Bostjan Brumen

A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion

Abstract The idea of the Internet of Things (IOT) notion is that everything within the global network is accessible and interconnected. As such Wireless Sensor Networks (WSN) play a vital role in such an environment, since they cover a wide application field. Such interconnection can be seen from the aspect of a remote user who can access a single desired sensor node from the WSN without the necessity of firstly connecting with a gateway node (GWN). This paper focuses on such an environment and proposes a novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. The proposed scheme enables a remote user to securely negotiate a session key with a general sensor node, using a lightweight key agreement protocol. The proposed scheme ensures mutual authentication between the user, sensor node, and the gateway node (GWN), although the GWN is never contacted by the user. The proposed scheme has been adapted to the resource-constrained architecture of the WSN, thus it uses only simple hash and XOR computations. Our proposed scheme tackles these risks and the challenges posed by the IOT, by ensuring high security and performance features.

Comparison of performance of Web services, WS-Security, RMI, and RMI-SSL

This article analyses two most commonly used distributed models in Java: Web services and RMI (Remote Method Invocation). The paper focuses on regular (unsecured) as well as on secured variants, WS-Security and RMI-SSL. The most important functional differences are identified and the performance on two operating systems (Windows and Linux) is compared. Sources of performance differences related to the architecture and implementation are identified. The overheads related to the usage of security and the influences of JCE (Java Cryptography Extension) security providers on the performance of secured remote invocations are identified. Finally, the impact of distributed models on design and implementation of distributed applications is identified and guidelines for improving distributed application performance in design and implementation stage are provided. The paper contributes to the understanding of functional and performance related differences between Web services and RMI and their secure variants, WS-Security and RMI-SSL.

WSDL and UDDI extensions for version support in web services

Versioning is an important aspect of web service development, which has not been adequately addressed so far. In this article, we propose extensions to WSDL and UDDI to support versioning of web service interfaces at development-time and run-time. We address service-level and operation-level versioning, service endpoint mapping, and version sequencing. We also propose annotation extensions for developing versioned web services in Java. We have tested the proposed solution for versioning in two real-world environments and identified considerable improvements in service development and maintenance efficiency, improved service reuse, and simplified governance.

Two proposed identity-based three-party authenticated key agreement protocols from pairings

The use of pairings has been shown promising for many two-party and three-party identity-based authenticated key agreement protocols. In recent years, several identity-based authenticated key agreement protocols have been proposed and most of them broken. In this paper, we propose two three-party identity-based authenticated key agreement protocols applying bilinear pairings. We show that the proposed protocols are secure (i.e. conform to defined security attributes) while being efficient.

An improved two-party identity-based authenticated key agreement protocol using pairings

Two-party authenticated key agreement protocols using pairings have gained much attention in the cryptographic community. Several protocols of this type where proposed in the past of which many were found to be flawed. This resulted in attacks or the inability to conform to security attributes. In this paper, we propose an efficient identity-based authenticated key agreement protocol employing pairings which employs a variant of a signature scheme and conforms to security attributes. Additionally, existing competitive and the proposed protocol are compared regarding efficiency and security. The criteria for efficiency are defined in this paper, whereas the criteria for security are defined by the fulfilment of security attributes from literature.

Performance Assesment Framework for Distributed Object Architectures

Accurate, efficient and predictable performance assessment of distributed object models is necessary to make a founded decision about which model to use in a given application domain. This article presents a performance assessment framework for distributed object models. It presents two contributions to the study of distributed object performances: it defines the performance criteria for all important aspects of distributed object computing, including single and multi-client scenarios, and, it presents the high and low-level design of the framework and gives insights into implementation details for several important distributed object models, like CORBA, RMI and RMI-IIOP.

Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol

Remote authentication of users supported by passwords is a broadly adopted method of authentication within insecure network environments. Such protocols typically rely on pre-established secure cryptographic keys or public key infrastructure. Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (5-6) (2006) 660-667] proposed a protocol for secure remote user access over insecure networks. Shortly after the protocol was published Shim [K.A. Shim, Security flaws of remote user access over insecure networks, Computer Communications 30 (1) (2006) 117-121] and Munilla et al. [J. Munilla, A. Peinado, Off-line password-guessing attack to Peyravian-Jeffriess remote user authentication protocol, Computer Communications 30 (1) (2006) 52-54] independently presented an off-line guessing attack on the protocol. Based on their findings we present an improved secure password-based protocol for remote user authentication, password change, and session key establishment over insecure networks, which is immune against the attack.

Password security — No change in 35 years?

Textual passwords were first identified as a weak point in information systems security by Morris and Thompson in 1979. They found that 86% of the passwords were weak: being too short, containing lowercase letters only, digits only or a combination of the two, being easily found in dictionaries. OBJECTIVE: Despite the importance of passwords as the first line of defense in most information systems, little attention has been given to the characteristics of their actual use. Thus, the objective of this paper is to identify any problems that may arise in creating and using textual passwords. METHOD: A systematic literature review of studies in the area of password use and password security. Our research is restricted to articles in journals and conference papers written in English and published between 1979 and 2014. The search is conducted through IEEEXplore, ScienceDirect, Springer Link and ACM Digital Library. RESULTS: The computer community has not made a very much-needed shift in password management for more than 35 years. Users and their passwords are still considered the main weakness in any password system, because users often choose easily guessable passwords: words, names, birthdates, etc., because they are easy to remember. CONCLUSION: Password policies and password checkers can help users create strong and easy-to-remember passwords. This work will serve as a starting point for our further research in this area where we want to determine whether these password policies are useful to the users, and whether the users can easily apply them.

Attacks and Improvement of an Efficient Remote Mutual Authentication and Key Agreement Scheme

Abstract In 2006, Shieh et al. proposed an efficient remote mutual authentication and key agreement scheme which uses smart cards and requires only hash function operations. In this paper, we show that Shieh et al.s scheme is vulnerable to guessing attacks, forgery attacks and key compromise attacks. To eliminate these weaknesses, an improvement of Shieh et al.s scheme with increased security is proposed. The security and efficiency of the improved scheme raises the attractiveness for implementation.

Medical diagnostic and data quality

The spread of electronic use of data in various areas has pushed the importance of data quality to a higher level. Data quality has syntactic and semantic components; the syntactic component is relatively easy to achieve if supported by tools (either off-the-shelf or our own), while the semantic component requires more research. In many cases such data come from different sources, are distributed across enterprises and are at different quality levels. Special attention needs to be paid to data upon which critical decisions are met, such as medical data for example. The starting point for research is in our case the risk of the medical area. We focus on the semantic component of medical data quality.