Adaptable security mechanism for dynamic environments

Electronic services in dynamic environment (e.g. e-government, e-banking, e-commerce, etc.), meet many different barriers reducing their efficient applicability. One of them is the requirement of information security when it is transmitted, transformed, and stored in an electronic service. It is possible to provide the appropriate level of security by applying the present-day information technology. However, the level of protection of information is often much higher than it is necessary to meet potential threats. Since the level of security strongly affects the performance of the whole system, the excessive protection decreases its reliability and availability and, as a result, its global security. In this paper we present a mechanism of adaptable security for, digital information transmission systems (being usually the crucial part of e-service). It makes it possible to guarantee the adequate level of protection for actual level of threats dynamically changing in the environment. In our model the basic element of the security is the Public Key Infrastructure (PKI) is enriched with specific cryptographic modules.

[1]  Jerzy Soldek,et al.  Artificial intelligence and security in computing systems , 2003 .

[2]  Andrew Beng Jin Teoh,et al.  Personalised cryptographic key generation based on FaceHashing , 2004, Comput. Secur..

[3]  William C. Barker,et al.  Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories , 2008 .

[4]  Chien-Lung Hsu,et al.  Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks , 2004, Comput. Secur..

[5]  Jan Trobitius,et al.  Anwendung der "Common Criteria for Information Technology Security Evaluation" (CC) / ISO 15408 auf ein SOA Registry-Repository , 2007, Informatiktage.

[6]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[7]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[8]  Rolf Oppliger,et al.  Advanced security techniques for network protection , 2000, Comput. Commun..

[9]  Suresh L. Konda,et al.  An empirical investigation of network attacks on computer systems , 2004, Comput. Secur..

[10]  Audun Jøsang,et al.  Technologies for Trust in Electronic Commerce , 2004, Electron. Commer. Res..

[11]  Jackie Groves Feature: Security for Application Service Providers , 2001 .

[12]  Fei Hu,et al.  Security considerations in ad hoc sensor networks , 2005, Ad Hoc Networks.

[13]  Germán Sáez,et al.  Generation of Key Predistribution Schemes Using Secret Sharing Schemes , 2001, Discret. Appl. Math..

[14]  Costas Lambrinoudakis,et al.  Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy , 2003, Comput. Commun..

[15]  Zbigniew Kotulski,et al.  On automatic secret generation and sharing for Karin-Greene-Hellman scheme , 2003 .

[16]  Oscar Silver Wireless Networks Vulnerable to Attack , 2001 .

[17]  Ahmed Patel,et al.  Support for Legal Framework and Anonymity in the KEYSTONE Public Key Infrastructure Architecture , 2003 .