Zbigniew Kotulski - Academia.edu (original) (raw)
Papers by Zbigniew Kotulski
Lecture Notes in Computer Science, 2017
Electronic card payments gained huge popularity mainly because of their simplicity, convenience a... more Electronic card payments gained huge popularity mainly because of their simplicity, convenience and processing time. Unfortunately transaction processing rules are constant for every transaction, for example each transaction above some hard limit (50 PLN in Poland) must be authorized with PIN verification. One can notice that such an approach is simple, but is not optimal: that is why Contextual Risk Management systems for payment transactions started to be created. This paper presents a new Cardholder’s Reputation System that can be used in Contextual Risk Management Systems. It is flexible thanks to a few parameters and allows to cover all possible transaction processes.
Computer Science and Information Systems (FedCSIS), 2019 Federated Conference on, Oct 2, 2016
In this paper, the randomness of binary sequences generated from elliptic curves over a finite fi... more In this paper, the randomness of binary sequences generated from elliptic curves over a finite field of characteristic 2 is studied. A scheme of construction based on the Chaos-Driven Elliptic Curve Pseudo-random Number Generator (C-D ECPRNG) is proposed. The generators based of this scheme are verified by using tests from the NIST Statistical Test Suite to analyze their statistical properties. An elliptic curve used in the numerical example is defined over F 2 8. The investigations which made for the generated series of two output sequences of the lengths of 2 10 and 2 20 bits shown that 14 generators working according to our general scheme exhibit good randomness properties. Next, the binary sequences generated by these 14 schemes were used for encrypting a 256 × 256 grayscale Lena image as an application example and the security analysis of the ciphered images was carried out.
EURASIP journal on information security, Apr 27, 2018
Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection... more Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection purposes. However, they can also be used for designing and verification of contextual risk management systems for card-present transactions. In this paper, we presented a novel approach to collect detailed transaction traces directly from payment terminal. Thanks to that, it is possible to analyze each transaction step precisely, including its frequency and timing. We also demonstrated our approach to analyze such data based on real-life experiment. Finally, we concluded this paper with important findings for designers of such a system.
International Journal of Electronics and Telecommunications
Electronics
Modern and future services require ultra-reliable mobile connections with high bandwidth paramete... more Modern and future services require ultra-reliable mobile connections with high bandwidth parameters and proper security protection. It is possible to ensure such conditions by provisioning services in the Multi-Access Edge Computing system integrated with fifth-generation mobile networks. However, the main challenge in the mentioned architecture is providing a secure service migration with all related data and security requirements to another edge computing host area when the user changes its physical location. This article aims to present the state of research on the migration of the security context between service instances in Edge/MEC servers, specify steps of the migration procedure, and identify new security challenges inspired by use cases of 5G vertical industries. For this purpose, the analysis of the security context’s structure and basic concept of the Security Service Level Agreement was performed and presented in the document. Next, a further investigation of the securi...
Annals of Computer Science and Information Systems
Electronics, 2021
MEC technology provides a distributed computing environment in 5G mobile networks for application... more MEC technology provides a distributed computing environment in 5G mobile networks for application and service hosting. It allows customers with different requirements and professional competencies to use the services offered by external suppliers. We consider a service access control framework on 5G MEC networks that is efficient, flexible, and user-friendly. Its central element is the MEC Enabler, which handles AAA requests for stakeholders accessing services hosted on the edge servers. The JSON Web Token (JWT) open standard is a suitable tool for the MEC Enabler to manage access control credentials and transfer them securely between parties. In this paper, in the context of access control, we propose the token reference pattern called JSON MEC Access Token (JMAT) and analyze the effectiveness of its available protection methods in compliance with the standard requirements of MEC-hosted services in 5G networks.
On efficiency of identification of a stochastic crack propagation
In this paper we present a cryptographic protocol which is the realization of an electronic aucti... more In this paper we present a cryptographic protocol which is the realization of an electronic auction being the component of the e-government system. This cryptographic protocol fulfils all the functions of the classic auction and additionally, by use of cryptographic primitives, enhances the protection of information. The characteristic features of the protocol are: the incontrovertibility of participants and offers, data integrity, confidence of bids, anonymity of the winning bidder, public verification of the result of auction and confirmation of taking part in the auction. 1.
Artykul przedstawia koncepcje architektury bezpieczenstwa na poziomie wirtualizacji zasobow Syste... more Artykul przedstawia koncepcje architektury bezpieczenstwa na poziomie wirtualizacji zasobow Systemu IIP. Omawiane są trzy linie mechanizmow obronnych, w tym ochrona integralnosci informacji, wykrywanie anomalii i zasady pracy systemu budowania metryk zaufania wezlow wirtualnych.
Card-Linked Loyalty is an emerging trend observed in the market to use payment card as a unique i... more Card-Linked Loyalty is an emerging trend observed in the market to use payment card as a unique identifier for Loyalty Programs. This approach allows to redeem goods and collect bonus points directly during a payment transaction. In this paper, we proposed additional, intangible reward, that can be used in such solutions: shorter transaction processing time. We presented a complete solution for it: Contextual Risk Management System, that can make a dynamic decision whether Cardholder Verification is necessary for the current transaction, or not. It is also able to maintain an acceptable level of risk approved by the Merchant. Additionally, we simulated the proposed solution with real-life transaction traces from payment terminals and showed what kind of information can be determined from it.
A new agent-based scheme for secure electronic voting is proposed in the paper. It is universal a... more A new agent-based scheme for secure electronic voting is proposed in the paper. It is universal and can be realized in a network of stationary and mobile electronic devices. The proposed mechanism makes possible to implement a user interface simulating traditional election cards, semi-mechanical voting devices or utilize purely electronic voting booths. The security mechanisms applied in the system are based on the verified cryptographic primitives: the secure shared secret scheme and Merkle’s puzzles. Due to pre-computations at the stage of agents’ generation, the voter must do almost no computations. The proposed distributed trust architecture makes the crucial stage of sending votes elastic, reliable, and effective.
Artykul omawia prace nad prototypowaniem i integracja podsystemu bezpieczenstwa Systemu IIP na po... more Artykul omawia prace nad prototypowaniem i integracja podsystemu bezpieczenstwa Systemu IIP na poziomie wirtualizacji zasobow sieciowych. Przedstawiono jego zakres funkcjonalny, sposob funkcjonowania w sieci badawczej PL-LAB oraz realizacje scenariusza ochrony danych przesylanych w Rownoleglym Internecie CAN.
Projekt Inzynieria Internetu Przyszlości (IIP) rozwija koncepcje infrastruktury transmisyjnej, st... more Projekt Inzynieria Internetu Przyszlości (IIP) rozwija koncepcje infrastruktury transmisyjnej, stanowiącej jednolity system komunikacyjny (System IIP) do obslugi strumieni danych pochodzących od trzech rodzajow sieci nazywanych Rownoleglymi Internetami. Architektura tego systemu obejmuje cztery poziomy, przy czym poziom 2 odpowiada za tworzenie i utrzymywanie lączy i wezlow wirtualnych. Niniejsze opracowanie przedstawia rozszerzony opis trzech linii obrony stanowiących architekture bezpieczenstwa dla tego systemu na poziomie 2, ktora zostala opracowana w celu przeciwdzialania atakom opartym na wprowadzaniu obcego ruchu sieciowego do Systemu IIP, a takze w celu przeciwdzialania manipulacji bądź falszowaniu ruchu uzytkowego i sygnalizacyjnego Systemu IIP. Przedstawiono wczesne doświadczenia z implementacji mechanizmow obronnych oraz omowiono wyniki testow przeprowadzonych w środowisku PL-LAB.
2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), 2017
In this paper, an efficient method for the construction of nonlinear component in order to improv... more In this paper, an efficient method for the construction of nonlinear component in order to improve the confusion effect in cryptosystems is proposed. It is based on linear fractional transformation, 2D Logistic-adjusted-Sine map and Gray code. The proposed approach is able to generate random integer sequences with high efficient nonlinearity in the generated values. The cryptographic analyses prove that the proposed substitution box method is of high performance and can be used with great potential for prominent prevalence in designing symmetric cryptosystems and copy right protection. Detailed experiment results are given to verify the feasibility of the proposed nonlinear component.
Proceedings of the 2017 Federated Conference on Computer Science and Information Systems, 2017
There are several reports and white papers which attempt to precise 5G architectural requirements... more There are several reports and white papers which attempt to precise 5G architectural requirements presenting them from different points of view, including techno-socioeconomic impacts and technological constraints. Most of them deal with network slicing aspects as a central point, often strengthening slices with slice isolation. The goal of this paper is to present and examine the isolation capabilities and selected approaches for its realization in network slicing context. As the 5G architecture is still evolving, the specification of isolated slices operation and management brings new requirements that need to be addressed, especially in a context of End-to-End (E2E) security. Thus, an outline of recent trends in slice isolation and a set of challenges are proposed, which (if properly addressed) could be a step to E2E user's security based on slices isolation.
IEEE Access, 2021
5G is the fifth-generation cellular network satisfying the requirements IMT-2020 (International M... more 5G is the fifth-generation cellular network satisfying the requirements IMT-2020 (International Mobile Telecommunications-2020) of the International Telecommunication Union. Mobile network operators started using it worldwide in 2019. Generally, 5G achieves exceptionally high values of performance parameters of access and transmission. The application of edge servers has been proposed to facilitate implementing such requirements of 5G, resulting in 5G MEC (Multi-access Edge Computing) technology. Moreover, to optimize services for specific business applications, the concept of 5G vertical industries has been proposed. In this article, we study how the application of the MEC technology affects the functioning of 5G MEC-based services. We consider twelve representative vertical industries of 5G MEC by presenting their essential characteristics, threats, vulnerabilities, and known attacks. Furthermore, we analyze their functional properties, give efficiency patterns and identify the effect of applying the MEC technology in 5G on the resultant network's quality parameters to determine the expected security requirements. As a result of the research, we identify the impact of classified threats on the 5G empowered vertical industries and identify the most sensitive cases to focus on their protection against network attacks in the first place.
Lecture Notes in Computer Science, 2017
Electronic card payments gained huge popularity mainly because of their simplicity, convenience a... more Electronic card payments gained huge popularity mainly because of their simplicity, convenience and processing time. Unfortunately transaction processing rules are constant for every transaction, for example each transaction above some hard limit (50 PLN in Poland) must be authorized with PIN verification. One can notice that such an approach is simple, but is not optimal: that is why Contextual Risk Management systems for payment transactions started to be created. This paper presents a new Cardholder’s Reputation System that can be used in Contextual Risk Management Systems. It is flexible thanks to a few parameters and allows to cover all possible transaction processes.
Computer Science and Information Systems (FedCSIS), 2019 Federated Conference on, Oct 2, 2016
In this paper, the randomness of binary sequences generated from elliptic curves over a finite fi... more In this paper, the randomness of binary sequences generated from elliptic curves over a finite field of characteristic 2 is studied. A scheme of construction based on the Chaos-Driven Elliptic Curve Pseudo-random Number Generator (C-D ECPRNG) is proposed. The generators based of this scheme are verified by using tests from the NIST Statistical Test Suite to analyze their statistical properties. An elliptic curve used in the numerical example is defined over F 2 8. The investigations which made for the generated series of two output sequences of the lengths of 2 10 and 2 20 bits shown that 14 generators working according to our general scheme exhibit good randomness properties. Next, the binary sequences generated by these 14 schemes were used for encrypting a 256 × 256 grayscale Lena image as an application example and the security analysis of the ciphered images was carried out.
EURASIP journal on information security, Apr 27, 2018
Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection... more Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection purposes. However, they can also be used for designing and verification of contextual risk management systems for card-present transactions. In this paper, we presented a novel approach to collect detailed transaction traces directly from payment terminal. Thanks to that, it is possible to analyze each transaction step precisely, including its frequency and timing. We also demonstrated our approach to analyze such data based on real-life experiment. Finally, we concluded this paper with important findings for designers of such a system.
International Journal of Electronics and Telecommunications
Electronics
Modern and future services require ultra-reliable mobile connections with high bandwidth paramete... more Modern and future services require ultra-reliable mobile connections with high bandwidth parameters and proper security protection. It is possible to ensure such conditions by provisioning services in the Multi-Access Edge Computing system integrated with fifth-generation mobile networks. However, the main challenge in the mentioned architecture is providing a secure service migration with all related data and security requirements to another edge computing host area when the user changes its physical location. This article aims to present the state of research on the migration of the security context between service instances in Edge/MEC servers, specify steps of the migration procedure, and identify new security challenges inspired by use cases of 5G vertical industries. For this purpose, the analysis of the security context’s structure and basic concept of the Security Service Level Agreement was performed and presented in the document. Next, a further investigation of the securi...
Annals of Computer Science and Information Systems
Electronics, 2021
MEC technology provides a distributed computing environment in 5G mobile networks for application... more MEC technology provides a distributed computing environment in 5G mobile networks for application and service hosting. It allows customers with different requirements and professional competencies to use the services offered by external suppliers. We consider a service access control framework on 5G MEC networks that is efficient, flexible, and user-friendly. Its central element is the MEC Enabler, which handles AAA requests for stakeholders accessing services hosted on the edge servers. The JSON Web Token (JWT) open standard is a suitable tool for the MEC Enabler to manage access control credentials and transfer them securely between parties. In this paper, in the context of access control, we propose the token reference pattern called JSON MEC Access Token (JMAT) and analyze the effectiveness of its available protection methods in compliance with the standard requirements of MEC-hosted services in 5G networks.
On efficiency of identification of a stochastic crack propagation
In this paper we present a cryptographic protocol which is the realization of an electronic aucti... more In this paper we present a cryptographic protocol which is the realization of an electronic auction being the component of the e-government system. This cryptographic protocol fulfils all the functions of the classic auction and additionally, by use of cryptographic primitives, enhances the protection of information. The characteristic features of the protocol are: the incontrovertibility of participants and offers, data integrity, confidence of bids, anonymity of the winning bidder, public verification of the result of auction and confirmation of taking part in the auction. 1.
Artykul przedstawia koncepcje architektury bezpieczenstwa na poziomie wirtualizacji zasobow Syste... more Artykul przedstawia koncepcje architektury bezpieczenstwa na poziomie wirtualizacji zasobow Systemu IIP. Omawiane są trzy linie mechanizmow obronnych, w tym ochrona integralnosci informacji, wykrywanie anomalii i zasady pracy systemu budowania metryk zaufania wezlow wirtualnych.
Card-Linked Loyalty is an emerging trend observed in the market to use payment card as a unique i... more Card-Linked Loyalty is an emerging trend observed in the market to use payment card as a unique identifier for Loyalty Programs. This approach allows to redeem goods and collect bonus points directly during a payment transaction. In this paper, we proposed additional, intangible reward, that can be used in such solutions: shorter transaction processing time. We presented a complete solution for it: Contextual Risk Management System, that can make a dynamic decision whether Cardholder Verification is necessary for the current transaction, or not. It is also able to maintain an acceptable level of risk approved by the Merchant. Additionally, we simulated the proposed solution with real-life transaction traces from payment terminals and showed what kind of information can be determined from it.
A new agent-based scheme for secure electronic voting is proposed in the paper. It is universal a... more A new agent-based scheme for secure electronic voting is proposed in the paper. It is universal and can be realized in a network of stationary and mobile electronic devices. The proposed mechanism makes possible to implement a user interface simulating traditional election cards, semi-mechanical voting devices or utilize purely electronic voting booths. The security mechanisms applied in the system are based on the verified cryptographic primitives: the secure shared secret scheme and Merkle’s puzzles. Due to pre-computations at the stage of agents’ generation, the voter must do almost no computations. The proposed distributed trust architecture makes the crucial stage of sending votes elastic, reliable, and effective.
Artykul omawia prace nad prototypowaniem i integracja podsystemu bezpieczenstwa Systemu IIP na po... more Artykul omawia prace nad prototypowaniem i integracja podsystemu bezpieczenstwa Systemu IIP na poziomie wirtualizacji zasobow sieciowych. Przedstawiono jego zakres funkcjonalny, sposob funkcjonowania w sieci badawczej PL-LAB oraz realizacje scenariusza ochrony danych przesylanych w Rownoleglym Internecie CAN.
Projekt Inzynieria Internetu Przyszlości (IIP) rozwija koncepcje infrastruktury transmisyjnej, st... more Projekt Inzynieria Internetu Przyszlości (IIP) rozwija koncepcje infrastruktury transmisyjnej, stanowiącej jednolity system komunikacyjny (System IIP) do obslugi strumieni danych pochodzących od trzech rodzajow sieci nazywanych Rownoleglymi Internetami. Architektura tego systemu obejmuje cztery poziomy, przy czym poziom 2 odpowiada za tworzenie i utrzymywanie lączy i wezlow wirtualnych. Niniejsze opracowanie przedstawia rozszerzony opis trzech linii obrony stanowiących architekture bezpieczenstwa dla tego systemu na poziomie 2, ktora zostala opracowana w celu przeciwdzialania atakom opartym na wprowadzaniu obcego ruchu sieciowego do Systemu IIP, a takze w celu przeciwdzialania manipulacji bądź falszowaniu ruchu uzytkowego i sygnalizacyjnego Systemu IIP. Przedstawiono wczesne doświadczenia z implementacji mechanizmow obronnych oraz omowiono wyniki testow przeprowadzonych w środowisku PL-LAB.
2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), 2017
In this paper, an efficient method for the construction of nonlinear component in order to improv... more In this paper, an efficient method for the construction of nonlinear component in order to improve the confusion effect in cryptosystems is proposed. It is based on linear fractional transformation, 2D Logistic-adjusted-Sine map and Gray code. The proposed approach is able to generate random integer sequences with high efficient nonlinearity in the generated values. The cryptographic analyses prove that the proposed substitution box method is of high performance and can be used with great potential for prominent prevalence in designing symmetric cryptosystems and copy right protection. Detailed experiment results are given to verify the feasibility of the proposed nonlinear component.
Proceedings of the 2017 Federated Conference on Computer Science and Information Systems, 2017
There are several reports and white papers which attempt to precise 5G architectural requirements... more There are several reports and white papers which attempt to precise 5G architectural requirements presenting them from different points of view, including techno-socioeconomic impacts and technological constraints. Most of them deal with network slicing aspects as a central point, often strengthening slices with slice isolation. The goal of this paper is to present and examine the isolation capabilities and selected approaches for its realization in network slicing context. As the 5G architecture is still evolving, the specification of isolated slices operation and management brings new requirements that need to be addressed, especially in a context of End-to-End (E2E) security. Thus, an outline of recent trends in slice isolation and a set of challenges are proposed, which (if properly addressed) could be a step to E2E user's security based on slices isolation.
IEEE Access, 2021
5G is the fifth-generation cellular network satisfying the requirements IMT-2020 (International M... more 5G is the fifth-generation cellular network satisfying the requirements IMT-2020 (International Mobile Telecommunications-2020) of the International Telecommunication Union. Mobile network operators started using it worldwide in 2019. Generally, 5G achieves exceptionally high values of performance parameters of access and transmission. The application of edge servers has been proposed to facilitate implementing such requirements of 5G, resulting in 5G MEC (Multi-access Edge Computing) technology. Moreover, to optimize services for specific business applications, the concept of 5G vertical industries has been proposed. In this article, we study how the application of the MEC technology affects the functioning of 5G MEC-based services. We consider twelve representative vertical industries of 5G MEC by presenting their essential characteristics, threats, vulnerabilities, and known attacks. Furthermore, we analyze their functional properties, give efficiency patterns and identify the effect of applying the MEC technology in 5G on the resultant network's quality parameters to determine the expected security requirements. As a result of the research, we identify the impact of classified threats on the 5G empowered vertical industries and identify the most sensitive cases to focus on their protection against network attacks in the first place.