Karl M. Goeschka

QR-TAN: Secure Mobile Transaction Authentication

The security of electronic transactions depends on the security of the users terminal. An insecure terminal may allow an attacker to create or manipulate transactions. Several techniques have been developed that help to protect transactions performed over insecure terminals. TAN codes, security tokens, and smart cards prevent an attacker who obtained the users password from signing transactions under the users identity. However, usually these techniques do not allow a user to assert that the content of a transaction has not been manipulated. This paper contributes with the QR-TAN authentication technique. QR-TANs are a transaction authentication technique based on two-dimensional barcodes. Compared to other established techniques, QR-TANs show three advantages: First, QR-TANs allow the user to directly validate the content of a transaction within a trusted device. Second, validation is secure even if an attacker manages to gain full control over a user’s computer. Finally, QR-TANs in combination with smart cards can also be utilized for offline transactions that do not require any server.

A system architecture for enhanced availability of tightly coupled distributed systems

We present a system architecture which facilitates enhanced availability of tightly coupled distributed systems by temporarily relaxing constraint consistency. Three different types of consistency are distinguished in tightly coupled distributed systems - replica consistency, concurrency consistency, and constraint consistency. Constraint consistency defines the correctness of the system with respect to a set of data integrity rules (application defined predicates). Traditional systems either guarantee strong constraint consistency or no constraint consistency at all. However, a class of systems exists, where data integrity can be temporarily relaxed in order to enhance availability, i.e. constraint consistency can be traded against availability. This allows for a context- and situation-specific optimum of availability. This paper presents the basic concepts of the trading process and the proposed system architecture to enable a fine-grained tuning of the trade-off in tightly coupled distributed systems.

Overview and Evaluation of Constraint Validation Approaches in Java

Integrity is a dependability attribute partially ensured through runtime validation of integrity constraints. A wide range of different constraint validation approaches exists-ranging from simple if conditions over explicit constraint validation methods and contract specifications to constraints as first class runtime entities of an application. However, increased support for explicitness and flexibility often comes at the price of increased performance costs. To address this issue, we contribute with an overview and evaluation of different constraint validation approaches for the Java programming language with respect to implementation, maintainability and performance. Our results show that the benefits of some of the more advanced approaches are certainly worth their costs by introducing a runtime overhead of only two to ten times the runtime of the fastest approach while other approaches introduce runtime overheads of more than 100, which might be simply too slow in certain applications.

Enterprise application integration by means of a generic CORBA LDAP gateway

Telecommunication applications are inherently distributed and the interface provided to third party applications is often complex and also distributed. Usually, these third party components need only a subset of the provided data, therefore a simple and standardized access method would be preferred. Such an interface is provided by the Lightweight Directory Access Protocol (LDAP) and we designed an LDAP to CORBA (Common Object Request Broker Architecture) gateway acting as a bridge between the involved technologies.

What service replication middleware can learn from object replication middleware

Replication is a well-known technique to enhance dependability and performance in distributed systems. A plethora of replication middleware for distributed object systems has been proposed in the past decade. However, replication in service-oriented systems is still in its infancy. In this paper, we analyze some of the proposed service replication middleware solutions and compare them on an architectural level with object replication middleware. In particular, we focus on replication middleware that allows for (but is not limited to) strict consistency of replicas since this is required by many real-life applications. We identify six major infrastructure components and present a generalized architecture for both distributed object and service-oriented replication middleware. The result of our comparison is unambiguous: Replication middleware for service-oriented systems and distributed object systems (such as FT-CORBA) share many commonalities and only subtle differences caused by the different granularity of the replicated entity, or different transaction models.

Client and legacy integration in object oriented Web engineering

To be successful, e-commerce and Web information systems depend on systematic analysis and design processes. Even more important, our method is based on standard techniques like UML, XML, and Corba. It also allows for the integration of different kinds of clients from Java over HTML to WAP into a distributed environment. Through the smooth integration of highly heterogeneous legacy software and databases, our object oriented Web design provides techniques to achieve this goal.

Fault-tolerance in a distributed management system: a case study

Our case study provides the most important conceptual lessons learned from the implementation of a Distributed Telecommunication Management System (DTMS), which controls a networked voice communication system. Major requirements for the DTMS are fault-tolerance against site or network failures, transactional safety, and reliable persistence. In order to provide distribution and persistence both transparently and fault-tolerant we introduce a two-layer architecture facilitating an asynchronous replication algorithm. Among the lessons learned are: component based software engineering poses a significant initial overhead but is worth it in the long term; a fault-tolerant naming service is a key requirement for fail-safe distribution; the reasonable granularity for persistence and concurrency control is one whole object; asynchronous replication on the database layer is superior to synchronous replication on the instance level in terms of robustness and consistency; semi-structured persistence with XML has drawbacks regarding consistency, performance and convenience; in contrast to an arbitrarily meshed object model, a accentuated hierarchical structure is more robust and feasible; a query engine has to provide a means for navigation through the object model; finally the propagation of deletion operation becomes more complex in an object-oriented model. By incorporating these lessons learned we are well underway to provide a highly available, distributed platform for persistent object systems.

Using Replication to Build Highly Available .NET Applications

Replication is a well-known technique to achieve fault-tolerance in distributed systems, thereby enhancing availability. However, so far, not much attention has been paid to object replication using Microsofts .NET technologies. In this paper, we present the lessons we have learned during design and implementation of a .NET based replication framework that allows building dependable, distributed .NET applications. Our framework does not only support traditional replication protocols like primary-backup replication or voting but also a new protocol for explicit balancing between data integrity and availability. Based on our experiences, we recommend to use a state-of-the-art group communication toolkit (e.g., spread) and .NET remoting as basis for object replication in a .NET environment

Trading Integrity for Availability by Means of Explicit Runtime Constraints

Data integrity is one of the dependability attributes in data-centric applications. However, applications exist, e.g., safety or mission critical systems, where availability is more important for dependability than strict data integrity. Consequently, in such systems availability can be increased by temporarily relaxing data integrity. Potential inconsistencies are accepted by constraint validation on replicated copies, which are potentially stale in the face of network partitions. Such consistency threats need to be bound and eventually resolved during reconciliation. The contribution of this paper is a solution approach to this trade-off between availability and integrity by means of explicit runtime-management of data integrity constraints and consistency threats as well as reconciliation support

Axis2-based Replication Middleware forWeb Services

Dependability is one of the most important challenges for service-oriented architectures if their success shall continue in critical settings such as air traffic control or finance and banking. Replication of services and the underlying resources is one of the primary fault tolerance techniques for achieving dependability. While replication is well known in traditional fields (e.g. databases), it is rather in its infancy in service-oriented environments. Thus, in order to reduce the dependability gap we are currently facing in service-oriented environments, we contribute with a replication middleware for Web services which is built upon the Java-based Axis2 SOAP engine and provides a variant of primary-backup replication. Performance evaluations of our middleware implementation show the relatively low overhead of replication if the number of replicas is small.