Tomasz Hyla

Managing Depth Information Uncertainty in Inland Mobile Navigation Systems

Rough sets theory allows to model uncertainty in decision support systems. Electronic Charts Display and Information Systems are based on spatial data and together with build-in analysis tools pose primary aid in navigation. Mobile applications for inland waters use the same spatial information in form of Electronic Nautical Charts. In this paper we present a new approach for designation of a safety depth contour in inland mobile navigation. In place of manual setting of a safety depth value for the need of navigation-aid algorithm, an automatic solution is proposed. The solution is based on spatial characteristics and values derived from bathymetric data and system itself. Rough sets theory is used to reduce number of conditional attributes and to build rule matrix for decision-support algorithm.

Analysis of radar integration possibilities in inland mobile navigation

Radar image displayed over chart information can be invaluable in inland areas where spatial information is outdated, incomplete or often alternating. Not only it may show any navigational obstacles, but also detects shoreline. Existing non-professional inland mobile navigation systems provide weak capabilities for using sensors data other than for positioning purposes. In the paper, we present a few possibilities to integrate radar and other sensors into mobile navigation system to enhance its users navigation experience on inland water. In order to achieve this feature, we propose a model of radar integration into mobile navigational system for leisure craft users of inland waters. Additionally, technical and navigational aspects of radar integration was examined and suitable techniques were proposed.

Model of Collaborative Data Exchange for Inland Mobile Navigation

Current mobile navigation systems increasingly rely on users’ input and networking. Inland traffic participants use many different sensors for navigational purposes which can be used to acquire missing information or to verify data provided in Electronic Navigational Charts or by other available information services. MOBINAV system is being developed mainly for recreational users of inland waters. It combines marine achievements in fields of advanced ECDIS systems with inland and leisure specifics needed to ensure a complete picture of the navigational situation. In this paper we present a full model of user data exchange obtained by their mass collaboration. Main assumptions, types of information, model description, and its verification method are presented.

Implicit and Explicit Certificates-Based Encryption Scheme

Certificate-based encryption (CBE) combines traditional public-key encryption and certificateless encryption. However, it does suffer to the Denial of Decryption (DoD) attack called by Liu and Au. To capture this attack, they introduced a new paradigm called self-generated-certificate public key cryptography. In this paper we show that the problem of DoD attack can be solved with a new implicit and explicit certificates-based public key cryptography paradigm. More importantly, we propose a concrete implicit and explicit certificate-based encryption (IE-CBE) scheme that defends against DoD attack. This new scheme is enhanced version of CBE scheme and preserves all its advantages, i.e., every user is given by the trusted authority an implicit certificate as a part of a private key and generates his own secret key and corresponding public key. In addition, in the IE-CBE scheme trusted authority has to generate an explicit certificate for a user with some identity and a public key. We prove that our scheme is IND-CCA2− and DoD-Free secure in the random oracle model as hard is to solve p-BDHI and k-CCA problems.

A Practical Certificate and Identity Based Encryption Scheme and Related Security Architecture

Group encryption schemes based on general access structures can be used to build advanced IT systems, which store and manage confidential documents. The paper proposes a reference architecture of public key cryptography infrastructure required to implement CIBE-GAS scheme. The CIBE-GAS scheme is a certificate-based group-oriented encryption scheme with an effective secret sharing scheme based on general access structure and bilinear pairings. The security architecture required to implement the scheme must be compliant with common standards and technical specifications, e.g. X.509 certificate format and XML-encryption standard for messages. In order to encrypt arbitrary-length messages, we also suggest a new CIBE-GAS-H scheme with a key encapsulation mechanism based on the techniques of Bentahar et al., and combined with one-time symmetric-key encryption.

Practical Authentication Protocols for Protecting and Sharing Sensitive Information on Mobile Devices

Mobility of users and information is an important feature of IT systems that must be considered during design of sensitive information protection mechanisms. This paper describes an architecture of MobInfoSec system for sharing documents with sensitive information using fine-grained access rules described by general access structures. However, the proper usage of general access structures requires trusted components and strong authentication protocols. They allow to establish secure communication channels between different system components. In the paper we propose a conference protocol based on Boyd’s ideas with key transport and key establishment mechanisms. We show that the protocol achieves three goals: (a) the key and participants’ mutual authentication, (b) the common secure communication channel, and (c) the personal secure communication channels between the protocol initializer and other protocol participants.

Non-standard Certification Models for Pairing Based Cryptography

In the traditional Public Key Infrastructure (PKI), a Certificate Authority (CA) issues a digitally signed explicit certificate binding a user’s identity and public key to achieve this goal. The main goal of introducing an identity-based cryptosystem and certificateless cryptosystem was avoiding certificates’ management costs. In turn, the goal of introducing an implicit certificate-based cryptosystem was to solve the certificate revocation problem. The certificate and pairing based cryptography is a new technology and at present that technology mainly exists in theory and is being tested in practice. This is in contrast to PKI-based cryptography, which has been an established and is widespread technology. New types of cryptographic schemes require new non-standard certification models supporting different methods of public keys’ management, including theirs generation, certification, distribution and revocation. This paper takes a closer look at the most prominent and widely known non-standard certification models, discusses their properties and related issues. Also, we survey and classify the existing non-standard certification models proposed for digital signature schemes that are using bilinear pairings. Then we discuss and compare them with respect to some relevant criteria.

Implementation of Pairing-Based Cryptographic Trust Infrastructure in Mobile Environment

Current trends in information system design show that users should have access to services provided by information system offered on their mobile devices. Because many information systems store sensitive information, appropriate protection mechanisms must be deployed. This paper presents the software libraries (APIs) that can be used to implement pairing-based systems on mobile devices. Variety of mobile devices causes that is necessary to design a generic trust infrastructure that will allow to implement efficiently a system that uses parings. There are two basic paradigms that can be used: client-server or cloud-based. The analysis of pros and cons of the architectures showed that it is faster and easier to implement pairing application using cloud-based approach mainly because of the lower number of components required to implement, e.g., the library containing pairing calculations must be only prepared for one operating system instead of many that are using different technologies. The tests conducted using cloud-based demonstrator showed, that in case of documents signing and verification with auxiliary server instead of the mobile device, the pairing calculation time is marginally short in relation to the required to retrieve documents from a remote location. Streszczenie. Aktualne trendy w projektowaniu systemow informacyjnych pokazują, ze uzytkownik powinien miec dostep do uslug systemow IT za pomocą urządzen mobilnych. W przypadku przechowywania informacji wrazliwej w systemach informacyjnych muszą byc wdrozone odpowiednie mechanizmy zabezpieczen. W artykule zaprezentowano biblioteki programowe (API), umozliwiające implementacje systemow wykorzystujących odwzorowania dwuliniowe na urządzeniach mobilnych. Roznorodnośc urządzen mobilnych powoduje, ze konieczne jest zaprojektowanie ogolnej infrastruktury zaufania, w szczegolności przy zalozeniu wykorzystania odwzorowan dwuliniowych. W artykule zostaly przeanalizowane dwa podstawowe podejścia bazujące na modelu klient-serwer i modelu bazującym na chmurze. Testy bazujące na demonstratorze wykorzystującym model chmury pokazaly, ze czas obliczen odwzorowania przy podpisywaniu i weryfikowaniu podpisu cyfrowego jest bardzo maly w stosunku do czasu pobierania plikow ze zdalnych serwerow. (Implementacja kryptograficznej infrastruktury zaufania opartej na odwzorowaniach dwuliniowych w środowisku mobilnym).

Protection Profile for Secure Sensitive Information System on Mobile Devices

The mobility of the user and information is a factor that should be taken into account during the design and development of mechanisms protecting the sensitive stored, exchanged and processed information on mobile devices. This paper discusses the security profiles for the user and dispatcher subsystems protecting sensitive information on the mobile device called MobInfoSec. MobInfoSec is a system providing users with secure sensitive documents by using the specialized class SP cryptographic module, which protects directly the trusted system components through implementing ORCON access control rules. Protection Profile defines the security functional requirements for MobInfoSec system executing the encryption/decryption of documents based on addressed access policies. The article includes a general description of MobInfoSec system, including assets, assumptions, threats, policies and functional requirements necessary for the evaluation of security functions developed in accordance with requirements of the standard ISO/IEC 15408 (called the Common Criteria).

A Signature Scheme Based on Implicit and Explicit Certificates Against k-Traitors Collusion Attack

In 2002, Mitsunari, Sakai and Kasahara formulated the Collusion Attack Algorithm with k traitors (known as k-CAA problem) and used it to develop the first traitor tracing scheme based on the bilinear pairings. Traitor tracing scheme is needed to discourage legitimate subscribers from sharing their secret keys to construct pirate decoders. In this paper, we propose a first signature scheme (IE-CBS-kCAA) based on k-CAA problem, which belongs to the fourth category of PKC schemes: the public key cryptography schemes based on an implicit and explicit certificates. The security analysis proves that our IE-CBS-kCAA scheme is secure against two game attacks in the random oracle model. The security is closely related to the difficulty of solving the modified k-CAA and discrete logarithm problems.