Presentation is loading. Please wait.

Presentation is loading. Please wait.

A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.

Published bySherman Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School."— Presentation transcript:

1 A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School of Information Technology and Engineering (SITE) and Jennifer Chandler Faculty of Law University of Ottawa

2 Abstract In the context of e-commerce applications, access control must be combined with authentication and trust management. In this presentation, we consider several typical usage scenarios for mobile e-commerce users. We consider the security requirements which include authentication, authorization, privacy, and risk management, and discuss how these requirements can be met with various access control and trust management models. We then present a secure e-commerce framework including functions for authentication, role-based access control and trust management for clients as well as service providers. The distributed trust management system allows the client to choose the service provider based on trust information, and the service provider may determine his trust in the user before determining the access rights that will be granted; we note that this may raise certain privacy law issues. An experimental implementation of this framework is then presented which is based on our previous work [1,2,4] and incorporates the "XML Security Suite" from IBM. The presentation will introduce the architecture of this security framework, highlight some of the system components and discuss implementation choices and performance issues.

3 Overview Usage scenarios and security requirements Background studies Home directory for mobile users Authentication for mobile users A trust model Combining trust and access control Security and trust for mobile users System Implementation Conclusion

4 Typical Scenarios Mobile users: in a foreign domain – using portable and ad hoc devices I.VoIP Conversation Bob starts audio/video conversation with Alice over Internet while he is in a hotel. II.Secure Printing Bob needs to print sensitive documentations from a commercial site III.Anonymous Online Service Bob requests a online service from a hotel room without disclosing his identification to service provider

5 Security requirements Data integrity Authentication Privacy, Anonymity Access control, Authorization Signatures with non-repudiation … and Trust …

6 Background study Authentication for mobile users Enable support for mobile user and services: The concept of home directory[1]

7 Background study Authentication for mobile users Proposed authentication model for mobile users: A secure authentication protocol for mobile users[2]

8 Background study Transactions based on trust Existing access control model for mobile users: Autonomic Distributed Authorization Middleware [3] (Figure adapted from [3])

9 Background study Trust model with statistical foundation Proposed trust model for mobile users: A trust model with statistical foundation[4]

10 Overview of proposed system (with typical scenario II) While Bob is on a business trip in Paris, he wants to print his bank statement from a hotel ’ s business center of which he is staying at

11 Phase I: Authentication & Role Assignment Additionally, Bob receive a set of Roles from F.A, each of which has the form of CERT FA ( R x, ID Bob ) CERT FA (Role{R1, R 2, R 3,…}) At this point, Bob and F.A. share Ks 2 while Bob and H.A. share Ks 3.

12 Phase II: Service Selection

13 Phase III: Service Request & Access Control

14 Phase IV: Service Reputation update

15 Implementation Environment Open wireless LAN Service Directory & Reputation Server: well- known URL Use of XACL (XML-encoded) Service request/response messages Access policy representation Role assignment: based on trust Implementation: Java (Sun JVM and Blackdown java on IPAQ) IBM Security Suite (XACL support)

16 Implementation architecture PC-1 PC-2 PC-3 Ipaq

17 Conclusion Secure e-commerce framework for fixed and mobile users authentication role-based access control trust management for clients as well as service providers The general framework can be customized to fit any particular service requirement Performance of a simplified system implementation is still under investigation

18 Reference 1.K. El-Khatib, Zhen E. Zhang, N. Hadibi, and G. v. Bochmann, Personal and Service Mobility in Ubiquitous Computing Environments, Journal of Wireless communications and Mobile Computing, 2004 2.G. v. Bochmann and Zhen E. Zhang, A secure authentication infrastructure for mobile users, Advances in Security and Payment Methods for Mobile Commerce, 2004 3.A. Seleznyov, S. Hailes, An access control model based on distributed knowledge management, 18th International Conference on Advanced Information Networking and Applications, 2004. 4.Jianqiang Shi, G. v. Bochmann and Carlisle Adams, A trust model with statistical foundation, Workshop on Formal Aspects in Security and Trust (FAST '04), 18th IFIP World Computer Congress, 2004

19 Thank you! Questions ?

Download ppt "A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School."

Similar presentations

Fraunhofer Institute Secure Telecooperation Areas of Work.

Fraunhofer Institute Secure Telecooperation Areas of Work.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Secure Communication Architectures.

Secure Communication Architectures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.

“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.
A.Vandenberg August 7, 2001 HE PKI Summit 20021 State of Georgia and PKI Art Vandenberg Director, Advanced Campus Services Information Systems & Technology.

A.Vandenberg August 7, 2001 HE PKI Summit State of Georgia and PKI Art Vandenberg Director, Advanced Campus Services Information Systems & Technology.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
ASNA Architecture and Services of Network Applications Research overview and opportunities L. Ferreira Pires.

ASNA Architecture and Services of Network Applications Research overview and opportunities L. Ferreira Pires.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.

Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

Similar presentations

Ads by Google