No. 3 (2012)
Published:
2012-09-30
ARTICLES FROM THIS ISSUE
-
Secured Workstation to Process the Data of Different Classification Levels
Abstract
The paper presents some of the results obtained within the ongoing project related with functional requirements and design models of secure workstation for special applications (SWSA). SWSA project is directed toward the combination of the existing hardware and software virtualization with cryptography and identification technologies to ensure the security of multilevel classified data by means of some formal methods. In the paper the requirements for SWSA, its hardware and software architecture, selected security solution for data processing and utilized approach to designing secure software are presented. The novel method for secure software design employs dedicated tools to verify the confidentiality and the integrity of data using Unified Modeling Language (UML) models. In general, the UML security models are embedded in and simulated with the system architecture models, thus the security problems in SWSA can be detected early during the software design. The application of UML topology models enables also to verify the fundamental requirement for MLS systems, namely the hardware isolation of subjects from different security domains.
-
Model of User Access Control to Virtual Machines Based on RT-Family Trust Management Language with Temporal Validity Constraints – Practical Application
Abstract
The paper presents an application of an RT-family trust management language as a basis for an access control model. The discussion concerns a secure workstation running multiple virtual machines used to process sensitive information from multiple security domains, providing strict separation of the domains. The users may act in several different roles, with different access rights. The inference mechanisms of the language are used to translate credentials allowing users to access different functional domains, and assigning virtual machines to these domains into clear rules, regulating the rights of a particular user to a particular machine, taking into account different periods of validity of different credentials. The paper also describes a prototype implementation of the model.
-
Cryptographic Protection of Removable Media with a USB Interface for Secure Workstation for Special Applications
Abstract
This paper describes one of the essential elements of Secure Workstation for Special Applications (SWSA) to cryptographic protection of removable storage devices with USB interface. SWSA is a system designed to process data classified to different security domains in which the multilevel security is used. The described method for protecting data on removable Flash RAM protects data against unauthorized access in systems processing the data, belonging to different security domains (with different classification levels) in which channel the flow of data must be strictly controlled. Only user authenticated by the SWSA can use the removable medium in the system, and the data stored on such media can be read only by an authorized user by the SWSA. This solution uses both symmetric and asymmetric encryption algorithms. The following procedures are presented: creating protected a file (encryption), generating signatures for the file and reading (decryption) the file. Selected elements of the protection systems implementation of removable Flash RAM and the mechanisms used in implementation the Windows have been described.
-
A Hybrid CPU/GPU Cluster for Encryption and Decryption of Large Amounts of Data
Abstract
The main advantage of a distributed computing system over standalone computer is an ability to share the workload between cores, processors and computers. In our paper we present a hybrid cluster system – a novel computing architecture with multi-core CPUs working together with many-core GPUs. It integrates two types of CPU, i.e., Intel and AMD processor with advanced graphics processing units, adequately, Nvidia Tesla and AMD FirePro (formerly ATI). Our CPU/GPU cluster is dedicated to perform massive parallel computations which is a common approach in cryptanalysis and cryptography. The efficiency of parallel implementations of selected data encryption and decryption algorithms are presented to illustrate the performance of our system.
-
Secure Biometric Verification Station Based on Iris Recognition
Abstract
This paper describes an application of the Zak-Gabor-based iris coding to build a secure biometric verification station (SBS), consisting of a professional iris capture camera, a processing unit with specially designed iris recognition and communication software, as well as a display (LCD). Specially designed protocol controls the access to the station and secures the communication between the station and the external world. Reliability of the Zak-Gabor-based coding, similarly to other wavelet-based methods, strongly depends on appropriate choice of the wavelets employed in image coding. This choice cannot be arbitrary and should be adequate to the employed iris image quality. Thus in this paper we propose an automatic iris feature selection mechanism employing, among others, the minimum redundancy, maximum relevance (mRMR) methodology as one, yet important, step to assess the optimal set of wavelets used in this iris recognition application. System reliability is assessed with approximately 1000 iris images collected by the station for 50 different eyes.
-
BSBI – a Simple Protocol for Remote Verification of Identity
Abstract
The paper presents the design and the rationale behind a simple verification protocol for autonomous verification modules, and the architecture enabling use of such modules. The architecture assumes strict separation of all personal metadata and the actual verification data. The paper also describes a prototype implementation of the protocol and its extension enabling the state of the module to be monitored from the main system. The proposed design solves the problem of using advanced verification methods, especially biometric ones, in systems where direct implementation is not possible due to hardware incompatibilities, insufficient resources or other limitations.
-
Drive Encryption and Secure Login to a Secure Workstation for Special Applications
Abstract
We discuss the problem of a secure login to a virtualized workstation. For increased security, the workstation’s hard drive is encrypted. During the startup, a decryption password to the drive must be entered by a user. We propose a solution that involves mutual authentication between the workstation and the user and ensures the password may be entered securely.
-
A Survey of Energy Efficient Security Architectures and Protocols for Wireless Sensor Networks
Abstract
Data security and energy aware communication are key aspects in design of modern ad hoc networks. In this paper we investigate issues associated with the development of secure IEEE 802.15.4 based wireless sensor networks (WSNs) – a special type of ad hoc networks. We focus on energy aware security architectures and protocols for use in WSNs. To give the motivation behind energy efficient secure networks, first, the security requirements of wireless sensor networks are presented and the relationships between network security and network lifetime limited by often insufficient resources of network nodes are explained. Second, a short literature survey of energy aware security solutions for use in WSNs is presented.
-
Improvement of the Performance of Database Access Operations in Cellular Networks
Abstract
Reducing the traffic volume of location updating is a critical issue for tracking mobile users in a cellular network. Besides, when user x wants to communicate with user y, the location of user y must be extracted from databases. Therefore, one or more databases must be accessed for updating, recording, deleting, and searching. Thus, the most important criterion of a location tracking algorithm is to provide a small database access time. In this paper, we propose a new location tracking scheme, called Virtual Overlap Region with Forwarding Pointer (VF), and compare the number of database accesses required for updating, deleting, and searching operations for the proposed scheme and other approaches proposed for cellular networks. Our VF scheme like Overlap Region scheme reduces the updating information when a user frequently moves in boundaries of LAs. Unlike Overlap Region, the VF can reduce number of database accesses for searching users’ information.
-
On the Influence of Network Impairments on YouTube Video Streaming
Abstract
Video sharing services like YouTube have become very popular which consequently results in a drastic shift of the Internet traffic statistic. When transmitting video content over packet based networks, stringent quality of service (QoS) constraints must be met in order to provide the comparable level of quality to a traditional broadcast television. However, the packet transmission is influenced by delays and losses of data packets which can have devastating influence on the perceived quality of the video. Therefore, we conducted an experimental evaluation of HTTP based video transmission focusing on how they react to packet delay and loss. Through this analysis we investigated how long video playback is stalled and how often re-buffering events take place. Our analysis revealed threshold levels for the packet delay, packet losses and network throughput which should not be exceeded in order to preserve smooth video transmission.
-
Optimal Pump Scheduling for Large Scale Water Transmission System by Linear Programming
Abstract
Large scale potable water transmission system considered in this paper is the Toronto Water System, one of the largest potable water supply networks in North America. The main objective of the ongoing Transmission Operations Optimizer project consists in developing an advanced tool for providing such pumping schedules for 153 pumps, that all quantitative requirements with respect to the system operation are met, while the energy costs are minimized. We describe here a linear, so-called SimplifiedModel (SM), based on mass-balance equations, which is solved on week horizon and delivers boundary conditions for so-called Full Model (FM), which is nonlinear and takes into account hydraulic phenomena and water quality.
