (PLMNs).Mobile and wireless network security mechanisms have largely focused on the protection of the User Equipment (UE) within the last mile (the last hop of the communication in the chain of connected devices) and on single connections. The single connectivity has reduced the development of the security to two party protocols, and they cover the authentication of the UE to the mobile network and the encryption on a single channel based on homogeneous communications through a unique technology.The current security and cryptographic mechanisms are not sufficient to protect correctly, and efficiently, parallel connections or their mobility in HetNets. The purpose of the PhD Thesis is to bring new security protocols and mechanisms to protect HetNets.The contributions, that are brought by the thesis, follow the evolution of HetNets through 4 contributions by starting from the wireless transmissions to the largest frame of HetNets architecture:• The first contribution focuses on the development of an new cryptographic primitives for wireless transmissions. The main property is to protect the frame from eavesdropping. The primitive introduces the notion of probabilistic brute force (meaning that an attacker cannot decide among different keys which the used one).• The second contribution proposes a new protocol to manage efficiently and securely the mobility of the UEs between different technologies inside HetNets.• The third contribution covers the management of the master secrets, embedded within the Universal Subscriber Identity Module (USIM), in large PLMNs. Our mechanisms and protocols automate regular and secure changes of the master secret, and they add diversity in the management of session keys to minimize the impact of key leakages (in case of credential database theft, for instance).• The fourth contribution introduces a new connectivity paradigm for mobile networks based on one-to- many communications. The paradigm redesigns the security borders and puts the UE in the center of a mobile authenticated group. Therefore, the paradigm shift leads to new security protocols for authentication, mobility management, and secure negotiation to provide end-to-end encryption between two or more UEs. / Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Sciences exactes et naturelles

Technologie de la sécurité

Informatique générale

sécurité informatique

réseaux hétérogénes

sécurité

mobile network security

wireless network security

computer security

security architecture

protocols

cryptography

protocoles

cryptographie

heterogeneous networks

HetNets

Secure Bitcoin Wallet

Guler, Sevil

January 2015

Virtual currencies and mobile banking are technology advancements that are receiving increased attention in the global community because of their accessibility, convenience and speed. However, this popularity comes with growing security concerns, like increasing frequency of identity theft, leading to bigger problems which put user anonymity at risk. One possible solution for these problems is using cryptography to enhance security of Bitcoin or other decentralised digital currency systems and to decrease frequency of attacks on either communication channels or system storage. This report outlines various methods and solutions targeting these issues and aims to understand their effectiveness. It also describes Secure Bitcoin Wallet, standard Bitcoin transactions client, enhanced with various security features and services.

Android

Security

Bitcoin

Mobile Payment

Java

Instant Messaging

Wallet

BTC

Virtual Currency

Cryptography

Push Notification

PKI

Shared Preference

SQLite

Security Architecture

Software Development

Mobile Development

Public Ledger

Miner

Computer and Information Sciences

Data- och informationsvetenskap

Agent-based one-shot authorisation scheme in a commercial extranet environment

Au, Wai Ki Richard

January 2005

The enormous growth of the Internet and the World Wide Web has provided the opportunity for an enterprise to extend its boundaries in the global business environment. While commercial functions can be shared among a variety of strategic allies - including business partners and customers, extranets appear to be the cost-effective solution to providing global connectivity for different user groups. Because extranets allow third-party users into corporate networks, they need to be extremely secure and external access needs to be highly controllable. Access control and authorisation mechanisms must be in place to regulate user access to information/resources in a manner that is consistent with the current set of policies and practices both at intra-organisational and cross-organisational levels. In the business-to-customer (B2C) e-commerce setting, a service provider faces a wide spectrum of new customers, who may not have pre-existing relationships established. Thus the authorisation problem is particularly complex. In this thesis, a new authorisation scheme is proposed to facilitate the service provider to establish trust with potential customers, grant access privileges to legitimate users and enforce access control in a diversified commercial environment. Four modules with a number of innovative components and mechanisms suitable for distributed authorisation on extranets are developed: * One-shot Authorisation Module - One-shot authorisation token is designed as a flexible and secure credential for access control enforcement in client/server systems; * Token-Based Trust Establishment Module - Trust token is proposed for server-centric trust establishment in virtual enterprise environment. * User-Centric Anonymous Authorisation Module - One-task authorisation key and anonymous attribute certificate are developed for anonymous authorisation in a multi-organisational setting; * Agent-Based Privilege Negotiation Module - Privilege negotiation agents are proposed to provide dynamic authorisation services with secure client agent environment for hosting these agents on user's platform

distributed authorisation

extranet

Intranet

smart card

personal secure device

authentication

security architecture

security server

trust establishment

trust token

credential-based authorisation

one-shot authorisation token

one-task authorisation key

anonymous attribute certificate

key binding certificate

anonymous authorisation

referee server

privilege negotiation agent

authorisation agent

secure client agent environment

Régionalisme, régionalisation des conflits et construction de l'État : l'équation sécuritaire de la Corne de l’Afrique / Regionalism, regionalization of conflict and state-building : the security equation of the Horn of Africa

Le Gouriellec, Sonia

25 November 2013

En dépit de sa complexité analytique, la situation sécuritaire de la Corne de l’Afrique peut être soumise aux outils de la Science politique afin de mieux comprendre les interactions entre les différents acteurs. Cette recherche s’efforce d’analyser les ressorts d’une équation sécuritaire qui peut paraître insoluble : le régionalisme est-il aujourd’hui un prérequis à l’émergence d’une paix régionale ? Pour répondre à cette question il est nécessaire de comprendre quels rôles jouent les processus sécuritaires régionaux (régionalisation et régionalisme) dans la construction des États de la Corne de l’Afrique. Cette étude s’efforce d’étudier les interactions entre le régionalisme, fondement de l’architecture de paix et de sécurité continentale, la régionalisation des conflits, qui semble à l’oeuvre dans cette région, et les processus de construction/formation de l’État. Les rapports entre les trois termes de l’équation dépendent du contexte et des interactions entre les différentes entités composant la région (États, acteurs non étatiques qui se dressent contre eux ou négocient avec eux et acteurs extérieurs). Deux types de dynamiques sont mises en évidence au terme de cette étude : l’une endogène, l’autre exogène. Dans la première, nous constatons que les conflits participent à la formation de l’État. Ils sont en grande partie des conflits internes et montrent qu’il existe une crise dans l’État. Ces États dominent le processus de régionalisme qui tente de réguler la conflictualité régionale avec un succès relatif puisque les organisations régionales cherchent à renforcer ou reconstruire l’État selon les critères idéalisés de l’État wébérien vu comme source d’instabilité. Le processus exogène se caractérise par le rôle des conflits régionaux dont l’existence sert de justificatif au développement et au renforcement du régionalisme, perçu comme la réponse la plus appropriée à ces problèmes de conflictualités. Cette conflictualité a pour source l’État car celui-ci est perçu comme faible. Le régionalisme permettrait de renforcer les États et diminuerait leurs velléités de faire la guerre. / In spite of its analytical complexity, the security context in the Horn of Africa may be submitted to the Political Science’ tools in order to better understand the complex interactions between the various actors. The present research thus seeks to analyze the mechanism underlying what appears as an unsolvable security problem: is regionalism a prerequisite for the emergence of a regional peace? In order to answer this question, it is necessary to understand the role of regional security processes (regionalization and regionalism) in the state formation and state building of the Horn of Africa’s states. This study endeavours to explore the interactions between regionalism, which are inherent in the creation of an African peace and security architecture, the regionalization of conflict, which seems at work in this area, and construction/formation state process. The relationship between the three terms of this equation depends on the context and interactions between the various entities that make up the region (states, non-state actors that stand against them or negotiate with the states and external actors). This study thus reveals two kinds of dynamics at play: an endogenous process and an exogenous one. In the first one conflicts are involved in the formation of the state and are largely internal conflicts. It demonstrates that there is a crisis in the state States dominate the regionalism process which tries to regulate regional conflit with relative success because regional organizations seek to strengthen or rebuild the state according to the idealized criteria of the Weberian State seen as a source of instability. The exogenous process is characterized by the role of regional conflicts whose very existence serves to justify the development and the strenghtening of regionalism thus perceived as the most appropriate answer to those security problems. States are the source of conflicts because they are perceived as weak. Regionalism would strengthen states and reduce the inclination of states to make war.

Intégration régionale

Régionalisme

Régionalisation

Coopération

Multilatéralisme

Corne de l’Afrique

Djibouti

Érythrée

Éthiopie

Somalie

Somaliland

IGAD

Union Africaine

Architecture de Paix et de Sécurité

États faibles

Construction/Formation de l’État

Sécurité

Conflits

Stabilité

Regional integration

Regionalism

Regionalisation

Cooperation

Multilateralism

Horn of Africa

Djibouti

Eritrea

Ethiopia

Somalia

Somaliland

IGAD

African Union

African Peace and Security Architecture

Weak states

State building

Security

Conflicts

Stability

320.963

Integrating Trust-Based Adaptive Security Framework with Risk Mitigation to enhance SaaS User Identity and Access Control based on User Behavior

Akpotor Scott, Johnson

January 2022

In recent years, the emerging trends in cloud computing technologies have given rise to different computing services through the Internet. Organizations across the globe have seized this opportunity as a critical business driver for computing resource access and utilities that will indeed support significant business operations. Embracing SaaS as a crucial business factor enhances corporate business strategy through economies of scale, easy manageability, cost-effectiveness, non-geographical dependence, high reliability, flexible resources, and fast innovation. However, this has also come with various risks due to the limitation of traditional user identity and access control solutions’ inability to effectively identify and manage cloud users’ authorization process when interacting with the cloud. The limit can result in a legitimate user account's impersonation to carry out malicious activities after the user account is compromised to go undetected since traditional solutions seldom function based on user behavior trust level behind any account. Furthermore, the limitation is a significant vulnerability to the cloud environment. This vulnerability is known to be exploited by threats that can eventually lead to substantial unacceptable risks that can undermine security principles or requirements such as confidentiality, integrity, and availability. Significant consequences of this risk are categorized into financial damages, legal implications, reputational damages, and regulatory implications to the cloud environment. As a result, a solution that could contribute to the remediation of these potential risks incurred due to the limitation of user identity and access control management was proposed and designed as User Behavior Trust-Based Adaptive Security framework. The design aims to enhance how cloud users' identity and access control might be managed effectively based on a user behavior trust context and adaptation of corresponding access control measures through adaptive security. The design capability was manifested by integrating it into the standard ISO/2705:2018 Risk Management process. Although, there have been several good information security frameworks such as ISO/IEC 27005:2018 and other technical countermeasures such as SaaS Identity & Access Management (IDaaS) to deal with this risk on the public cloud services. However, they are based on static mitigation approaches, so there is a solid need to shift towards a more dynamic strategical approach. The presented design work, User Behavior Trust-Based Adaptive Security framework, intends to serve as a proposed guideline for risk mitigation that would enhance user identity and access control limitations across the cloud. The solution functions by a trust modeling process that evaluates cloud user activities to compute a user behavior comprehensive trust degree. The resulting data is further used as input feeds parameters into a policy decision point process. The policy decision point process adapts the input parameters to user behavior trust level and behavior risk rating to determine the appropriate access control decision. Ultimately, the adaptive security solution consults the policy decision points to dynamically enforce the corresponding controls measures based on the access control decision received as input feed. The report also conducts a risk assessment process to identify vulnerabilities, threats, and risks related to user behavior trust level and risk rating regarding SaaS resources. Then adapt the mitigation solution, User Behavior Trust-Based Adaptive Security framework, as a possible risk treatment within the risk management process ISO/2705:2018. This report uses a design methodology derived from User Behavior Trust Modelling scientific research work, Gartner Adaptive Security Architecture Model, and eXtensible Access Control Markup Language's policy decision point concept. The design evaluates user behavior trust level by the trust modeling, while the integrated policy decision point processes the trust level to make the access control decision which is later enforced by the adaptive security solution. The report further adapts the risk management procedure ISO/2705:2018 to identify risk from user behavior and trust level, then implements the design solution as a possible risk treatment. The research findings were documented as Results and Discussion, where the functional and operational aspects of the designed framework were provided. In addition, the effects of applying the framework as a possible risk treatment solution were observed through conducting an ISO/2705:2018 risk management procedure. The notable outcome of a reduction of identified risk levels was an improvement in user attitude or behavior, which eventually increased user behavior trust level and reduced associated behavior risk. At the same time, the discussion detailed the interpretation of the results, implications, and limitation of the research, why the framework could be considered a remediation solution beyond the state-of-the-art for cloud user identity and access management—precisely by integrating user behavior, trust, policy decision making with adaptive security into risk management process to reduce IDM-associated risk in the SaaS. Finally, this study has outlined the significance of adopting the designed framework as a possible mitigation solution to enhance the shortcomings of user identity and access control management in the cloud. It has demonstrated that SaaS identified risk can be reduced to an acceptable level when user behavior and activities are taken seriously. Insight into the current trust state and associated risk level of cloud users are vital for continuous risk monitoring and reduction. The solution is to be used as a recommended guideline that might significantly contribute to the research community and information security field of cloud security. Future research direction to consider the possibility of simulating and transforming this conceptual and abstract framework into a real-world working solution due to research work limitations. The framework was designed based on recognized and accepted scientific and technological principles and concepts, from user behavior trust modeling, eXtensible access control markup language, and adaptive security architecture. In addition, to extend this concept to a future research area that will focus exclusively on application-processes behavior.

Risk Assessment

Security countermeasure

Risk Management

Risk Mitigation

Adaptive Security Controls

Threats

Risk

Vulnerabilities

User Behavior Trust Degree

User Behavior Risk Rating

Policy Decision Point

Policy Enforcement Point

User Behavior Trust Model

Adaptive Security Architecture

SaaS

Public Cloud.

Computer Systems

Datorsystem

Telecommunications

Telekommunikation

Communication Systems

Kommunikationssystem

Annan elektroteknik och elektronik