Seppo Heikkinen

Tailored Security: Building Nonrepudiable Security Service-Level Agreements

The security features of current digital services are mostly defined and dictated by the service provider (SP). A user can always decline to use a service whose terms do not fulfill the expected criteria, but in many cases, even a simple negotiation might result in a more satisfying outcome. This article aims at building nonrepudiable security service-level agreements (SSLAs) between a user and an SP. The proposed mechanism provides a means to describe security requirements and capabilities in different dimensions, from overall targets and risks to technical specifications, and it also helps in translating between the dimensions. A negotiation protocol and a decision algorithm are then used to let the parties agree on the security features used in the service. This article demonstrates the feasibility and usability of the mechanism by describing its usage scenario and proof-of-concept implementation and analyzes its nonrepudiability and security aspects.

Non-repudiable service usage with host identities

Security design of many communication systems relies on the authentication of the users, but equally important is to consider the authorisation of actions. Often authorisation is implied from authentication, but this may not take into account the privacy or privilege granularity requirements. Another view point is that providing compensation for the usage of the resources can be regarded as an act that fulfils the authorisation requirement. Thus, both the user and the provider of service have economic interests regarding the service usage and they should have a uniform view of the transactions taking place. Currently, there are no strong means in use to ensure this and the both parties have the possibility of cheating at the time of charging. This paper considers how inclusion of an authorisation mechanism into host identity protocol (HIP) can be used to provide a communication system that ensures correctness of service charging for both parties and better granularity of rights.

Security and accounting enhancements for roaming in IMS

As the multimedia services are gaining popularity, the operators are seeking new architectures, such as IP Multimedia Subsystem (IMS), that would allow provision of these services with sufficient level of quality and security. In the future, however, it is not anymore so clear who is an operator, because the ubiquitous communication visions enables every player to interact in multitude of ways with other entities and provide services of their own. In this paper we investigate a setting, where a roaming subscriber wishes to receive service from an operator, who has no previous relationship with the home operator. We propose methods based on cryptographic identities which enable the each party to get assurance about the authenticity of each participant and the accountability of the executed actions. While suggesting completely new mechanisms for existing systems, the proposal also addresses the needs to leverage the available infrastructures in a convenient way.

HIP based Approach for Configuration Provisioning

The most typical configuration procedure of a host involves the provision of an IP address and most often this is done with the help of dynamic host configuration protocol (DHCP). Unfortunately, the security of this procedure is largely non-existent. While the closed nature of the access networks has mitigated the vulnerability, the evolvement of the networks and increase in wireless use demand more stringent secure measures. This paper proposes the integration of DHCP with host identity protocol (HIP) mechanisms, so that the security measures inherent to HIP can be extended to protect the configuration information and its provisioning as well

Service Usage Accounting

In this article, a network-level, service-usage solution, which provides assured accounting information strongly bound to the host identity, so that the user is unable to repudiate the charges. To protect the user, the solution employs a granular approach, where evidence of service usage is provided in a piecemeal manner, i.e., pay as you go. An implementation of such a solution is presented, which is based on the employment of host identity protocol (HIP) and hash chains.

Establishing a Secure Peer Identity Association Using IMS Architecture

The advent of ubiquitous computing and the convergence of the heterogeneous networks provide new opportunities for the new players to enter the operator market. While network access will be available everywhere, the multitude and diversity of the access operators makes it hard to rely on the old paradigms of static operator relationships guaranteeing the identity of the users end-to-end. Therefore, there is need for mechanisms that allow the endpoints get assurance about the identity of their counterparts. This paper investigates the possibility of taking advantage of IP multimedia subsystem (IMS) in a roaming scenario to signal the needed identity parameters between two communication endpoints, which are basing their trust evaluation on their own home operators. This allows establishing a host identity protocol (HIP) style identity association, which can be used to protect any subsequent communication between the same entities.

A non-repudiable negotiation protocol for security service level agreements

Security service level agreements SSLAs provide a systematic way for end users at home or in the office to guarantee sufficient security level when doing business or exchanging sensitive personal or organizational data with an online service. In this paper, we propose an SSLA negotiation protocol that implements non-repudiation with cryptographic identities and digital signatures and includes features that make it resistant to denial of service attacks. The basic version of the protocol does not rely on the use of a trusted third party, and it can be used for all kinds of simple negotiations. For the negotiation about SSLAs, the protocol provides an option to use an external knowledge base that may help the user in the selection of suitable security measures. We have implemented a prototype of the system, which uses JSON Web Signature for the message exchange and made some performance tests with it. The results show that the computational effort required by the cryptographic operations of the negotiation protocol remains at a reasonable level. Copyright

Security and User Guidelines for the Design of the Future Networked Systems

Emergence of new networking technologies and paradigms provides users multitude of ways to communicate with each others and exchange information irrespective of time and place. Diversity of the available environments, however, sets requirements for the design processes so that the new architectures can offer a concise and secure usage experience. This cannot be answered in an off-hand fashion or as an add-on feature, but security and usability need to be taken into account right from the start. Seamless design cooperation of both is vital in achieving secure user experience. In this paper we discuss how security and user design guidelines within the ubiquitous future environment can be used to enhance both the security and user experience of the communication services. The paper brings forth network, service and user level aspects that need to be kept in mind when considering the technology oriented design processes of such networks.

An Architecture to Facilitate Membership and Service Management in Trusted Communities

Ubiquitous connectivity today allows many users to remain connected regardless of location with various kinds of communities. This paper studies challenges in building trusted communities that encompass both new users as well as users already possessing credentials from other well known connectivity providers, federations, content providers and social networks. We postulate that trusted communities are initially created as a means to access some services, but become enriched with user created services. We present an architecture aimed at managing the complexity of service composition, access as well as guarantees of authenticity. Since users possess multiple credentials from various identity providers, we address this in our architecture from the service access perspective. In addition, our model explicitly takes into account cases where users may temporarily be granted access to a community’s services based on recommendations from existing members.

Privacy-enhanced personalisation in ambient environments

In ambient environments both quantity and quality of context-aware, personalizable information will continuously increase. Acceptance and benefit will depend on personalization technologies which enable end-users to protect their privacy. However, starting from the experience how users, service providers and network operators nowadays take advantage of personalised services the authors deplore inadequate and intransparent control mechanisms for end-users in current platforms and implementations. The introduction of a structured approach in this paper to privacy requirements engineering helps analysing and identifying threats and challenges in future ambient scenarios. The paper promotes privacy-enhancing technologies, such as user empowerment, user-centric identity management, as well as pseudonyms and client-side personalization and gives an overview on legal requirements.