Trust Delegation Research Articles

SEEMQTT: Secure End-to-End MQTT-Based Communication for Mobile IoT Systems Using Secret Sharing and Trust Delegation

The publish/subscribe (Pub/Sub) model offers a communication scheme that is appropriate for a variety of mobile Internet of Things (IoT) systems (e.g., autonomous vehicles). In most of these systems, ensuring the end-to-end (E2E) security of exchanged information is a critical requirement. However, the Pub/Sub scheme lacks appropriate mechanisms to ensure the E2E security, even when state-of-the-art solutions, such as transport layer security (TLS) or attribute-based encryption (ABE), were adopted. These solutions either do not offer E2E security or are infeasible to be adopted in mobile IoT systems with resource-constrained platforms. In this article, we propose a framework, so-called SEEMQTT, to ensure secure E2E Pub/Sub-based communication for mobile IoT systems. Our solution allows the publisher to encrypt the published messages and control which subscribers can decrypt these messages without violating the decoupling requirement of the Pub/Sub model. Our solution leverages multiple honest-but-curious KeyStores to store secret shares generated from a secret key using a secret sharing scheme. The links between the publisher and every KeyStores are secured using identity-based encryption (IBE). The publisher uses the secret key to encrypt published messages. Trust delegation is used to authorize certain subscribers to access these shares and consequently decrypt the published messages. We provide an Arduino-based library that implements our proposed protocol. Also, we perform an extensive performance evaluation using real IoT hardware. Experimental results show that adopting our proposed solution, SEEMQTT, makes E2E security for mobile IoT systems feasible.

Access Control Models

Abstract Access control is a part of the security of information technologies. Access control regulates the access requests to system resources. The access control logic is formalized in models. Many access control models exist. They vary in their design, components, policies and areas of application. With the developing of information technologies, more complex access control models have been created. This paper is concerned with overview and analysis for a number of access control models. First, an overview of access control models is presented. Second, they are analyzed and compared by a number of parameters: storing the identity of the user, delegation of trust, fine-grained policies, flexibility, object-versioning, scalability, using time in policies, structure, trustworthiness, workflow control, areas of application etc. Some of these parameters describe the access control models, while other parameters are important characteristics and components of these models. The results of the comparative analysis are presented in tables. Prospects of development of new models are specified.

Lived Experience of Leadership Styles on Employee Job Satisfaction in Selected BPO Companies in the Philippines An Intervention of Behavioral Performance

This study was conducted in the Philippines, the world's Business Process outsourcing capital. The primary purpose of this study is to examine the lived experience of leadership styles on employee job satisfaction in selected BPO firms. This research report used a qualitative method based on descriptive phenomenology research design to analyze BPO personnel lived leadership experience, specifically front-liners and managers’ experience from Taguig City, Makati City, Pasay City, and Pasig City within Metro Manila. We used an open-ended questionnaire to collect data from respondents. Five major themes emerged: (1) strengths development, (2) Communication and Innovation (3) Trust and respect (4) Delegation and Employee empowerment (5) Reward and Correction. According to the study's premise, most BPO companies in the Philippines practiced a combined transformational leadership and transactional leadership style. To keep employees happy, managers and BPO businesses can adopt a variety of leadership styles. The most popular and researched leadership style is transformational leadership, which stresses intrinsic motivation and employee development. Transactional leadership is task-oriented and focuses on the needs of the followers. Laissez-faire managers, on the other hand, stay out of the way. Job satisfaction is a pleasant or good emotional state caused by job evaluation. Workplace happiness is unaffected by transactional leadership remedial actions. The results show that employees are satisfied when their leader develops their skills, communicates and encourages innovation, builds trust and respect for others, delegates and empowers employees while recognizing top performers, and respectfully corrects mistakes. However, a definite correlation between leadership styles and employee job satisfaction requires more investigation.

Orchestration of autonomous trusted third-party banking

Background Digital transformation is changing the structure and landscape of future banking needs with much emphasis on value creation. Autonomous banking solutions must incorporate on-the-fly processing for risky transactions to create this value. In an autonomous environment, access control with role and trust delegation has been said to be highly relevant. The aim of this research is to provide an end to end working solution that will enable autonomous transaction and task processing for banking. Method We illustrate the use case for task delegation with the aid of risk graphs, risk bands and finite state machines. This paper also highlights a step by step task delegation process using a risk ordering relation methodology that can be embedded into smart contracts. Results Task delegation with risk ordering relation is illustrated with six process owners that share immutable ledgers. Task delegation properties using Multi Agent Systems (MAS) is used to eliminate barriers for autonomous transaction processing. Secondly, the application of risk graph and risk ordering relation with reference to delegation of tasks is a novel approach that is nonexistent in RBAC. Conclusion The novelty of this study is the logic for task delegation and task policies for autonomous execution on autonomous banking platforms akin to the idea of federated ID (Liberty Alliance).

Orchestration of autonomous trusted third-party banking.

Background Digital transformation is changing the structure and landscape of future banking needs with much emphasis on value creation. Autonomous banking solutions must incorporate on-the-fly processing for risky transactions to create this value. In an autonomous environment, access control with role and trust delegation has been said to be highly relevant. The aim of this research is to provide an end to end working solution that will enable autonomous transaction and task processing for banking. Method We illustrate the use case for task delegation with the aid of risk graphs, risk bands and finite state machines. This paper also highlights a step by step task delegation process using a risk ordering relation methodology that can be embedded into smart contracts. Results Task delegation with risk ordering relation is illustrated with six process owners that share immutable ledgers. Task delegation properties using Multi Agent Systems (MAS) is used to eliminate barriers for autonomous transaction processing. Secondly, the application of risk graph and risk ordering relation with reference to delegation of tasks is a novel approach that is nonexistent in RBAC. Conclusion The novelty of this study is the logic for task delegation and task policies for autonomous execution on autonomous banking platforms akin to the idea of federated ID (Liberty Alliance).

Psychological counseling to solve life crises: practice and issues

The purpose of our research is a definition systems practices and issues of psychological counseling to overcome life crises. The methodological base is formed on sociological and statistical methods of intelligence, as well as on a systematic analysis of practices and issues of overcoming life crises. 480 practical psychologists (Ukraine) took part in the sociological survey on the Google-forms platform. The understanding of features and possibilities of psychological counseling as an inclusive practice aimed at helping clients to understand their true "I" is highlighted; achieve authenticity; achieve competitiveness and transparency. Ethical and trans model principles of counseling (focus on the person and acceptance of the problem, respect and delegation of empathy, parity and trust in the client's understanding of himself and the world, specificity (attractiveness and personalization, objectivity and subjectivity), optimism and focus on development of the client as a person, partner and professional). It is proved that the development of personal meaning and life values involves life-planning, development of life strategies that would help achieve the goal and overcome internal and external barriers.

The Alarmed Citizen: Fear, Mistrust, and Alternative Media

ABSTRACT The democratic role and authority of the news media rest on a basic premise of trust delegation, whereby citizens confide in the news media to provide sufficiently relevant and accurate information. In a time of dwindling trust levels, increasing polarization, and an abundance of new media, this article asks what characterizes citizens’ relations with the media when the relation of trust breaks down. To illuminate broader tendencies of mistrust and disengagement, the article analyzes how citizens who see current immigration patterns as a major threat evaluate established and alternative news media, navigate the news landscape, and create personal and selective news repertoires. From an abductive methodological approach, 24 in-depth qualitative interviews were analyzed in continuous dialogue with theories on trust, public connection, and the democratic role of citizens to conceptualize the alarmed citizen, who’s public connection is characterized by alertness, fear, and low institutional trust; the active shifting between alternative media and established news media, and the construction of personal news repertoires and supportive networks.

Implementing a blockchain-based local energy market: Insights on communication and scalability

Peer-to-peer (P2P) energy markets are gaining interest in the energy sector as a means to increase the share of decentralised energy resources (DER), thus fostering a clean, resilient and decentralised supply of energy. Various reports have touted P2P energy markets as ideal use case for blockchain-technology, as it offers advantages such as fault-tolerant operation, trust delegation, immutability, transparency, resilience, and automation. However, relatively little is known about the influence of hardware and communication infrastructure limitations on blockchain systems in real-life applications. In this article, we demonstrate the implementation of a real-world blockchain managed microgrid in Walenstadt, Switzerland. The 37 participating households are equipped with 75 special smart-metres that include single board computers (SBC) that run their own, application-specific private blockchain. Using the field-test setup, we provide an empirical evaluation of the feasibility of a Byzantine fault tolerant blockchain system. Furthermore, we artificially throttle bandwidth between nodes to simulate how the bandwidth of communication infrastructure impacts its performance. We find that communication networks with a bandwidth smaller than 1000 kbit/s – which includes WPAN, LoRa, narrowband IoT, and narrowband PLC – lead to insufficient throughput of the operation of a blockchain-managed microgrid. While larger numbers of validators may provide higher decentralisation and fault-tolerant operation, they considerably reduce throughput. The results from the field-test in the Walenstadt microgrid show that the blockchain running on the smart-metre SBCs can provide a maximum throughput of 10 transactions per second. The blockchain throughput halts almost entirely if the system is run by more than 40 validators. Based on the field test, we provide simplified guidelines for utilities or grid operators interested in implementing local P2P markets based on BFT systems.

Attack-Resilient TLS Certificate Transparency

The security of Public-Key Infrastructure (PKI) for Internet-based communications has lately attracted researchers' attention because of Certification Authorities (CAs) crashes and consequent attacks. Google Certificate Transparency and subsequent log-based PKI proposals (e.g., AKI and ARPKI) have succeeded in making certificate-management processes more transparent, accountable, and verifiable. However, those proposals failed to solve the root CA generous delegation of trust to intermediate CAs, non-conformant certificate-issuance by them, and lack of rigorous authentication of domain ownership during certificate-issuance problems. This study presents Attack-Resilient TLS Certificate Transparency (ARCT) based on log servers to address these problems. ARCT enables root CA to enforce intermediate CAs to follow community standards through leveraging a log server at each root level. It also introduces a collaborative domain ownership verification method that deters false certificate-issuance and ensures that a set of CAs validates every certificate before any client will accept it. A certificate collectively approved by a set of CAs assures users that the certificate has been seen, and not instantly detected malicious, by a group of CAs. Finally, formal security and performance evaluations prove the reliability and effectiveness of ARCT.

QoS3: Secure Caching in HTTPS Based on Fine-Grained Trust Delegation

With the ever-increasing concern in network security and privacy, a major portion of Internet traffic is encrypted now. Recent research shows that more than 70% of Internet content is transmitted using HyperText Transfer Protocol Secure (HTTPS). However, HTTPS encryption eliminates the advantages of many intermediate services like the caching proxy, which can significantly degrade the performance of web content delivery. We argue that these restrictions lead to the need for other mechanisms to access sites quickly and safely. In this paper, we introduce QoS3, which is a protocol that can overcome such limitations by allowing clients to explicitly and securely re-introduce in-network caching proxies using fine-grained trust delegation without compromising the integrity of the HTTPS content and modifying the format of Transport Layer Security (TLS). In QoS3, we classify web page contents into two types: (1) public contents that are common for all users, which can be stored in the caching proxies, and (2) private contents that are specific for each user. Correspondingly, QoS3 establishes two separate TLS connections between the client and the web server for them. Specifically, for private contents, QoS3 just leverages the original HTTPS protocol to deliver them, without involving any middlebox. For public contents, QoS3 allows clients to delegate trust to specific caching proxy along the path, thereby allowing the clients to use the cached contents in the caching proxy via a delegated HTTPS connection. Meanwhile, to prevent Man-in-the-Middle (MitM) attacks on public contents, QoS3 validates the public contents by employing Document object Model (DoM) object-level checksums, which are delivered through the original HTTPS connection. We implement a prototype of QoS3 and evaluate its performance in our testbed. Experimental results show that QoS3 provides acceleration on page load time ranging between 30% and 64% over traditional HTTPS with negligible overhead. Moreover, QoS3 is deployable since it requires just minor software modifications to the server, client, and the middlebox.

Reviewing a Historical Internet Vulnerability: Why Isn't BGP More Secure and What Can We Do About it?

The Border Gateway Protocol (BGP) plays a crucial role in today’s communications as it is the inter-domain routing protocol that holds together the Internet, providing the path for IP packets to flow between networks across the globe operated by different providers. Although the first version of BGP was published in 1989 and its lack of security mechanisms has been known since then, BGP remains vulnerable to attacks that can cause large scale outages or can be used for other malicious purposes on the Internet, such as traffic sniffing or spam sending. Moreover, the lack of security has not prevented the surge of new applications that run on top of the Internet, making tampering with BGP increasingly attractive. As an example, BGP hijacking was used to steal at least $83,000 worth of cryptocurrency in 2014, and again more recently in April 2018. Thus, securing BGP is key to increasing the overall security of the Internet ecosystem. This paper offers a historical review of the different ideas put forward to secure inter-domain routing and what happened to these ideas along the way, noting if they were implemented and are in use, the impact they had on other proposals, and other characteristics explaining the difficulty of securing BGP. This study analyzes 10 BGP extensions focused on BGP availability, 7 BGP extensions and best practices focused on securing BGP communication and routing information, and 11 security proposals coming from the research and industry communities. It examines where the ideas came from, the implicit trust delegation and the residual vulnerabilities of proposals. Even though performance and incentives of specific security solutions have been largely discussed, most proposals have not even been implemented, limiting the overall security improvement of BGP. Reviewing the full life cycle of the proposed ideas, the trusted actors and mechanisms and their requirements gives insight into why adoptions rate are so limited. In fact, there is a remarkable lack of consensus on what needs to be secured or validated, and the approach to be taken, preventing solutions to get critical support to move their deployment forward. Additionally, no BGP security mechanism, even the most narrow one, has been easily implemented and deployed. However, there are security best practices that certainly improve local and overall BGP security. Since no solution comes without costs and all proposal have opponents in network operation community, it may be possible that secure routing should be provided as a separate service from routing, and other entities could offer such solutions.

Trust delegation-based secure mobile cloud computing framework

Mobile devices are used to perform many useful tasks in our daily life. All around the world, many people are using their smart phones to communicate with others, identify their location, and do online shopping. These useful applications involve sharing personal and sensitive information. Also, the smart devices have many weaknesses, such as: limited battery life time, limited processing capacity and security issues. The mobile cloud computing (MCC) can be used to overcome these limitations. Using MCC improved the performance of many applications by conducting the processing at the cloud and sending back the results to the mobile device. But there are still many issues need to be addressed and considered when using MCC specially when dealing with applications that need live interaction and protecting the privacy. In this paper, we will study the main issues associated with mobile cloud computing models that include: security, performance, and quality of service. Then, we will present secure implementation of the cloudlet-based mobile cloud computing framework with its prototype that uses trust delegation technique to provide better security/performance tradeoffs.

Trust delegation-based secure mobile cloud computing framework

Mobile devices are used to perform many useful tasks in our daily life. All around the world, many people are using their smart phones to communicate with others, identify their location, and do online shopping. These useful applications involve sharing personal and sensitive information. Also, the smart devices have many weaknesses, such as: limited battery life time, limited processing capacity and security issues. The mobile cloud computing (MCC) can be used to overcome these limitations. Using MCC improved the performance of many applications by conducting the processing at the cloud and sending back the results to the mobile device. But there are still many issues need to be addressed and considered when using MCC specially when dealing with applications that need live interaction and protecting the privacy. In this paper, we will study the main issues associated with mobile cloud computing models that include: security, performance, and quality of service. Then, we will present secure implementation of the cloudlet-based mobile cloud computing framework with its prototype that uses trust delegation technique to provide better security/performance tradeoffs.

Building a reliable Internet of Things using Information-Centric Networking

Recent developments in sensors, devices, identification technologies, and wireless networking have fueled the vision of the Internet of Things (IoT). Small devices with processing, sensing, and connectivity capabilities can be connected to the Internet and produce vast amounts of meaningful information. At the same time identification technologies, such as RFID, enable the association of information with “things”. The information produced by things, or associated with things, will be both huge and sensitive. For this reason new architectures for disseminating and processing this information in a reliable and efficient way should be explored. In this paper, we present an architecture for the IoT, based on the Information-Centric Networking (ICN) paradigm. ICN architectures are built around information and information identifiers and they provide mechanisms for advertising, finding, and retrieving information. We leverage a particular ICN architecture, the Publish-Subscribe Internetworking architecture, to design an IoT architecture and we present three security solutions that enable access control, secure delegation of information storage and trust based on information identifiers.

Trust, Credibility and Delegation: Evidence from Multiple Employees per Establishment

Using a unique matched survey of employees and establishments, we examine the relationship between delegation of decision-making authority and individual worker's trust of management. Utilizing a fixed-effects approach to control for unobserved management quality and establishment characteristics, we find that delegation of authority is more likely if a worker trusts management. This result is consistent with the theoretical literature on delegation; in particular, when contracts are incomplete (as in a relational contract), trust between a principal and an agent can sustain delegation when it would not otherwise be possible. We consider a number of alternative specifications including instrumental variables and between-firm estimates. Both extensions yield results qualitatively consistent with the base model.

Elliptic Curve Cryptography in Securing Networks by Mobile Authentication

This paper proposes an enhanced authentication model, which is suitable for low-power mobile devices. It uses an Extended Password Key Exchange Protocols (2) and elliptic-curve-cryptosystem based trust delegation mechanism to generate a delegation pass code for mobile station authentication, and it can effectively defend all known attacks to mobile networks including the denial-of-service attack. Moreover, the mobile station only needs to receive one message and send one message to authenticate itself to a visitor's location register, and the model only requires a single elliptic-curve scalar point multiplication on a mobile device. Therefore, this model enjoys both computation efficiency and communication efficiency as compared to known mobile authentication models.

Secure trust delegation for sharing patient medical records in a mobile environment

This paper presents a detailed architecture and a token-based protocol for the trust delegation on medical data across a public mobile network. The trust is negotiated between a mobile emergency medical unit and a medical record database. The solution presented in this paper enables the development of a software tool that can be used by the emergency medical units in urgent need of sensitive personal medical records about unconscious patients. The trust delegated medical records are downloaded onto the handheld mobile devices of the mobile emergency medical personal. The downloaded medical records are used during emergency care and this data should be protected from future unauthorized distribution and misuse. This paper presents architecture of a mobile security capsule, which enables the trust negotiation to provide a highly secure environment which can be used for the access of highly confidential medical data over the mobile network.

Elliptic Curve Cryptography in Securing Networks by Mobile Authentication

This paper proposes an enhanced authentication model, which is suitable for low-power mobile devices. It uses an Extended Password Key Exchange Protocols and elliptic-curve-cryptosystem based trust delegation mechanism to generate a delegation pass code for mobile station authentication, and it can effectively defend all known attacks to mobile networks including the denial-of-service attack. Moreover, the mobile station only needs to receive one message and send one message to authenticate itself to a visitor’s location register, and the model only requires a single elliptic-curve scalar point multiplication on a mobile device. Therefore, this model enjoys both computation efficiency and communication efficiency as compared to known mobile authentication models.

A Single Sign-On Infrastructure for Science Gateways on a Use Case for Structural Bioinformatics

Structural bioinformatics applies computational methods to analyze and model three-dimensional molecular structures. There is a huge number of applications available to work with structural data on large scale. Using these tools on distributed computing infrastructures (DCIs), however, is often complicated due to a lack of suitable interfaces. The MoSGrid (Molecular Simulation Grid) science gateway provides an intuitive user interface to several widely-used applications for structural bioinformatics, molecular modeling, and quantum chemistry. It ensures the confidentiality, integrity, and availability of data via a granular security concept, which covers all layers of the infrastructure. The security concept applies SAML (Security Assertion Markup Language) and allows trust delegation from the user interface layer across the high-level middleware layer and the Grid middleware layer down to the HPC facilities. SAML assertions had to be integrated into the MoSGrid infrastructure in several places: the workflow-enabled Grid portal WS-PGRADE (Web Services Parallel Grid Runtime and Developer Environment), the gUSE (Grid User Support Environment) DCI services, and the cloud file system XtreemFS. The presented security infrastructure allows a single sign-on process to all involved DCI components and, therefore, lowers the hurdle for users to utilize large HPC infrastructures for structural bioinformatics.

Preventing delegation-based mobile authentications from man-in-the-middle attacks

In this paper, an approach of mutual authentication and key exchange for mobile access, based on the trust delegation and message authentication code, is developed, and a novel nonce-based authentication approach is presented. The proposed protocols can effectively defend all known attacks to mobile networks including the denial-of-service attacks and man-in-the-middle attacks. In particular, in contrast to some previous work, our design gives users a chance to set a session key according to users' will, and does not require a mobile user to compute useless hash key chains in the face of HLR-online authentication failures or run the initial authentication protocol before HLR-offline authentication. Moreover, our design enjoys both computation efficiency and communication efficiency as compared to known mobile authentication schemes.