Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Slides:



Advertisements
Similar presentations
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
THE JINI TECHNOLOGY Alessio Zumbo
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Licensing Division Reengineering Project Requirements Workshop Copyright Owners 1/26/2011.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Web services security I
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Chapter 10: Authentication Guide to Computer Network Security.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
1 Boundary Control Chapter Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
 A Web service is a method of communication between two electronic devices over World Wide Web.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
DIGITAL SIGNATURE.
Jini Architecture Introduction System Overview An Example.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Jini Architectural Overview Li Ping
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Using Public Key Cryptography Key management and public key infrastructures.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.
Electronic Banking & Security Electronic Banking & Security.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
TAG Presentation 18th May 2004 Paul Butler
Key management issues in PGP
TAG Presentation 18th May 2004 Paul Butler
e-Health Platform End 2 End encryption
Digital Signature.
Computer Security Security Concepts September 20, 2018
ONLINE SECURE DATA SERVICE
PKI (Public Key Infrastructure)
Security in SDR & cognitive radio
National Trust Platform
Presentation transcript:

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon

Introduction The paper is proposing an extension to the Jini Architecture to provide for the ability to charge for the usage of a Jini lease. The paper is proposing an extension to the Jini Architecture to provide for the ability to charge for the usage of a Jini lease. Jini already has the ability to provide a lease for a resources, so the authors are proposing an extension to the leasing framework. Jini already has the ability to provide a lease for a resources, so the authors are proposing an extension to the leasing framework. The authors then go on to provide a number of solution to the problems that come from using billable leases. The authors then go on to provide a number of solution to the problems that come from using billable leases. The main focus of the paper is the problems of starting and stopping a leased service. The main focus of the paper is the problems of starting and stopping a leased service.

Background Information on Jini The goal of Jini is to create a distributed computing environment that allows for rapid configuration of software and devices using a “plug and play” model. The goal of Jini is to create a distributed computing environment that allows for rapid configuration of software and devices using a “plug and play” model. When a Jini device is attached to a network it announces its presence. After its presence has been announced, other components can then use the services it has to offer. When a Jini device is attached to a network it announces its presence. After its presence has been announced, other components can then use the services it has to offer.

How Jini Works There are three central components of Jini. There are three central components of Jini. 1. The service is a piece of independent functionality made available to other users. 2. The client is a device or software component that would like to use a service. 3. The lookup service is a special service that keeps track of the other services in a community.

Lookup Service

Jini Leases A Jini lease is a contract between two parties. A Jini lease is a contract between two parties. The lease grantor has a resource they are willing to grant to another party. The lease grantor has a resource they are willing to grant to another party. Lease holder then uses the resource of the lease grantor. Lease holder then uses the resource of the lease grantor. Before granting access to a resource, a length of time is negotiated between the two parties. The lease grantor always has the final say in the negotiation of time length. Before granting access to a resource, a length of time is negotiated between the two parties. The lease grantor always has the final say in the negotiation of time length. Jini leases are primarily used for garbage collection. It provides a convenient way for unused resources to be freed when the lease expires. Jini leases are primarily used for garbage collection. It provides a convenient way for unused resources to be freed when the lease expires.

Lease Interface Any object that wishes to grant a lease must implement the lease interface. Any object that wishes to grant a lease must implement the lease interface. public interface Lease { // duration is in milliseconds void cancel() throws UnknownLeaseException, RemoteException; long getExpiration(); void renew(long duration) throws LeaseDeniedException, UnknownLeaseException, RemoteException; … }

Extension to Jini Leases The authors envision using Jini leases in a commercial environment. The authors envision using Jini leases in a commercial environment. Service providers could then charge a fee for the use of their services. Service providers could then charge a fee for the use of their services. In a Jini system software entities communicate with each other. This poses a problem, the typical model used on world-wide web is to generate revenue for the services provided through advertising, this model is unacceptable in this case. In a Jini system software entities communicate with each other. This poses a problem, the typical model used on world-wide web is to generate revenue for the services provided through advertising, this model is unacceptable in this case. Two pricing models could be used in the charging for a service. They are: unit-based pricing and time-based pricing. Two pricing models could be used in the charging for a service. They are: unit-based pricing and time-based pricing. A few examples of services that could be leased for a fee are: a storage service which could be used to perform temporary calculations, also software components that rarely used could be leased. A few examples of services that could be leased for a fee are: a storage service which could be used to perform temporary calculations, also software components that rarely used could be leased.

Problems with Jini Leases Using Jini leases in a commercial environment poses a number of problems. Using Jini leases in a commercial environment poses a number of problems. The majority of the problems deal with the security threats to the Jini lease model when used in a commercial environment. The majority of the problems deal with the security threats to the Jini lease model when used in a commercial environment. Problems that arise: Problems that arise: Violation of Integrity Violation of Integrity Theft of Information Theft of Information Denial of Service Denial of Service Repudiation: it cannot be verified that a user has performed a certain action. Repudiation: it cannot be verified that a user has performed a certain action. For integrity and confidentiality authors propose the use of encryption to combat these threats. For integrity and confidentiality authors propose the use of encryption to combat these threats. The intent of the paper was to focus on the threat of repudiation. The intent of the paper was to focus on the threat of repudiation.

Problems with Charging for Services 1. The service provider must be sure that a client has really ordered a service. 2. Clients want to be sure that a service provider has received an order. 3. It should be impossible for a client to use a service and not pay for it. 4. A service provider should not be able to get money for a service they have failed to provide.

Non-repudiation The parties involved must have some way of guaranteeing that each one completes their part of a contract. The parties involved must have some way of guaranteeing that each one completes their part of a contract. If a dispute arises between the parties there must be a way to determine who is right or wrong. If a dispute arises between the parties there must be a way to determine who is right or wrong. The authors state “the goal of non-repudiation is to transfer the concept of proofable contracts to the users action in IT systems.” The authors state “the goal of non-repudiation is to transfer the concept of proofable contracts to the users action in IT systems.”

Requirements for Non-repudiation All participants must trust the concept of and functionality of a service. All participants must trust the concept of and functionality of a service. All participants must be willing to accept the result of the validation of proofs. All participants must be willing to accept the result of the validation of proofs. The judgment must be enforceable. The judgment must be enforceable. A legal binding must be established for the basic cryptographic mechanisms. A legal binding must be established for the basic cryptographic mechanisms.

External Dependencies A number of additional external services are need along with the non-repudiation service the authors are proposing. A number of additional external services are need along with the non-repudiation service the authors are proposing. Public Key Infrastructure: key management is need to provide digital signatures. Public Key Infrastructure: key management is need to provide digital signatures. Secure Time Service: a trusted time service is required. Secure Time Service: a trusted time service is required. Secure Storage: electronic evidence must be stored in a secure location. Secure Storage: electronic evidence must be stored in a secure location. All communication channels must be secure. All communication channels must be secure.

Proposed Architecture First, there is set of rules that the service must obey. First, there is set of rules that the service must obey. Java interfaces are used to define a number of methods that must be implemented. Java interfaces are used to define a number of methods that must be implemented. The authors propose extending the Lease interface with a BillableLease interface. The authors propose extending the Lease interface with a BillableLease interface. Every service must also implement the AccessCharge interface to associate a cost to a service. Every service must also implement the AccessCharge interface to associate a cost to a service. The two proposed interfaces use some additional objects which are : a Contract object and a Evidence object. The two proposed interfaces use some additional objects which are : a Contract object and a Evidence object. Contracts must be remotely accessible object that link a service to a specific contract. The authors envision contracts as being signed xml documents. Contracts must be remotely accessible object that link a service to a specific contract. The authors envision contracts as being signed xml documents. The Evidence objects are objects created by the non-repudiation service which we will see shortly. The Evidence objects are objects created by the non-repudiation service which we will see shortly.

Proposed Interfaces public interface BillableLease extends Lease{ Contract getContract(); long getCost(); Evidence renew(long duration, Evidence ProofOfOrgin); Evidence cancel(Evidence ProofOfOrgin); } public interface AccessCharge{ AccessGrant start(Contract termsAndConditions, Evidence proofOfOrgin, long duration); }

Proposed Architecture The second part of the architecture are the run-time services. The second part of the architecture are the run-time services. Non-repudiation service Non-repudiation service Time service Time service Accounting service Accounting service

Non-repudiation Service It Creates pieces of evidence (proofs). It Creates pieces of evidence (proofs). It persistently stores evidence (proofs). It persistently stores evidence (proofs). Evidences contained in proofs: Evidences contained in proofs: The contract that has been applied The contract that has been applied Type of action or event (method name called) Type of action or event (method name called) Parameters of the method Parameters of the method A signed time stamp A signed time stamp The identity of issuer of proof The identity of issuer of proof The identity of both parties The identity of both parties Hash value for validation of the proof Hash value for validation of the proof

Non-repudiation Service Steps required for the non-repudiation service. Steps required for the non-repudiation service. 1. Evidence generation 2. The transmission, storage and retrieval of evidence 3. Validation of evidence 4. Settlements of conflicts The authors note that settlements of conflicts will usually be done by human intervention. The authors note that settlements of conflicts will usually be done by human intervention.

Time Service The time service is a trusted entity that supplies time stamps. The time service is a trusted entity that supplies time stamps. The time service is needed because of lack of synchronized time in a distributed systems. The time service is needed because of lack of synchronized time in a distributed systems. The non-repudiation service will then use the timestamps generated from the time service. The non-repudiation service will then use the timestamps generated from the time service.

Accounting Service The accounting service is responsible for storing and retrieving billing records. The accounting service is responsible for storing and retrieving billing records. Contains information such as the time and length of service usage, type of service used, identification of the client and a reference to the contract used. Contains information such as the time and length of service usage, type of service used, identification of the client and a reference to the contract used.

Component Interaction

Starting a Billable Lease 1. To initiate the use of a service the client sends a message to the non- repudiation service to generate a proof of origin. 2. The client then receives the proof of origin from the non-repudiation service. 3. The client then calls the start method from the AccessCharge interface and supplies the proof of origin along with the additional required parameters which is sent to the service provider. 4. When the service provider receives the start request, the service provider then asks the non-repudiation service to generate a proof of receipt. 5. The service provider upon receiving the proof of receipt from the non- repudiation service, then returns to the client a proof of receipt and a billable lease. 6. The client has now established a lease and can use the services. 7. At the completion of the service usage the service provider sends a billing record to the account service.

Starting a Lease

Future Work There is no standardized and usable non- repudiation service. There is no standardized and usable non- repudiation service. Ways to negotiate contracts between parties needs to be established. Ways to negotiate contracts between parties needs to be established. Ways to keep clients and service providers anonymous. Ways to keep clients and service providers anonymous.