The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Recently, Khan et al. showed that Wang et al.'s dynamic ID-based remote user authentication scheme is not feasible for real-life implementations such as without preserving anonymity of a user during authentication, user cannot choose the password he/she wants, no provision for revocation of lost or stolen smart card, and can not provide session key agreement. Consequently, an improved version of dynamic...
Cloud computing delivery model can significantly reduce enterprise IT costs and complexities. This technology can handle the rapidly gowning environment and provide more flexible resources sharing and hence it has become as anew information technology infrastructure recently. In contrast to traditional enterprise IT solution, cloud computing moves the application software and databases to the servers...
A recent survey of the 451group on Cloud usage highlights software licensing as one of the top five obstacles for Cloud computing, quite similar to what has been observed in the Grid already a couple of years. The reasons are the same: the current praxis of software licensing, both in terms of business models and licensing technology. As a consequence, using commercial applications that require access...
Workflow access control is an important issue in workflow security. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for services, especially in workflow. In this paper we proposed an access control for Service-Oriented workflow system architecture. The...
XML became the de facto standard for the data representation and exchange on the internet. Regarding XML documents access control policy definition, OASIS ratified the XACML standard. It is a declarative language allowing the specification of authorizations as rules. Furthermore, it is common to formally represent XML documents as labeled trees and to handle secure requests through “user views”. A...
The automation of policy refinement, whilst promising great benefits for policy-based management, has hitherto received relatively little treatment in the literature, with few concrete approaches emerging. In this paper we present initial steps towards a framework for automated distributed policy refinement for both obligation and authorization policies. We present examples drawn from military scenarios,...
With the development of computer network, its security problem has been urgent at present. Authentication is an important part in the network security. It can prevent illegal user from accessing network. Traditional authentication method is password. But it cannot resist dictionary and playback attack. This paper would design an authentication framework which is effective and security by using LDAP...
The main goal of NAC is to extend the security of networks to the end-point by measuring the authenticity, integrity and security posture of each end-point prior to granting network access. To do this, the following functional areas must be present: authentication/authorization, assessment of security posture, quarantine and remediation. This paper presents an overview of an in-depth NAC requirement...
Recently, Elliptic Curve Cryptosystem (ECC) based remote authentication scheme has been used for mobile devices. For instance, Yang and Change proposed an ID-based remote mutual authentication with key agreement scheme for mobile devices on Elliptic Curve Cryptosystem in 2009. However, in this paper, we found that their scheme still is vulnerable to insider attack and impersonation attack. Therefore,...
Shibboleth, a growing popular solution to Single Sign-On (SSO), can simplify the user's operation process and reduce the resource provider's overhead. The multi-level security of Shibboleth has become a topic of concern. The basic Shibboleth infrastructure was introduced based on the current SSO solutions. Then we summarized the BLP model, which is considered the basic security axiom in our work....
Taiwan has recently opened the business of telephony services from IP network call to PSTN (IP2PSTN). However, due to the use of existing E.164 remote authentication code cannot be effectively confirmed the true identity of the IP caller, giving rise to a serious telephony supervision loopholes, and making the callee of PSTN involved in a lot of phone fraud attacks. In this study, an access authorization...
The primary role of network access control is to decide on the validity of user's identity accepted into the networks and authorization accessed to the particular resource so that users conforming to their established access polices achieve predefined services. This paper presents a specific scenario which supports quality of service (QoS) in network domain. The QoS access rules are based not only...
To improve the network active defense ability with intelligence defense, prevention, and authentication methods in campus network. the concept of intelligent active defense system is proposed based on web access control and 802.1X admission control, the two technologies have their own disadvantages whatever web technology or 802.1X access control, but if we develop their own advantages of web and...
It is well known that virtual private network (VPN) and intrusion prevention system (IPS) are all important network security schemes. Traditionally, both VPN and IPS need a clear network margin. However, now the rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. It is a noteworthy problem how to display wireless IPS (WIPS). Because...
The main weakness of passwords is that it is vulnerable to dictionary attacks implemented by automated programs. As the EKE protocol could resist the offline dictionary attack and the CAPTCHA could avoid automatic on-line dictionary attack implemented by the attacker, in this paper, based on the two protocols, we proposed the hybrid password authentication protocols. Our new password authentication...
Access control is an important security issue for the web. However, exiting methods still have some limitations. Most of them can not satisfy the requirements of loosely-coupled and fine-grained access control at the same time. This paper addresses this issue for web information system by proposing a novel access control method based on HTTP data stream filtration. It is loosely-coupled with web information...
MosaHIP is the abbreviation of the Mosaic-based Human Interactive Proof. Unfortunately, it has some shortcomings. In this paper, we propose an improved MosaHIP algorithm which is used to generate mosaic image test and guarantee that it can prevent massive automated access to web resources. In addition, it is well known that password-based authentication protocol is vulnerable to dictionary attack...
Firstly this paper introduced the development and application present state of domestic E-Government platform. Then XML Data-Bus, Ajax, Struts2.0, Spring2.5, Hibernate3.2 and lightweight MVC execution framework ASSH were introduced. A general design scheme of E-Government public and basic platform based on XML Data-Bus and ASSH was given. To verify the design scheme's feasibility, flexibility and...
The omnipresence of devices around the user must provide to him useful and relevant services according to its needs. However, each user wants to control how interact with his environment, in particular which services or data he is ready to share with this environment. Consequently, it is necessary to ensure a transparent access to the resources form any point of the pervasive space, to any probably...
This paper treats the problem of authentication through the multi-hop communication, authorization to services access, and efficient collaboration between ad hoc nodes in order to assure efficient packet relaying during services access, thus alleviating major problems in ad hoc networks deployment. A novel solution is proposed allowing for authentication and authorization of services, while coupling...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.