Benjamin Fabian

A comparison of security requirements engineering methods

This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.

Collaborative and secure sharing of healthcare data in multi-clouds

In healthcare, inter-organizational sharing and collaborative use of big data become increasingly important. The cloud-computing paradigm is expected to provide an environment perfectly matching the needs of collaborating healthcare workers. However, there are still many security and privacy challenges impeding the wide adoption of cloud computing in this domain. In this paper, we present a novel architecture and its implementation for inter-organizational data sharing, which provides a high level of security and privacy for patient data in semi-trusted cloud computing environments. This architecture features attribute-based encryption for selective access authorization and cryptographic secret sharing in order to disperse data across multiple clouds, reducing the adversarial capabilities of curious cloud providers. An implementation and evaluation by several experiments demonstrate the practical feasibility and good performance of our approach.

Comparison of Discovery Service Architectures for the Internet of Things

In the emerging Internet of Things rich data on real-world objects and events will be generated in vast amounts and stored in widely distributed databases. In truly global and dynamic application scenarios, intermediate brokers are needed to find these data, even if the exact location and form of storage are initially unknown to the requester. Discovery Services are aimed to fill this gap: they respond to requests for data on specific objects with a list of corresponding data providers. In this paper, we frame functional requirements for Discovery Services, and perform an overview and analysis of five established approaches for implementing Discovery Services that are taken from literature and industrial practice. In order to compare their characteristics, we develop a quality framework based on literature review and an ISO standard for software quality.

SHARDIS: A Privacy-Enhanced Discovery Service for RFID-Based Product Information

The EPCglobal Network is an emerging global information architecture for supporting Radio-Frequency Identification (RFID) in supply chains. Discovery services for the EPCglobal Network are distributed services that serve the following pivotal lookup function: Given an identifier for a real-world object, e.g., an Electronic Product Code (EPC) stored on an RFID tag, they return a list of Internet addresses of services that offer additional information about the object. Since a clients information interests in the EPCglobal Network can be used to create inventory lists and profiles of his physical surroundings, as well as be used for business intelligence on the flow of goods in corporate applications, protecting client privacy becomes crucial. In particular, privacy mechanisms should by design be integrated into discovery services where the clients information interests could be analyzed by many potential adversaries. This paper introduces SHARDIS, a privacy-enhanced discovery service for RFID information based on the peer-to-peer paradigm. The idea is to enhance confidentiality of the clients query against profiling by cryptographically hashing the search EPC and by splitting and distributing the service addresses of interest. Furthermore, a probabilistic analysis of the privacy benefits of SHARDIS is presented. SHARDIS was implemented using the global research platform PlanetLab. Several performance experiments show its practical feasibility for many application areas.

Distributed ONS and its Impact on Privacy

The EPC Network is an industry proposal to build a global information architecture for objects carrying RFID tags with electronic product codes (EPC). A so-called object naming service (ONS) is used to locate information sources for these objects in the EPC Network. But ONS is based on DNS, which suffers from well-studied weaknesses in robustness, configuration complexity and security. There are promising approaches to enhance the performance and robustness of DNS by using structured P2P systems based on distributed hash tables (DHT) that have a high potential as a replacement for ONS as well. We investigate if and how a decentralized alternative to ONS based on DHT could additionally offer data access control and enhance the privacy of its clients. As it turns out, the strength of privacy protection will slightly increase by using DHT compared to DNS, but strong protection will depend on the feasibility of secure out- of-band key distribution mechanisms.

Security Analysis of the Object Name Service

The EPCglobal network is designed to function as a global information retrieval network for objects carrying RFID tags with an Electronic Product Code (EPC). To locate corresponding information sources a so-called Object Name Service (ONS) is used. We take a look at privacy and security implications of ONS deployment and evaluate possible mitigation strategies.

Secret Sharing for Health Data in Multi-provider Clouds

The accelerated adoption of cloud computing among enterprises is due to the multiple benefits the technology provides, one of them the simplification of inter-organizational information sharing, which is of utmost importance in healthcare. Nevertheless, moving sensitive health records to the cloud still implies severe security and privacy risks. With this background, we present a novel secure architecture for sharing electronic health records in a cloud environment. We first conducted a systematic literature review and interviews with different experts from the German healthcare industry that allowed us to derive real-world processes and corresponding security and privacy requirements. Based on these results, we designed our multi-provider cloud architecture that satisfies many of the requirements by providing increased availability, confidentiality and integrity of the medical records stored in the cloud. This architecture features secret sharing as an important measure to distribute health records as fragments to different cloud services, which can provide higher redundancy and additional security and privacy protection in the case of key compromise, broken encryption algorithms or their insecure implementation. Finally, we evaluate and select a secret-sharing algorithm for our multi-cloud architecture. We implemented both Shamirs secret-sharing scheme and Rabins information dispersal algorithm and performed several experiments measuring the execution time. Our results indicate that an adoption of Rabins algorithm would create a low overhead, giving strong indicators to the feasibility of our approach.

In-memory Databases in Business Information Systems

In-memory databases are developed to keep the entire data in main memory. Compared to traditional database systems, read access is now much faster since no I/O access to a hard drive is required. In terms of write access, mechanisms are available which provide data persistence and thus secure transactions. In-memory databases have been available for a while and have proven to be suitable for particular use cases. With increasing storage density of DRAM modules, hardware systems capable of storing very large amounts of data have become affordable. In this context the question arises whether in-memory databases are suitable for business information system applications. Hasso Plattner, who developed the HANA in-memory database, is a trailblazer for this approach. He sees a lot of potential for novel concepts concerning the development of business information systems. One example is to conduct transactions and analytics in parallel and on the same database, i.e. a division into operational database systems and data warehouse systems is no longer necessary (Plattner and Zeier 2011). However, there are also voices against this approach. Larry Ellison described the idea of business information systems based on in-memory database as “wacko,” without actually making a case for his statement (cf. Bube 2010). Stonebraker (2011) sees a future for inmemory databases for business information systems but considers the division of OLTP and OLAP applications as reasonable. Therefore, this discussion deals with the question of whether in-memory databases as a basic data management technology can sustainably influence the conception and development of business information system or will remain a niche application. The contributors were invited to address the following research questions (among others): What are the potentials of in-memory databases for business information systems? What are the consequences for OLTP and OLAP applications? Will there be novel application concepts for business information systems? The following researchers accepted the invitation (in alphabetic order): Dr. Benjamin Fabian and Prof. Dr. Oliver Günther, Humboldt-Universität zu Berlin Prof. Dr. Donald Kossmann, ETH Zürich Dr. Jens Lechtenbörger and Prof. Dr. Gottfried Vossen, Münster University Prof. Dr. Wolfgang Lehner, TU Dresden Prof. Dr. Robert Winter, St. Gallen University Dr. Alexander Zeier with Jens Krüger and Jürgen Müller, Potsdam University Lechtenbörger and Vossen discuss the development and the state of the art of inmemory and column-store technology. In their evaluation they stress the potentials of in-memory technology for energy management (cf. Loos et al. 2011) and Cloud Computing. Zeier et al. argue that the main advantage of modern business information systems is their ability to integrate transactional and analytical processing. They see a general trend towards this mixed processing mode (referred to as OLXP). Inmemory technology supports this integration and will render the architectural separation of transactional systems and management information systems unnecessary in the future. The new database technology also greatly facilitates the integration of simulation and optimization techniques into business information systems. Lehner assumes that the revolutionary development of system technology will have a great impact on future structuring, modeling, and programming techniques for business information systems. One consequence will be a general shift from control-flow-driven to data-flowdriven architectures. It is also likely that the requirement for ubiquitously available data will be abandoned and a “needto-know” principle will establish itself in certain areas. Kossman identifies two phases in which in-memory technology will influence business information systems. The first phase is a simplification phase which is caused by a separation of data and application layers of information systems. In a second phase, however, complexity will increase since the optimization of memory hierarchies, such as the interplay between memory and cache, will also have consequences for application developers. Fabian and Günther stress that inmemory databases have already proven

Implementing Secure P2P-ONS

Name Services for the Internet of Things (specifically, the EPCglobal Network) are distributed systems that serve the following fundamental lookup function: Given an identifier for a real-world object, e.g., an Electronic Product Code (EPC), they return a list of Internet addresses of services, which offer additional information about this object. Without name services acting as a broker between items and their information sources, the Internet of Things could not achieve the flexibility and global scalability necessary to live up to its vision. The currently specified Object Naming Service (ONS) for the EPCglobal Network has severe security drawbacks in its architecture and design. In this paper, we present the implementation of a Peer-to-Peer name service architecture based on Distributed Hash Tables (DHT) on the research platform PlanetLab. This alternative ONS architecture named OIDA, if deployed as an infrastructure network, offers enhanced overall multilateral security compared to ONS, combined with potentially better functionality, scalability, and roughly equivalent performance.

Analyzing the Bitcoin Network: The First Four Years

In this explorative study, we examine the economy and transaction network of the decentralized digital currency Bitcoin during the first four years of its existence. The objective is to develop insights into the evolution of the Bitcoin economy during this period. For this, we establish and analyze a novel integrated dataset that enriches data from the Bitcoin blockchain with off-network data such as business categories and geo-locations. Our analyses reveal the major Bitcoin businesses and markets. Our results also give insights on the business distribution by countries and how businesses evolve over time. We also show that there is a gambling network that features many very small transactions. Furthermore, regional differences in the adoption and business distribution could be found. In the network analysis, the small world phenomenon is investigated and confirmed for several subgraphs of the Bitcoin network.