Thomas Hardjono

Fundamentals of Computer Security

From the Publisher: The book studies modern concepts of Computer Security. It is selfcontained in the sense that it introduces the basic mathematical background necessary to follow computer security concepts. Next we examine modern developments in Cryptography starting from private-key and public-key encryption, going through hashing, digital signatures, authentication, secret sharing, group-oriented cryptography, pseudorandomness, key establishment protocols, zero-knowledge protocols, identification and finishing with an introduction to modern e-business systems based on digital cash. Intrusion detection and access control provide examples of security systems implemented as a part of operating system. Database and network security is also discussed.

Cloud-Based Commissioning of Constrained Devices using Permissioned Blockchains

In this paper we describe a privacy-preserving method for commissioning an IoT device into a cloud ecosystem. The commissioning consists of the device proving its manufacturing provenance in an anonymous fashion without reliance on a trusted third party, and for the device to be anonymously registered through the use of a blockchain system. We introduce the ChainAnchor architecture that provides device commissioning in a privacy-preserving fashion. The goal of ChainAnchor is (i) to support anonymous device commissioning, (ii) to support device-owners being remunerated for selling their device sensor-data to service providers, and (iii) to incentivize device-owners and service providers to share sensor-data in a privacy-preserving manner.

Privacy, Big Data, and the Public Good: The New Deal on Data: A Framework for Institutional Controls

Introduction In order to realize the promise of a Big Data society and to reduce the potential risk to individuals, institutions are updating the operational frameworks which govern the business, legal, and technical dimensions of their internal organizations. In this chapter we outline ways to support the emergence of such a society within the framework of the New Deal on Data , and describe future directions for research and development. In our view, the traditional control points relied on as part of corporate governance, management oversight, legal compliance, and enterprise architecture must evolve and expand to match operational frameworks for big data. These controls must support and reflect greater user control over personal data, as well as large-scale interoperability for data sharing between and among institutions. The core capabilities of these controls should include responsive rule-based systems governance and fine-grained authorizations for distributed rights management. The New Realities of Living in a Big Data Society Building an infrastructure that sustains a healthy, safe, and efficient society is, in part, a scientific and engineering challenge which dates back to the 1800s when the Industrial Revolution spurred rapid urban growth. That growth created new social and environmental problems. The remedy then was to build centralized networks that delivered clean water and safe food, enabled commerce, removed waste, provided energy, facilitated transportation, and offered access to centralized health care, police, and educational services. These networks formed the backbone of society as we know it today.

Secure and scalable inter-domain group key management for N-to-N multicast

The paper contributes a new architecture for secure and scalable inter-domain group key management for N-to-N (conference) IP multicast. The architecture views the multicast routing infrastructure from the key management plane, and logically divides it into two general types of regions for key management to achieve scalability. The work extends the centralized solution of (Wong et al., 1998) into a distributed key management scheme suitable for inter-domain multicast group key management. Methods for initiating new multicast groups, as well as for members joining and leaving, are presented. The paper also considers two general types of IP-multicast that need to be made secure if multicast is to be one of the vehicles for future wide-scale delivery of voice, video and text over the Internet.

Public-Key Cryptosystems

In 1976 Diffie and Hellman [152] described the framework for public-key cryptography. It was not until 1978 that three designs for public-key cryptosystems were published. Rivest, Shamir, and Adleman [431] showed how the discrete logarithm and factorization problems could be used to construct a public-key cryptosystem. This is the well-known RSA cryptosystem. Merkle and Hellman [339] used the knapsack problem in their construction. McEliece [329] built a system based on error correcting codes. Later in 1985 ElGamal [163] designed a public-key cryptosystem using the discrete logarithm problem. Koblitz [283] and Miller [346] suggested the use of elliptic curves in the design of public-key cryptosystems. Nowadays, there are quite a few more suggestions as to how to design public-key cryptosystems, but none so popular as the RSA and ElGamal cryptosystems.

Group key management for IP multicast: model & architecture

The Internet key exchange protocol as it stands is unsuitable for secure group and IP multicast communications due to the method of negotiating security association (SA) elements. This paper reports developments in the IETF in this area. In particular, it describes the design of the group key management architecture and group security association (GSA) model within the secure multicast group (SMUG) in the IRTF, and which have recently been carried-over into the multicast security (MSEC) Working Group in the IETF.

Secure end-to-end delegations in distributed systems

Delegation of tasks represents an important aspect of a distributed system, which sustains the availability of services offered by such a system. A necessary requirement of delegations is that they be performed in a secure and manner. This paper presents a delegation scheme based on an adapted ZS-3 public key cryptosystem^2^4. The scheme allows an originator of the delegation to specify the executor of the delegated task and the intermediaries that participate in the event. It also features the ability of the executor to verify that all participating intermediaries remain uncompromised. The scheme attains a level of security against internal and external attacks, which is equivalent to the solving of instances of the discrete logarithm problem, thus making it an attractive candidate for delegations in distributed systems from the point of view of security.

Secure delegation of tasks in distributed systems

The authors introduce the notion of task-delegation as compared to the delegation of rights only (rights-delegation). The reasoning behind the notion of task-delegation is presented, citing examples from the human world and from the realm of computers. This notion of task-delegation is captured in a 1-phase certification server (2PCS) which the authors develop as a hybrid between authentication servers (based on shared key cryptosystems). The 2PCS allows on enode to task-delegate to another in a secure manner, and it achieves a high level of security due to its underlying strong cryptosystem. Within the framework of the TRON architecture the features embodied within the 2PCS can be integrated within the CTRON architecture, either within a stand-alone server that mediates access to other CTRON servers (e.g., file server) and other TRON components, or within existing servers to guard access to their corresponding resources. The first option represents a more manageable solution since cryptographic information (such as keys) need not be replicated. Other servers can then be treated as principles equivalent to the BTRON workstations. In either approach, the authors believe that the notion of task-delegation and the security features of the 2PCS can be a useful step towards integrating security into the TRON architecture.

Architecture Board Practices in Adaptive Enterprise Architecture with Digital Platform: A Case of Global Healthcare Enterprise

This article aims to investigate solutions incorporated by a group called an Architecture Board in the global healthcare enterprises (GHE) for solving issues and mitigating related architecture risks while implementing “Adaptive Integrated EA framework,†which can be applied in companies promoting IT strategy using Cloud/Mobile IT. The distribution of solutions is to mitigate risks from different categories across the architecture domains in enterprise architecture (EA) is revealed, thereby covering applications, involving ERP, and technologies using the Cloud/Mobile IT/Digital IT. An in-depth analysis of this distribution can act as practical guidance for companies that consider starting up an Architecture Board, by utilizing digital platforms, while moving toward a digital transformation in an adaptive EA aligned with an IT strategy, encompassing digital IT-related elements.

An adaptive enterprise architecture framework and implementation: Towards global enterprises in the era of cloud/mobile IT/digital IT

Considering the relation between Enterprise Architecture (EA) and IT is a prerequisite when promotingtheuptakeofITbysocieties.Inthispaper,theauthorsproposean“AdaptiveIntegrated EAframework,”basedontheresultsofasurvey,tosupportthestrategyofpromotingcloud/mobile IT.Theyconsideredauniqueadvancedcaseandprovidedetailsand thestructure/mechanismof buildingthisEAframeworkinaglobalpharmaceuticalcompany.Moreover,theauthorsrevealed theeffectivenessoftheproposedEAframeworkbyevaluating/analyzingtheproblemscausedbythe rapidshifttocloud/mobileITindivisionsintheUSandEurope.Furthermore,theycomparedthe characteristicsofTheOpenGroupArchitectureFramework(TOGAF)andthe“AdaptiveIntegrated EAframework”(globaldeployment)inbuildingEAframeworkswhileevaluatingtheeffectivenessof thisframeworktoachievedigitaltransformation.Finally,theauthorsclarifythechallenges,benefits, andcriticalsuccessfactorsoftheframeworktoassistEApractitionerswithitsimplementation. KEywoRDS Case Study, Cloud Computing, Digital Transformation, EA, Enterprise Architecture, Enterprise Mobile IT, Global Corporation, Integration