Sead Muftic

Certificate management in ad hoc networks

Various types of certificates are basic tools of modern cryptography and network security. They are used in various protocols, in the form of public key identity certificates, binding a key to its owner or in the form of attribute certificates, being a proof of rights and capabilities of their owner. Management of certificates (creation, distribution, verification, and revocation) is dependent on a certification infrastructure comprising various certification authorities, protocols, and policies. In this paper we consider usage and management of certificates in open, ad hoc networks. Ad hoc networks differ from fixed, wired networks in several important aspects, one of them being that access to the Internet is not always available. This significantly influences certificate management protocols since online access to various certificate system resources (CA certificates, CRL, etc) is not always available. We specify security requirements and constraints in such environments and outline potential solutions for adaptation of certificate management protocols to these new network environments.

Location-Based Authentication and Authorization Using Smart Phones

Authentication and authorization are two of the most important security features for mobile transaction systems. Most commonly, these schemes depend on three factors: what you know (secret), what you have (token), and what you are (biometrics). In this paper, we propose a location-based authentication and authorization scheme for mobile transactions using smart phones. The paper first describes the distinguished features and the architecture of our proposed solution. Second, the core of our design, including three parts: location registration, authentication and authorization as well as location verification, are described.

MagicNET: Security System for Development, Validation and Adoption of Mobile Agents

Current research in the area of mobile agents’ security mainly deals with protection and security for agents and agents’ runtime platforms. Mobile agent systems usually do not provide an extensive security methodology for the entire agent’s life cycle, from agent’s creation to its deployment and execution. In this paper we propose a comprehensive secure system for deployment of mobile agents. The system provides methodology that spans a number of phases in agent’s lifetime: it starts from agent creation and ends with agent’s execution. It addresses classification, validation, publishing, discovery, adoption, authentication and authorization of agents. Our system is based on secure web services and uses RBAC XACML policies and SAML protocol.

Mobile ATM for developing countries

Society benefits from M-Commerce applications to a greater extent. The most attractive benefit of M-Commerce applications is the mobility. Even though users have a poor computer literacy, they will be able to use the M-Commerce applications easily. Additionally, the M-Commerce applications have the potential of reducing the distance barriers. In developing countries, especially in rural areas, accessing financial and banking services is a critical issue. This paper proposes a system called Mobile-ATM to address this problem by incorporating the mobile technology. Also it discusses the limitations of traditional ATM systems, the need of a new M-Commerce application to overcome the limitations and security related issues. In the proposed solution, people can withdraw money from a Mobile-ATM without going to a traditional ATM. The Mobile-ATM system uses even cheap mobile phones, functioning as payment terminals. It will reduce the limitations of traditional ATM and enables confidential and secured ATM transactions.

MagicNET: Security System for Protection of Mobile Agents

Protection of Mobile agents is one of the most difficult problems in the area of mobile agents’ security. There is not a single, comprehensive solution that provides complete protection of agents against malicious hosts. Existing solutions either only detect or to some extent prevent attacks on agents. With detective mechanisms integrity of an agent’s code/state is being checked, but there are no effective solutions for confidentiality of agent’s code and baggage. In this paper, we propose a system which provides protection of agent’s code against illegal modifications, protection during agents’ execution, and also protection of agent’s baggage. Design of the system is based on a protective approach, which provides better security compared to traditional detective or preventive methods.

SAMSON: Secure access for medical smart cards over networks

This paper presents several smart card security extensions to the FIPS 201 PIV standard of security and authentication of mobile health. Our contributions are designed to better protect the patients data and to increase the functionality and interoperability of smart cards in health care. Our solution, called SAMSON, consists of two types of smart cards. The first, a security card, is issued to all personnel within any medical organization, while the second, the medical card, is issued to patients and used to securely store and retrieve health care information. These smart cards are being tested within a 14 hospital federated consortium in Michigans Upper Peninsula.

Web Contents Protection, Secure Execution and Authorized Distribution

This paper describes the design and implementation of a comprehensive system for protection of Web contents. In this design, new security components and extended security features are introduced in order to protect Web contents ageist various Web attacks. Components and extended security features are: protection of Web pages using strong encryption techniques, encapsulation of Web contents and resources in PKCS#7, extended secure execution environment for Java Web Server, eXtensible Access Control Markup Language (XACML) based authorization policies, and secure Web proxy. Design and implementation of our system is based on the concepts of generic security objects and component-based architecture that makes it compatible with exiting Web infrastructures without any modification.

A Design of an Access Control Model for Multilevel-Security Documents

In this paper we describe an access control model for multilevel-security documents, those structured into multiple sections based on certain security classifications. Our access control system uses XACML policies to allow documents, whose contents have varying sensitivity levels, to be created, viewed, and edited by groups that have members with varying clearance levels, while enforcing the required security constraints.

Secure and Privacy-enhanced E-Mail System based on the Concept of Proxies

Security and privacy on the Internet and especially the e-mail, is becoming more and more important and crucial for the user. The requirements for the protection of e-mail include issues like tracking and privacy intrusions by hackers and commercial advertisers, intrusions by casual observers, and even spying by government agencies. In an expanding email use in the digital world, Internet and mobile, the quantity and sensitivity of personal information has also tremendously expanded. Therefore, protection of data and transactions and privacy of user information is key and of interest for many users. Based on such motives, in this paper we present the design and current implementation of our secure and privacy-enhanced e-mail system. The system provides protection of e-mails, privacy of locations from which the e-mail system is accessed, and authentication of legitimate users. Differently from existing standard approaches, which are based on adding security extensions to e-mail clients, our system is based on the concept of proxy servers that provide security and privacy of users and their e-mails. It uses all required standards: S/MIME for formatting of secure letters, strong cryptographic algorithms, PKI protocols and certificates. We already have the first implementation and an instance of the system is very easy to install and to use.

An Architecture for Secure m-Commerce Applications

As mobile communication technology evolves, more and more features are available to users of mobile devices. The adoption of such features is rapid and the demand for more capabilities is growing, especially with the development of the Internet of Things. One of the most challenging and sensitive concepts used in the always connected mobile world is mobile commerce. Security for mobile financial transactions is of extreme high concern. In this paper we describe the architecture of a secure m-commerce system based on the concepts defined in the FP7 iCore project. We propose a framework that structures an m-commerce system in objects with semantic searching capabilities to provide an efficient and secure handling of system resources and transactions.