Dejan Simic

A Novel Approach to Building Secure Systems

In this paper, we present the modern approaches to building secure systems which are based on overcoming the problems resulting from asynchronization between system modeling and development on the one hand and modeling and development of the system security on the other hand. We also present the bases and solutions on which the idea of symbiosis is founded: a useful, close, permanent unity that combines languages for modeling systems with languages for modeling security. In this paper, we also present the design of one Web e-commerce application written by means of SecureUML-template and extended by being connected with protection against attacks (such as Web site defacement) and by the use of digital signature

Identity Management — A Survey

The rise of network-based, automated services has brought some fundamental changes to every organization’s activities. One of the most important changes that have occurred is the change in the way the business companies offered their products to customers. The business processes have become increasingly automated. As a result, the way in which customers create trust relationships with service providers has changed, because business transactions are conducted online. Traditional ways of establishing trust relationships between negotiating parties are no longer applicable. Windley (2005) points out that the usual trust marks that customers have relied on in the past are either missing or are easily forged. Moreover, in addition to changes in the relationship between business companies and their customers, the whole business process has become automated. The relationships with partners, suppliers, and employees have moved to the electronic world. This leads to increased risk of attacks such as identity theft and identity disclosure. Merchant web applications must be properly protected in an e-commerce environment (Stankovic et al., 2012). Therefore, digital identity management needs to be properly implemented in order to elevate the overall security of the business process.

Using Kerberos protocol for Single Sign-On in Identity Management Systems

Abstract: Today, identity management systems are widely used in different types of organizations, from academic and government institutions to large enterprises. An important feature of identity management systems is the Single Sign-On functionality. Single Sign-On allows users to authenticate once, and freely use all services and resources available to them afterwards. In this paper, we present the usage of Kerberos in identity management systems. An overview of Kerberos protocol, state of the art of identity management systems and different generic architectures for identity management is given in the paper. Also, we present a Single Sign-On identity management architecture proposal based on Kerberos protocol, and discuss its properties. Special attention was given to authentication, authorization and auditing.

Choosing Authentication Techniques in E-procurement System in Serbia

E-Government can provide a citizen with better and/or more convenient services as opposed to the traditional government services. Application of electronic approach in completing an e-Procurement process opens up a lot of issues regarding security. The transparent nature of the process at hand is requiring a sophisticated security system. Unauthorized access or different kinds of intrusion present a legitimate threat. On the other hand, the attempt to develop such a system in developing countries like Serbia may face many difficulties. Some of the difficulties may be caused by legal obstacles, technical weaknesses, or human resistance towards change. This paper presents a review of authentication techniques used in the European e-Government systems and according to that this paper is focused on the methods we used to overcome those difficulties, as well as on the provision of a strong security system that would guarantee the protection of sensitive data.

Using open source software for web application security testing

Web applications are a standard part of our everyday lives. Their purpose can vary significantly, from e-banking to social networks. However, one thing is similar - users have generally high expectations from different web applications. To assure such high expectations, proper web application testing is necessary. Non-functional testing is an important part of web application testing. As technology advances and requirements become more complex, the importance of non-functional application aspects becomes even greater. It is necessary to identify non-functional requirements of web applications which are important to users, implement those requirements and test them.

Tweakable parallel OFB mode of operation with delayed thread synchronization.

Introduction of various cryptographic modes of operation is induced with noted imperfections of symmetric block algorithms. Design of some cryptographic modes of operation has already been exploited as an idea for parallelization of certain algorithms execution. To the best of our knowledge, there is no evidence in the available literature that output feedback (OFB) mode, which is used in satellite communications, has ever been parallelized. In this paper, we consider the performance of a convenient mode of operation, which performs tweakable parallel encryption using xor encrypt xor (XEX) and xor encrypt (XE) constructions in OFB like mode. We make use of an idea similar to the XTS-AES in order to create two parallel tweakable block ciphers. The first of them is designed using XEX construction, while the second is based on XE construction. Each cipher uses two threads to produce corresponding keystreams. Keystreams are first merged with each other and then used in modified tweakable parallel OFB mode of operation. As a proof of the concept, we have implemented a Java application in which these parallel solutions are applied to collect empirical data. The results obtained show that under certain conditions tweakable parallel OFB modes using XEX and XE constructions can achieve performance accelerations up to 10% and to 20%, respectively. Copyright

Comparative Implementation Analysis of AES Algorithm

Advanced Encryption Standard (AES) is the first cryptographic standard aroused as a result of public competition that was established by U.S. National Institute of Standards and Technology. Standard can theoretically be divided into three cryptographic algorithms: AES-128, AES-192 and AES-256. This paper represents a study which compares performance of well known cryptographic packages - Oracle/Sun and Bouncy Castle implementations in relation to our own small and specialized implementations of AES algorithm. The paper aims to determine advantages between the two well known implementations, if any, as well as to ascertain what benefits we could derive if our own implementation was developed. Having compared the well known implementations, our evaluation results show that Bouncy Castle and Oracle/SUN gave pretty equal performance results - Bouncy Castle has produced slightly better results than Oracle/Sun during encryption, while in decryption, the results prove that Oracle/Sun implementation has been slightly faster. It should be noted that the results presented in this study will show some advantages of our own specialized implementations related not only to algorithm speed, but also to possibilities for further analysis of the algorithm.