Peter Buhler

The Zurich Trusted Information Channel --- An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks

This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-the-middle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. The insecure user PC is used solely to relay IP packets and display non-critical transaction information. All critical information is parsed out of the mutually-authenticated SSL/TLS connections that the ZTIC establishes to the server and shown on the display for explicit user approval.

Secure password-based cipher suite for TLS

SSL is the de facto standard today for securing end-to-end transport on the Internet. While the protocol itself seems rather secure, there are a number of risks that lurk in its use, for example, in web banking. However, the adoption of password-based key-exchange protocols can overcome some of these problems. We propose the integration of such a protocol (DH-EKE) in the TLS protocol, the standardization of SSL by IETF. The resulting protocol provides secure mutual authentication and key establishment over an insecure channel. It does not have to resort to a PKI or keys and certificates stored on the users computer. Additionally, its integration in TLS is as minimal and non-intrusive as possible.

JavaCard-from hype to reality

In this final of three related articles about smart card technology, the authors discuss the JavaCard, a much-hyped technology that is finally taking off as a multiapplication smart card. The main reason for the hype is JavaCards potential. Not only would it let all Java programmers develop smart card code, but such code could be downloaded to cards that have already been issued to customers.

ePVM - An Embeddable Process Virtual Machine

At the heart of every business process management system resides a workflow engine, here termed process execution engine. Yet despite playing such a central role, contemporary business process engines generally still leave much to be desired in terms of interoperability, versatility, and programmability. Therefore, this paper introduces ePVM, an embeddable process execution engine aimed at solving these issues. Basically, ePVM is built upon two core concepts. Firstly, an execution model which is deeply rooted in the theoretical framework of communicating state machines. Secondly, whereas many efforts have been made to create the ultimate process language, ePVM provides in contrast a low-level run-time environment based on a JavaScript interpreter where higher-level domain specific process definition languages can be mapped to. Our work explores both concepts in more detail and also positions ePVM in the current business process and workflow domain.

Advanced Grid Programming with Components: A Biometric Identification Case Study

Component-oriented software development has been attracting increasing attention for building complex distributed applications. A new infrastructure supporting this advanced concept is our prototype component framework based on the Grid component model. This paper provides an overview of the component framework and presents a case study where we utilise the component-oriented approach to develop a business process application for a biometric identification system. We then introduce the tools being developed as part of an integrated development environment to enable graphical component-based development of Grid applications. Finally, we report our initial findings and experiences of efficiently using the component framework and set of software tools.

Bringing strong authentication and transaction security to the realm of mobile devices

Widespread usage of mobile devices in conjunction with malicious software attacks calls for the development of mobile-device-oriented mechanisms aiming to provide strong authentication and transaction security. This paper considers the eBanking application scenario and argues that the concept of using a trusted companion device can be ported to the mobile realm. Trusted companion devices involve established and proven techniques in the PC (personal computer) environment to secure transactions. Various options for the communication between mobile and companion devices are discussed and evaluated in terms of technical feasibility, usability, and cost. Accordingly, audio communication across the 3.5-mm audio jack--also known as tip-ring-ring-sleeve, or TRRS connector,--is determined to be quite appropriate. We present a proof-of-concept companion device implementing binary frequency shift keying across this interface. Results from a field study performed with the proof-of-concept device further confirm the feasibility of the proposed solution.

IBM secure enterprise desktop

Using software-only approaches makes it is practically impossible to completely secure software applications, as well as corporate information, against determined cyber-criminals. Therefore, in an era where any general-purpose operating system (OS) with end-user access can be hacked, we propose using dedicated security hardware to ensure that only authorized people obtain access to sensitive information. The fundamental principle involves booting the end-user computer from such a trusted mobile device without trusting any software installed on the computer. The device establishes a secure connection to the back-end infrastructure to provide access to the users OS, e.g., through a remote terminal access or provisioned on the local computer. The solution is very simple to operate, as many corporate employees are not necessarily IT (information technology) savvy. In this paper, we discuss the combination of our dedicated tamper-resistant security boot-token operating user credentials with known defense mechanisms, such as OS virtualization, trusted boot, establishment of client-side and server-side authenticated secure channels to trustworthy back-ends, and client-side storage encryption. This novel combination forms an easy-to-use and highly mobile security solution that addresses security challenges of the BYOD (bring-your-own-device) approach. As a proof point for the latter claims, we report on initial real-world usability tests.

Flexible Persistence Support for State Machine-Based Workflow Engines

This paper introduces a flexible persistence model for state machine workflows. In contrast to the persistence support in contemporary process definition languages and corresponding workflow engines we propose a model where, firstly, an arbitrary number of persistence providers can be attached to the process engine and, secondly, the workflows can dynamically decide when they should be stored persistently and by which persistence provider. Furthermore, we exemplify the implementation of this model within ePVM, an embeddable process virtual machine based on the theoretical foundation of communicating extended finite state machines. Finally, we present results gained from an initial experiment demonstrating that the model can help increasing software efficiency.

Methodology for component-based development of grid applications

Component-based software technologies have emerged as a modern approach to software development for distributed and Grid applications. However, the lack of longer-term experience and the complexity of the target systems demand more research results in the field. This paper provides a generic method to develop applications based on a Grid Component Model (GCM). We discuss the main advantages of our methodology -- reduced development cycle, increased portability, and support of dynamic properties of the GCM-based component framework. We then introduce our integrated environment designed to enable component-based development of Grid applications. After that we illustrate the methodology using as an example the development of a complex distributed business process application for a biometric identification system. Finally, we report our initial findings and experiences of applying the methodology and the integrated environment, to best exploit the GCM framework.