Authorisation Research Papers - Academia.edu (original) (raw)

Mobile IPv6 is the protocol defined by the Internet Engineering Task Force (IETF) to enable nodes to roam between IP subnets. Its specification requires the mobile node to be configured with at least a Home prefix to discover a home agent... more

Mobile IPv6 is the protocol defined by the Internet Engineering Task Force (IETF) to enable nodes to roam between IP subnets. Its specification requires the mobile node to be configured with at least a Home prefix to discover a home agent address, a home address and the cryptographic materials needed to protect mobile IPv6 signaling. In a real deployment perspective,

An access control system has the role to verify and mediate attempts made by users to access resources in a system. An access control system maps activities and resources to legitimate users. This paper presents a distributed smart card... more

An access control system has the role to verify and mediate attempts made by users to access resources in a system. An access control system maps activities and resources to legitimate users. This paper presents a distributed smart card based access control system for a building. The system is Internet centered. Each door has a control access point and all these are connected to a server which will grant or not the access. A user requests access by using a smart card which memorizes the user's unique identity code.

When computer security violations are detected, com-puter forensic analysts attempting to determine the relevant causes and effects are forced to perform the tedious tasks of finding and preserving useful clues in large networks of... more

When computer security violations are detected, com-puter forensic analysts attempting to determine the relevant causes and effects are forced to perform the tedious tasks of finding and preserving useful clues in large networks of op-erational machines. To augment a computer crime ...

Traditional user authentication or identification systems are interested in something that you possess (like a key, an identification card, etc.) or something you already know (like a password, or a PIN). With biometrics, this interest... more

Traditional user authentication or identification systems are interested in something that you possess (like a key, an identification card, etc.) or something you already know (like a password, or a PIN). With biometrics, this interest has been shifted towards a different approach :something that are part of you (fingerprints or face) or something you make (e.g., handwritten signature or voice). Identification system works in such a way that the system obtains one sample and compares with each record in the database. This method is a comparison named “one-to-many. Behaviours and rhythms of the typing characters are used as a biometric authentication system named as Keystroke Dynamics. Unlike most identification systems that require specific hardware, keystroke dynamics requires only a keyboard. In the proposed approach, short fixed text is used like in the login approaches. The d-variate Gaussian, kNN and decision tree algorithms are tested on CMU keystroke database.

Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze seeing-is-believing, a system that... more

Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze seeing-is-believing, a system that utilizes 2D barcodes and camera-telephones to implement a visual channel for authentication and demonstrative identification of devices. We apply this visual channel to several problems in computer security, including authenticated key exchange between devices that share no prior context, establishment of a trusted path for configuration of a TCG-compliant computing platform, and secure device configuration in the context of a smart home.

Most organizations require the verification of personal information before providing services, and the privacy of such information is of growing concern. The authors show how federated identity management systems can better protect users'... more

Most organizations require the verification of personal information before providing services, and the privacy of such information is of growing concern. The authors show how federated identity management systems can better protect users' information when integrated with trust negotiation. In today's increasingly competitive business environment, more and more leading organizations are building Web-based infrastructures to gain the strategic advantages of collaborative networking. However, to facilitate collaboration and fully exploit such infrastructures, organizations must identify each user in the collaborative network as well as the resources each user is authorized to access. User identification and access control must be carried out so as to maximize user convenience and privacy without increasing organizations1 operational costs. A federation can serve as the basic context for determining suitable solutions to this issue. A federation is a set of organizations that establish trust relationships with respect to the identity information-the federated identity information-that is considered valid. A federated identity management system (idM) provides a group of organizations that collaborate with mechanisms for managing and gaining access to user identity information and other resources across organizational boundaries

Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers' capabilities to perform password cracking. In response to this threat, password composition policies... more

Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers' capabilities to perform password cracking. In response to this threat, password composition policies have grown increasingly complex. However, there is insufficient research defining metrics to characterize password strength and using them to evaluate password-composition policies. In this paper, we analyze 12,000 passwords collected under seven composition policies via an online study ...

Software is the biggest problem in computer security today. Most organizations invest in security by buying and maintaining a firewall, but they go on to let anybody access multiple Internet-enabled applications through that firewall.... more

Software is the biggest problem in computer security today. Most organizations invest in security by buying and maintaining a firewall, but they go on to let anybody access multiple Internet-enabled applications through that firewall. These applications are often remotely exploitable, rendering the firewall impotent (not to mention the fact that the firewall is often a piece of fallible software itself). Real attackers exploit software.

Abstract-Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90%... more

Abstract-Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90% applications are vulnerable to these ...

Abstract—We investigate the stability properties of a novel agent-based system for the detection of network bandwidth-based distributed denial of service (DDoS) attacks. The pro-posed system provides a description of the structure of... more

Abstract—We investigate the stability properties of a novel agent-based system for the detection of network bandwidth-based distributed denial of service (DDoS) attacks. The pro-posed system provides a description of the structure of flows which comprise the DDoS attack. In doing ...