In a history-based trust-management system, users and service providers use information about past transactions to make trust-based decisions concerning current transactions. One category of such systems is represented by the reputation systems. However, despite the growing body of experience in building reputation systems, there are several limitations on how they are typically implemented. They often rely on scores that are evaluated by service providers and are often not reliable or well understood. We believe that reputation has to be based on objective and reliable information. In such context, transaction histories play an important role. In this paper, we present the VeryIDX system that implements an electronic receipt infrastructure and supports protocols to build and manage online transaction history of users. The receipt protocols are shown to have several essential security and privacy properties. We present a basic yet reasonably expressive language which provides service providers with a new way to establish trust based on users’ transaction history. We also describe the architecture and prototype implementation of VeryIDX, based on several important design considerations of a real-world e-commerce system infrastructure.

Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.

In a hierarchical access control system, users are partitioned into a number of classes—called security classes—which are organized in a hierarchy. Hierarchies arise in systems where some users have higher privileges than others and a security class inherits the privileges of its descendant classes. The problem of key assignment in such systems is how to assign cryptographic keys to users and resources to properly enforce access rights. Its crucial goal is efficiency: the number of keys a user obtains, computation a user performs, and amount of resources the server is required to maintain should be minimized.

In this work, we present a fully-dynamic and very efficient solution to the key assignment problem that is also provably secure for a strong notion of security. We then show how the model can be extended to time-based policies where users obtain access rights only for a specific duration of time, and subsequently present our time-based key assignment solution. Finally, we explain how similar techniques can be used to efficiently enforce access control policies in geo-spatial systems and describe our construction for such systems as well.

    The use of finite fields of low characteristic can make the implementation of elliptic curve cryptography more efficient. There are two approaches to lower the characteristic of the finite field in ECC while maintaining the same security level: Elliptic curves over a finite field extension and hyperelliptic curves over a finite field. This thesis solves some problems in both approaches.
  The group orders of elliptic curves over finite field extensions are described as polynomials. The irreducibility of these polynomials is proved, and hence the primality of the group orders can be studied.          Asymptotic formulas for the number of traces of elliptic curves over field extensions with almost prime orders are given and a proof based on Bateman-Horn

Recently we have seen increasing adoption of wireless ad-hoc and sensor networks (WAHAS) for security critical applications in military and civilian domains, such as battlefield surveillance and emergency rescue and relief. However, they are often exposed to a wide-range of control and data traffic attacks. Control attacks are directed to control traffic in the network, such as routing and localization. Examples are wormhole,  Sybil, and rushing attacks. Control attacks are often easy to launch even without the need for any cryptographic key and can be used to subvert the functionality of the network by disrupting data flow. Data traffic attacks include selective forwarding and misrouting attacks. We have pursued two lines of defense to secure WAHAS networks. The first is attack prevention using low-cost key management for encryption and authentication. Our protocol SECOS provides the guarantee that communication between any two nodes remains secure despite compromise of any number of other nodes. The second line of defense is control and data traffic attack detection, diagnosis, and isolation through local monitoring and response. Each node oversees the traffic in its one-hop neighborhood and maintains state for the behavior of each neighbor. We develop a suite of three protocols for respectively static networks, mobile networks, and energy efficient sleep-awake aware local monitoring. To demonstrate the protocols, we perform analysis and simulations in ns-2. The metrics for evaluation include fraction of data received at the destination, coverage and delay of isolation, likelihood of false positives, and overhead in terms of resource consumption.

This research investigates the denial of service problem, in the context of services provided over a network, and contributes to improved techniques for modelling, detecting, and preventing denial of service attacks against these services.

While the majority of currently employed denial of service attacks aim to pre-emptively consume the network bandwidth of victims, a significant amount of research effort is already being directed at this problem. This research is instead concerned with addressing the inevitable migration of denial of service attacks up the protocol stack to the application layer. Of particular interest is the denial of service resistance of key establishment protocols (security protocols that enable an initiator and responder to mutually authenticate and establish cryptographic keys for establishing a secure communications channel), which owing to the computationally intensive activities they perform, are particularly vulnerable to attack.

Access hierarchies are useful in many applications and are modeled as a set of access classes organized by a partial order. A user who obtains access to a class in such a hierarchy is entitled to access objects stored at that class, as well as objects stored at its descendant classes. Efficient schemes for this framework assign only one key to a class and use key derivation to permit access to descendant classes. Ideally, the key derivation uses simple primitives such as cryptographic hash computations. A straightforward key derivation time is then linear in the length of the path between the user’s class and the class of the object that the user wants to access.

Recently, work presented in [Atallah et al. 2005] has given a solution that significantly lowers this key derivation time for deep hierarchies, by adding a modest number of extra edges to the hierarchy. While such techniques were given for trees, this work presents efficient key derivation techniques for hierarchies that are not trees using a different mechanism. The construction we give in the present paper is recursive and makes a novel use of the notion of the dimension d of an access graph. We provide a solution through which no key derivation requires more than O(d) hash function computations, even for “unbalanced” hierarchies whose depth is linear in their number of access classes n.

Online privacy is an increasingly important problem, as many services are now offered in a digital form. Privacy (or the lack thereof) is of a special concern in subscriptions to large data repositories with heterogeneous information, where the service provider can easily profile its users and sell that information to third parties. In this work we present the design and implementation of a system that closely resembles the current practice of subscriptions to many services such as newspapers, digital libraries, music collections, etc., but at the same time offers anonymous access to the service. As with current practice, in our solution a user subscribes to the service obtaining access to it for a certain period of time, at the end of which the subscription expires.

In our system user access is always anonymous and no two transactions by the same user can be linked together. Moreover, the system assures a high level of protection to the service provider, as a user cannot share her subscription credentials with others without denying herself access to the service. We present experimental results showing that the design of our system results in only small computation overheads, in addition to having very low communication requirements. The main objective of this work is thus to illustrate the practically of integrating anonymity into today’s subscription-based services.

We propose the role-and-relation-based access control (R2BAC) model for workflow systems. In R2BAC, in addition to a user

Today, most public service delivery mechanisms, such as hospitals, police and fire departments, rely exclusively on digital generation, storage and analysis of vital information. To protect critical digital resources access control mechanisms are employed. The aim is to define rules under which authorized users can access resources required to perform organizational tasks. These rules or policies define constraints of time and space on digital resources. Natural or man-made disasters pose a unique challenge, whereby, previously defined constraints may debilitate the ability of the organization to act to its fullest capability. In this paper we propose to employ contextual parameters; specifically, activity context in the form of emergency warnings, to adapt access control policies according to a priori configuration which allows maximum access to critical resources. We also propose an architecture for the detection of crises in the form of activity context and incorporate it in the policy adaptation framework.

The notion of spatio-temporal multi-granularity is fundamental when modeling objects in GIS applications in that it supports the representation of the temporal evolutions of these objects. Concepts and issues in multi-granular spatio-temporal representations have been widely investigated by the research community. However, despite the large number of theoretical investigations, no comprehensive approaches, have been proposed dealing with the representation of multi-granular spatio-temporal objects in commercially available DBMSs.  The goal of the work that we report in this paper is to address this gap. To achieve it, the paper first introduces an object-relational model based on OpenGis specifications described in SQL3. Several extensions are developed in order to improve the semantics and behavior for spatio-temporal data types introducing an approach to represent the temporal dimension in this model and the multi-representation of spatio-temporal granularities.