SlideShare a Scribd company logo

ASDF WSS 2014 Paper 003

Download as PPTX, PDF
Association of Scientists, Developers and Faculties
Association of Scientists, Developers and Faculties

Speech / Paper :-) For more information visit www.asdf.international / www.asdf-wss.com

Science
1 of 22
Prof. Madhulika Bangre (Research Scholar) and Prof. (Dr.) G.T.Thampi (Principal & Research Guide) TSEC,Bandra (W), Mumbai, University Of Mumbai, INDIA bmadhulika03@gmail.com,gtthampi@yahoo.com Kapil Kant Kamal and Manish Kumar Centre for Development of Advanced Computing (C-DAC), Mumbai, India kapil@cdac. in, kmanish@cdac. in Analysis of Security Requirements for M-Governance Project Implementation ASDF WSS- 2014 31-12-2014
Presentation Flow • Abstract • Objective • Introduction • Security Requirements For M-Gov Implementations • Security Analysis of M-Governance Delivery channels • Important Findings • Proposed Solution • Conclusion • References 31-12-2014
Abstract M-Governance provides an additional access tools for e- Government and its processes with the uses of wireless and mobile technologies to deliver services over mobile devices. Though M-Governance extends the accessibility of e- governance to mobile platform, but it also brings along numerous challenges in terms of security and authentication, making it the prime reason behind the apprehension in citizen to use this channel effectively. Hence, adequate levels of security must be ensured before implementing such government applications over wireless/mobile channels. This study discusses real time security requirements of m- governance projects to increase the acceptability of the citizen to this rapidly developing channel. By means of this paper, we propose a separate security module to address the security issues in implementing m-governance project. Further, it also includes case study of Aadhar E-KYC depicting31-12-2014
Objective This study helps in identifying the real time security needs and offers various measures that can be easily incorporated by the government department and application developers for securing the request/response data during transmission via mobile delivery channel. The objective of this paper is to sensitize various implementation agencies to identify the types of security measures which can be easily adopted for the implementation of mobile services and application. Such security specification, may be replicated by other Govt. department where ever necessary which can contribute to the overall success of m-governance. 31-12-2014
Introduction In recent years, many states in India have started offering government services via various mobile delivery channels for catering the needs of citizen by integrating various government departments, services and telecom service providers. Such implementations have helped to create cost effective, efficient and round the clock Government information systems. All the efforts made by Government departments will be futile without the inclusion of security and integrity features in mobile delivery channels like SMS, USSD, WAP, etc. Most of the security measures are already incorporated in m-governance frameworks, but still there are few measures which can help to provide extra layer of security at the department level and application development level, keeping in mind the sensitivity of the citizen data which are exchanged over such mobile31-12-2014
SECURITY REQUIREMENTS FOR M-GOV IMPLEMENTATIONS Developers need to seamlessly integrate security functionality into their mobile applications which should support API for secure communication of data between the user device and the server. The increased use of mobile devices for storage of personal and sensitive data for mobile client application need advanced security for encrypting the stored data. The existing security depends on a username/user-id/mobile number along with PIN/password to verify the user. This method is not sufficient, especially in cases where critical and personal information need to be exchanged over untrusted network. Therefore, it is important for mobile services to have a higher level of security consisting of combinations of two or more parameters like unique registration number, One time Password, biometric details , etc., which can give rise to a reliable authentication system to ensure user authenticity. 31-12-2014
SECURITY ANALYSIS OF M-GOVERNANCE DELIVERY CHANNELS Statistics of Usage: Following are the results of the analysis done based on the independent survey of usage and acceptability of M-governance delivery channels: 1. Which all channels have you used for accessing Govt. services through Mobile platform? 31-12-2014 Figure1.Statistics for Mobile Channel Usage.
Observations 1: Short message service (SMS) channel employs SMS Gateway as the interface for sending and receiving the SMS and value added services. A message sent by the server is received by a Short Message Service Center (SMSC) which makes use of a variety of protocols like SMPP CIMD etc. and then SMSC forwards it through the appropriate GSM or CDMA network to the appropriate mobile device. It has been observed that that the request and the response which are sent using SMS are sent as a plain text. There may be cases where the messages need to be encrypted and only the intended user can view it. This can be achieved by securing the message by encrypting it with a key known only to the intended user. Key Exchange protocol can be used to exchange the key between the back-end server and the user mobile device. Another technique is to use PKI (Public Key Infrastructure) based security measures. 31-12-2014
Observations 2: Mobile Application: The user needs to fill in the necessary information in order to request service from the Govt. Department. The request then takes the form of http request with a URL(Uniform Resource Locator) which hits the appropriate server for processing. It has been observed that the parameters or user credential which forms the request is sent as it is which can be easily tampered by the intruder. This URL can also be encrypted using PKI which is an arrangement that binds public and private keys with respective user identities by means of a CA (Certification Authority). 31-12-2014
PROJECTS The security architectural model depicts a security layer crossing at various levels of external communication that take place between an integrated service delivery platform and various stakeholders like Government departments, network service providers, telecommunication departments, payment bodies, etc. Figure 2.Security Architecture for M-Governance Projects. 31-12-2014
Features 31-12-2014 Major security concerns related to 2G/3G/GPRS networks are dealt by the telecommunication operators. The security of request and response data between the client and the server through the delivery channels (SMS, WAP) should be provided by the department and application developers. The security system should provide flexibility regarding the transmission of data with different data formats like XML, JSON using transport protocols like HTTP/HTTPS and TCP.
Features of Security Architecture 31-12-2014 User Authentication: This component is responsible for authenticating the user as defined by the various transition types. The module will verify the user/mobile number, check for the registration of the user, verify the PIN/password, Biometric information if supported, One- Time-Password (OTP). Departments may choose to use one or more methods to authenticate the user and verify the transaction authenticity. User Authorization: This component is responsible for checking various roles and permission associated with the functions call made to the database server. Different delegation roles are defined for incorporating this feature into the functional modules to check the access rights of the user and the admin. The departments should transmit or share user information only on the user’s authorization.
31-12-2014 Data Encryption: The information which is transferred while calling an API for availing services from various Govt. departments should be encrypted using PKI . The integrity and authenticity of the response can be provided by using digital signatures where in the hash of the message is created by using hash function, and then it will be encrypted by departments’ Private key. This creates the signature by using the cryptographic algorithm. Signature is cross verified. Department is the only private key owner, they cannot deny sending the message. This is called non-repudiation. Transaction Security: Each transaction request will interact with external systems for verification & presentment of the information, will interact with payment module, department module, citizen profile module and other modules for various types of verifications. There is a need for calling business Features of Security Architecture (contd.)
31-12-2014 Alerting /Logging/ Auditing: This component generates alerts for other system components, users, administrators upon occurrence of certain activity or event. Logging involves life-cycle details of the transaction with information about each and every process step. The module need to log all the API calls to the external system with reference data and date-time stamp. Auditing serves the purpose of tracking any changes to the system configurations. The module needs to have ability to configure various elements of the system like database tables, UI, functional flow, parameters at various levels. It maintains audit records for all the authentication request metadata along with the response. Features of Security Architecture (contd.)
Case Study Of Aadhaar e-KYC API The Unique Identification Authority of India (UIDAI) department provides verification of Unique Identification Number (Aadhaar) to all residents of India using E-KYC API. The e-KYC API can be used by an agency to obtain latest resident demographic data and photo data from UIDAI upon the authorization of the user. This case depicts the authentication, key exchange and encryption mechanism adopted by UIDAI for processing the request of the user. 31-12-2014 Figure 3. E-KYC Data Flow
The URL format for Aadhaar KYC service request: 31-12-2014 To support strong end to end security and avoid request tampering and man-in-the-middle attacks, it is essential that encryption of data happened at the time of capture on the user device. E-KYC is a stateless service over HTTPs protocol which make use of XML data format for input and output which allows easy adoption by the user agencies. API input data should be sent to the URL as XML document. https://<host>/kyc/<ver>/<ac>/<uid[0]>/<uid[1]>/<asalk> Host:Aadhar KYC server address Kyc: indicate KYC call Ver :indicate KYC version Ac: unique code foe KUA uid[0] and uid[1] : first 2 digits of Aadhaar number. asalk : A valid KSA license key. It is used for authorization.
The XML data format for authentication API: 31-12-2014 <Kyc ver=“” ts=“” ra=“” rc=“”> <Rad>base64 encoded fully valid Auth XML for resident</Rad> <Signature/> </Kyc> ver:KYC version ts: timestamp of authentication request ra: resident authentication type rs: resident consent to use resident data from Aadhar system <rad>: element contains base64 encoded Auth XML for authentication with a valid transaction value(txn). <Signature>: It is mandatory and used exchanging information regarding digital signature and certificates using which the KSA and KUA ensure the message security and integrity between their servers.
Response XML for the KYC API is as follows: 31-12-2014 <Resp status=“”>encrypted and base64 encoded “KycRes” element</Resp> Resp : container for keeping encrypted KYC data signed by UIDAI. “KysRes” is encrypted using either KSA public key or KUA public key based on the KSA/KUA setup on UIDAI server. KysRes once decoded containing information regarding response, transaction, timestamp, authentication API, UID data, error code in case of error. It also has encoded Signature element to check for message integrity and non-repudiation.
Conclusion 31-12-2014 For successful implementation of such frameworks it is necessary to provide secure, reliable and high quality services and applications to the citizen as per their expectation. The case study provided will surely help m-governance project implementers to understand the security mechanism involved in the authentication of the entities and encryption of the request and response data. Consequently, it will enhance the complete user experience of using this government services using this newly addedresponse data
ACKNOWLEDGMENT We are thankful to C-DAC Mobile Seva team for their practical inputs and for helping us in providing the deeper understanding of m- governance project implementation security issues. We would like to pay our special thanks to Dr. Zia Saquib, Executive Director, C-DAC for supporting us in pursuing this investigation. 31-12-2014
References 1) Antovski, L and Gusev, M 2005, M-Government Framework, Proceedings of the First European Conference on Mobile Government, 10-12 July, University Sussex, Brighton, UK. 2) Mengistu, Desta, Hangjung Zo, and Jae Jeung Rho. "M-government: opportunities and challenges to deliver mobile government services in developing countries." Computer Sciences and Convergence Information Technology, 2009. ICCIT'09. Fourth International Conference on. IEEE, 2009. 3) Kumar, Ranjan, Manish Kumar, and Kapil Kant Kamal. "Indian Ecosystem for Mobile based Service Delivery." www. excelpublish. com: 129. 4) http://india.gov.in/spotlight/mobile-seva-citizen-services-mobile-phones 5) https://mgov.gov.in/ 6) mobile.karnataka.gov.in/ 7) http://www.itmission.kerala.gov.in/mobile-governance.php 8) https://mgov.gov.in/msdpbasic.jsp 9) www.developershome.com/sms/smsIntro.asp 10) A. Pourali, Dr. M. V. Malakooti, Dr. M.H Yektai, " A Secure SMS Model in E- Commerce Payment using Combined AES and ECC Encryption Algorithms", Proceedings of the International conference on Computing Technology and Information Management, Dubai, UAE, pp 431-442,2014. 11) Watari, M.A., A.A. Zaidan and B.B. Zaidan,, 2013. Securing m-government transmission based on symmetric and asymmetric algorithms: a review.. Asian J. Sci. Res., 6: 632-649. 12) http://uidai.gov.in/images/authDoc/d2_authentication_framework_v1.pdf 31-12-2014
Questions?? Thank You 31-12-2014

Recommended

Secure multiple bank transaction log a case study
Secure multiple bank transaction log a case studySecure multiple bank transaction log a case study
Secure multiple bank transaction log a case studyeSAT Publishing House
 
Advanced mechanism for single sign on for distributed computer networks
Advanced mechanism for single sign on for distributed computer networksAdvanced mechanism for single sign on for distributed computer networks
Advanced mechanism for single sign on for distributed computer networkseSAT Journals
 
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secureUvaraj Shan
 
Performance Enhancement of VNSIP approach, using MCAC algorithm
Performance Enhancement of VNSIP approach, using MCAC algorithmPerformance Enhancement of VNSIP approach, using MCAC algorithm
Performance Enhancement of VNSIP approach, using MCAC algorithmijcncs
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...ijcncs
 
A Dashboard of ITS - Tableau de bord du STI
A Dashboard of ITS - Tableau de bord du STIA Dashboard of ITS - Tableau de bord du STI
A Dashboard of ITS - Tableau de bord du STIn allali
 

Recommended

Secure multiple bank transaction log a case study
Secure multiple bank transaction log a case studySecure multiple bank transaction log a case study
Secure multiple bank transaction log a case studyeSAT Publishing House
 
Advanced mechanism for single sign on for distributed computer networks
Advanced mechanism for single sign on for distributed computer networksAdvanced mechanism for single sign on for distributed computer networks
Advanced mechanism for single sign on for distributed computer networkseSAT Journals
 
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secureUvaraj Shan
 
Performance Enhancement of VNSIP approach, using MCAC algorithm
Performance Enhancement of VNSIP approach, using MCAC algorithmPerformance Enhancement of VNSIP approach, using MCAC algorithm
Performance Enhancement of VNSIP approach, using MCAC algorithmijcncs
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...ijcncs
 
A Dashboard of ITS - Tableau de bord du STI
A Dashboard of ITS - Tableau de bord du STIA Dashboard of ITS - Tableau de bord du STI
A Dashboard of ITS - Tableau de bord du STIn allali
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Publishing House
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardConference Papers
 
P0704085089
P0704085089P0704085089
P0704085089IJERD Editor
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Security for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIsSecurity for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIsidescitation
 
Z041106163167
Z041106163167Z041106163167
Z041106163167IJERA Editor
 
Smart-Authentication: A secure web service for providing bus pass renewal system
Smart-Authentication: A secure web service for providing bus pass renewal systemSmart-Authentication: A secure web service for providing bus pass renewal system
Smart-Authentication: A secure web service for providing bus pass renewal systemIRJET Journal
 
Sustainability 07-02028
Sustainability 07-02028Sustainability 07-02028
Sustainability 07-02028Syed Nasir Shah Gillani
 
Authentication Systems in Internet of Things
Authentication Systems in Internet of ThingsAuthentication Systems in Internet of Things
Authentication Systems in Internet of ThingsEswar Publications
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Congestion and overload control techniques in massive M2M systems: a survey
Congestion and overload control techniques in massive M2M systems: a surveyCongestion and overload control techniques in massive M2M systems: a survey
Congestion and overload control techniques in massive M2M systems: a surveyapnegrao
 
Instant messaging tech scet
Instant messaging tech scetInstant messaging tech scet
Instant messaging tech scetpankaj gamit
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)IJNSA Journal
 
ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011prasanna9
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger serviceAditya Gupta
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Journals
 
Dashboard of intelligent transportation system (ITS) using mobile agents stra...
Dashboard of intelligent transportation system (ITS) using mobile agents stra...Dashboard of intelligent transportation system (ITS) using mobile agents stra...
Dashboard of intelligent transportation system (ITS) using mobile agents stra...IJECEIAES
 
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...josephjonse
 
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...ijngnjournal
 
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...International Journal of Computer and Communication System Engineering
 

More Related Content

What's hot

Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Publishing House
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardConference Papers
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Security for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIsSecurity for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIsidescitation
 
Smart-Authentication: A secure web service for providing bus pass renewal system
Smart-Authentication: A secure web service for providing bus pass renewal systemSmart-Authentication: A secure web service for providing bus pass renewal system
Smart-Authentication: A secure web service for providing bus pass renewal systemIRJET Journal
 
Authentication Systems in Internet of Things
Authentication Systems in Internet of ThingsAuthentication Systems in Internet of Things
Authentication Systems in Internet of ThingsEswar Publications
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Congestion and overload control techniques in massive M2M systems: a survey
Congestion and overload control techniques in massive M2M systems: a surveyCongestion and overload control techniques in massive M2M systems: a survey
Congestion and overload control techniques in massive M2M systems: a surveyapnegrao
 
Instant messaging tech scet
Instant messaging tech scetInstant messaging tech scet
Instant messaging tech scetpankaj gamit
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)IJNSA Journal
 
ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011prasanna9
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger serviceAditya Gupta
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 

What's hot (17)

Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communication
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forward
 
P0704085089
P0704085089P0704085089
P0704085089
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobile
 
Security for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIsSecurity for Future Networks: A Prospective Study of AAIs
Security for Future Networks: A Prospective Study of AAIs
 
Z041106163167
Z041106163167Z041106163167
Z041106163167
 
Smart-Authentication: A secure web service for providing bus pass renewal system
Smart-Authentication: A secure web service for providing bus pass renewal systemSmart-Authentication: A secure web service for providing bus pass renewal system
Smart-Authentication: A secure web service for providing bus pass renewal system
 
Sustainability 07-02028
Sustainability 07-02028Sustainability 07-02028
Sustainability 07-02028
 
Authentication Systems in Internet of Things
Authentication Systems in Internet of ThingsAuthentication Systems in Internet of Things
Authentication Systems in Internet of Things
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Congestion and overload control techniques in massive M2M systems: a survey
Congestion and overload control techniques in massive M2M systems: a surveyCongestion and overload control techniques in massive M2M systems: a survey
Congestion and overload control techniques in massive M2M systems: a survey
 
Instant messaging tech scet
Instant messaging tech scetInstant messaging tech scet
Instant messaging tech scet
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
 
ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger service
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor Authentication
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 

Similar to ASDF WSS 2014 Paper 003

Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Journals
 
Dashboard of intelligent transportation system (ITS) using mobile agents stra...
Dashboard of intelligent transportation system (ITS) using mobile agents stra...Dashboard of intelligent transportation system (ITS) using mobile agents stra...
Dashboard of intelligent transportation system (ITS) using mobile agents stra...IJECEIAES
 
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...josephjonse
 
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...ijngnjournal
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computingijcsa
 
Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
 
Addressing Security Issues and Challenges in Mobile Cloud Computing
Addressing Security Issues and Challenges in Mobile Cloud ComputingAddressing Security Issues and Challenges in Mobile Cloud Computing
Addressing Security Issues and Challenges in Mobile Cloud ComputingEditor IJCATR
 
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Dr.Irshad Ahmed Sumra
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357IJMER
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerTELKOMNIKA JOURNAL
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
 
IRJET- An Overview on Mobile Cloud Computing
IRJET- An Overview on Mobile Cloud ComputingIRJET- An Overview on Mobile Cloud Computing
IRJET- An Overview on Mobile Cloud ComputingIRJET Journal
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) ijceronline
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security Systemijfcstjournal
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secureUvaraj Shan
 

Similar to ASDF WSS 2014 Paper 003 (20)

Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communication
 
Dashboard of intelligent transportation system (ITS) using mobile agents stra...
Dashboard of intelligent transportation system (ITS) using mobile agents stra...Dashboard of intelligent transportation system (ITS) using mobile agents stra...
Dashboard of intelligent transportation system (ITS) using mobile agents stra...
 
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
 
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
 
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computing
 
Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed Network
 
Addressing Security Issues and Challenges in Mobile Cloud Computing
Addressing Security Issues and Challenges in Mobile Cloud ComputingAddressing Security Issues and Challenges in Mobile Cloud Computing
Addressing Security Issues and Challenges in Mobile Cloud Computing
 
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
 
IRJET- An Overview on Mobile Cloud Computing
IRJET- An Overview on Mobile Cloud ComputingIRJET- An Overview on Mobile Cloud Computing
IRJET- An Overview on Mobile Cloud Computing
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security System
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secure
 

More from Association of Scientists, Developers and Faculties

More from Association of Scientists, Developers and Faculties (20)

Core conferences bta 19 paper 12
Core conferences bta 19 paper 12Core conferences bta 19 paper 12
Core conferences bta 19 paper 12
 
Core conferences bta 19 paper 10
Core conferences bta 19 paper 10Core conferences bta 19 paper 10
Core conferences bta 19 paper 10
 
Core conferences bta 19 paper 8
Core conferences bta 19 paper 8Core conferences bta 19 paper 8
Core conferences bta 19 paper 8
 
Core conferences bta 19 paper 7
Core conferences bta 19 paper 7Core conferences bta 19 paper 7
Core conferences bta 19 paper 7
 
Core conferences bta 19 paper 6
Core conferences bta 19 paper 6Core conferences bta 19 paper 6
Core conferences bta 19 paper 6
 
Core conferences bta 19 paper 5
Core conferences bta 19 paper 5Core conferences bta 19 paper 5
Core conferences bta 19 paper 5
 
Core conferences bta 19 paper 4
Core conferences bta 19 paper 4Core conferences bta 19 paper 4
Core conferences bta 19 paper 4
 
Core conferences bta 19 paper 3
Core conferences bta 19 paper 3Core conferences bta 19 paper 3
Core conferences bta 19 paper 3
 
Core conferences bta 19 paper 2
Core conferences bta 19 paper 2Core conferences bta 19 paper 2
Core conferences bta 19 paper 2
 
CoreConferences Batch A 2019
CoreConferences Batch A 2019CoreConferences Batch A 2019
CoreConferences Batch A 2019
 
International Conference on Cloud of Things and Wearable Technologies 2018
International Conference on Cloud of Things and Wearable Technologies 2018International Conference on Cloud of Things and Wearable Technologies 2018
International Conference on Cloud of Things and Wearable Technologies 2018
 
ICCELEM 2017
ICCELEM 2017ICCELEM 2017
ICCELEM 2017
 
ICSSCCET 2017
ICSSCCET 2017ICSSCCET 2017
ICSSCCET 2017
 
ICAIET 2017
ICAIET 2017ICAIET 2017
ICAIET 2017
 
ICICS 2017
ICICS 2017ICICS 2017
ICICS 2017
 
ICACIEM 2017
ICACIEM 2017ICACIEM 2017
ICACIEM 2017
 
A Typical Sleep Scheduling Algorithm in Cluster Head Selection for Energy Eff...
A Typical Sleep Scheduling Algorithm in Cluster Head Selection for Energy Eff...A Typical Sleep Scheduling Algorithm in Cluster Head Selection for Energy Eff...
A Typical Sleep Scheduling Algorithm in Cluster Head Selection for Energy Eff...
 
Application of Agricultural Waste in Preparation of Sustainable Construction ...
Application of Agricultural Waste in Preparation of Sustainable Construction ...Application of Agricultural Waste in Preparation of Sustainable Construction ...
Application of Agricultural Waste in Preparation of Sustainable Construction ...
 
Survey and Research Challenges in Big Data
Survey and Research Challenges in Big DataSurvey and Research Challenges in Big Data
Survey and Research Challenges in Big Data
 
Asynchronous Power Management Using Grid Deployment Method for Wireless Senso...
Asynchronous Power Management Using Grid Deployment Method for Wireless Senso...Asynchronous Power Management Using Grid Deployment Method for Wireless Senso...
Asynchronous Power Management Using Grid Deployment Method for Wireless Senso...
 

Recently uploaded

Recombinant DNA technology( Transgenic plant and animal)
Recombinant DNA technology( Transgenic plant and animal)Recombinant DNA technology( Transgenic plant and animal)
Recombinant DNA technology( Transgenic plant and animal)DHURKADEVIBASKAR
 
Pests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdfPests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdfPirithiRaju
 
GenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptxGenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptxBerniceCayabyab1
 
TOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physicsTOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physicsssuserddc89b
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024AyushiRastogi48
 
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)riyaescorts54
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naJASISJULIANOELYNV
 
Environmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial BiosensorEnvironmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial Biosensorsonawaneprad
 
Manassas R - Parkside Middle School 🌎🏫
Manassas R - Parkside Middle School 🌎🏫Manassas R - Parkside Middle School 🌎🏫
Manassas R - Parkside Middle School 🌎🏫qfactory1
 
Scheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxScheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxyaramohamed343013
 
Pests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdfPests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdfPirithiRaju
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PPRINCE C P
 
Pests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdfPests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdfPirithiRaju
 
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptxSTOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptxMurugaveni B
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeSatoshi NAKAHIRA
 
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.PraveenaKalaiselvan1
 
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxTHE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxNandakishor Bhaurao Deshmukh
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Nistarini College, Purulia (W.B) India
 
Microphone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptxMicrophone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptxpriyankatabhane
 

Recently uploaded (20)

Recombinant DNA technology( Transgenic plant and animal)
Recombinant DNA technology( Transgenic plant and animal)Recombinant DNA technology( Transgenic plant and animal)
Recombinant DNA technology( Transgenic plant and animal)
 
Pests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdfPests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdf
 
GenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptxGenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptx
 
TOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physicsTOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physics
 
Engler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomyEngler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomy
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024
 
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by na
 
Environmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial BiosensorEnvironmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial Biosensor
 
Manassas R - Parkside Middle School 🌎🏫
Manassas R - Parkside Middle School 🌎🏫Manassas R - Parkside Middle School 🌎🏫
Manassas R - Parkside Middle School 🌎🏫
 
Scheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxScheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docx
 
Pests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdfPests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdf
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C P
 
Pests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdfPests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdf
 
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptxSTOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real time
 
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
 
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxTHE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...
 
Microphone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptxMicrophone- characteristics,carbon microphone, dynamic microphone.pptx
Microphone- characteristics,carbon microphone, dynamic microphone.pptx
 

ASDF WSS 2014 Paper 003

  • 1. Prof. Madhulika Bangre (Research Scholar) and Prof. (Dr.) G.T.Thampi (Principal & Research Guide) TSEC,Bandra (W), Mumbai, University Of Mumbai, INDIA bmadhulika03@gmail.com,gtthampi@yahoo.com Kapil Kant Kamal and Manish Kumar Centre for Development of Advanced Computing (C-DAC), Mumbai, India kapil@cdac. in, kmanish@cdac. in Analysis of Security Requirements for M-Governance Project Implementation ASDF WSS- 2014 31-12-2014
  • 2. Presentation Flow • Abstract • Objective • Introduction • Security Requirements For M-Gov Implementations • Security Analysis of M-Governance Delivery channels • Important Findings • Proposed Solution • Conclusion • References 31-12-2014
  • 3. Abstract M-Governance provides an additional access tools for e- Government and its processes with the uses of wireless and mobile technologies to deliver services over mobile devices. Though M-Governance extends the accessibility of e- governance to mobile platform, but it also brings along numerous challenges in terms of security and authentication, making it the prime reason behind the apprehension in citizen to use this channel effectively. Hence, adequate levels of security must be ensured before implementing such government applications over wireless/mobile channels. This study discusses real time security requirements of m- governance projects to increase the acceptability of the citizen to this rapidly developing channel. By means of this paper, we propose a separate security module to address the security issues in implementing m-governance project. Further, it also includes case study of Aadhar E-KYC depicting31-12-2014
  • 4. Objective This study helps in identifying the real time security needs and offers various measures that can be easily incorporated by the government department and application developers for securing the request/response data during transmission via mobile delivery channel. The objective of this paper is to sensitize various implementation agencies to identify the types of security measures which can be easily adopted for the implementation of mobile services and application. Such security specification, may be replicated by other Govt. department where ever necessary which can contribute to the overall success of m-governance. 31-12-2014
  • 5. Introduction In recent years, many states in India have started offering government services via various mobile delivery channels for catering the needs of citizen by integrating various government departments, services and telecom service providers. Such implementations have helped to create cost effective, efficient and round the clock Government information systems. All the efforts made by Government departments will be futile without the inclusion of security and integrity features in mobile delivery channels like SMS, USSD, WAP, etc. Most of the security measures are already incorporated in m-governance frameworks, but still there are few measures which can help to provide extra layer of security at the department level and application development level, keeping in mind the sensitivity of the citizen data which are exchanged over such mobile31-12-2014
  • 6. SECURITY REQUIREMENTS FOR M-GOV IMPLEMENTATIONS Developers need to seamlessly integrate security functionality into their mobile applications which should support API for secure communication of data between the user device and the server. The increased use of mobile devices for storage of personal and sensitive data for mobile client application need advanced security for encrypting the stored data. The existing security depends on a username/user-id/mobile number along with PIN/password to verify the user. This method is not sufficient, especially in cases where critical and personal information need to be exchanged over untrusted network. Therefore, it is important for mobile services to have a higher level of security consisting of combinations of two or more parameters like unique registration number, One time Password, biometric details , etc., which can give rise to a reliable authentication system to ensure user authenticity. 31-12-2014
  • 7. SECURITY ANALYSIS OF M-GOVERNANCE DELIVERY CHANNELS Statistics of Usage: Following are the results of the analysis done based on the independent survey of usage and acceptability of M-governance delivery channels: 1. Which all channels have you used for accessing Govt. services through Mobile platform? 31-12-2014 Figure1.Statistics for Mobile Channel Usage.
  • 8. Observations 1: Short message service (SMS) channel employs SMS Gateway as the interface for sending and receiving the SMS and value added services. A message sent by the server is received by a Short Message Service Center (SMSC) which makes use of a variety of protocols like SMPP CIMD etc. and then SMSC forwards it through the appropriate GSM or CDMA network to the appropriate mobile device. It has been observed that that the request and the response which are sent using SMS are sent as a plain text. There may be cases where the messages need to be encrypted and only the intended user can view it. This can be achieved by securing the message by encrypting it with a key known only to the intended user. Key Exchange protocol can be used to exchange the key between the back-end server and the user mobile device. Another technique is to use PKI (Public Key Infrastructure) based security measures. 31-12-2014
  • 9. Observations 2: Mobile Application: The user needs to fill in the necessary information in order to request service from the Govt. Department. The request then takes the form of http request with a URL(Uniform Resource Locator) which hits the appropriate server for processing. It has been observed that the parameters or user credential which forms the request is sent as it is which can be easily tampered by the intruder. This URL can also be encrypted using PKI which is an arrangement that binds public and private keys with respective user identities by means of a CA (Certification Authority). 31-12-2014
  • 10. PROJECTS The security architectural model depicts a security layer crossing at various levels of external communication that take place between an integrated service delivery platform and various stakeholders like Government departments, network service providers, telecommunication departments, payment bodies, etc. Figure 2.Security Architecture for M-Governance Projects. 31-12-2014
  • 11. Features 31-12-2014 Major security concerns related to 2G/3G/GPRS networks are dealt by the telecommunication operators. The security of request and response data between the client and the server through the delivery channels (SMS, WAP) should be provided by the department and application developers. The security system should provide flexibility regarding the transmission of data with different data formats like XML, JSON using transport protocols like HTTP/HTTPS and TCP.
  • 12. Features of Security Architecture 31-12-2014 User Authentication: This component is responsible for authenticating the user as defined by the various transition types. The module will verify the user/mobile number, check for the registration of the user, verify the PIN/password, Biometric information if supported, One- Time-Password (OTP). Departments may choose to use one or more methods to authenticate the user and verify the transaction authenticity. User Authorization: This component is responsible for checking various roles and permission associated with the functions call made to the database server. Different delegation roles are defined for incorporating this feature into the functional modules to check the access rights of the user and the admin. The departments should transmit or share user information only on the user’s authorization.
  • 13. 31-12-2014 Data Encryption: The information which is transferred while calling an API for availing services from various Govt. departments should be encrypted using PKI . The integrity and authenticity of the response can be provided by using digital signatures where in the hash of the message is created by using hash function, and then it will be encrypted by departments’ Private key. This creates the signature by using the cryptographic algorithm. Signature is cross verified. Department is the only private key owner, they cannot deny sending the message. This is called non-repudiation. Transaction Security: Each transaction request will interact with external systems for verification & presentment of the information, will interact with payment module, department module, citizen profile module and other modules for various types of verifications. There is a need for calling business Features of Security Architecture (contd.)
  • 14. 31-12-2014 Alerting /Logging/ Auditing: This component generates alerts for other system components, users, administrators upon occurrence of certain activity or event. Logging involves life-cycle details of the transaction with information about each and every process step. The module need to log all the API calls to the external system with reference data and date-time stamp. Auditing serves the purpose of tracking any changes to the system configurations. The module needs to have ability to configure various elements of the system like database tables, UI, functional flow, parameters at various levels. It maintains audit records for all the authentication request metadata along with the response. Features of Security Architecture (contd.)
  • 15. Case Study Of Aadhaar e-KYC API The Unique Identification Authority of India (UIDAI) department provides verification of Unique Identification Number (Aadhaar) to all residents of India using E-KYC API. The e-KYC API can be used by an agency to obtain latest resident demographic data and photo data from UIDAI upon the authorization of the user. This case depicts the authentication, key exchange and encryption mechanism adopted by UIDAI for processing the request of the user. 31-12-2014 Figure 3. E-KYC Data Flow
  • 16. The URL format for Aadhaar KYC service request: 31-12-2014 To support strong end to end security and avoid request tampering and man-in-the-middle attacks, it is essential that encryption of data happened at the time of capture on the user device. E-KYC is a stateless service over HTTPs protocol which make use of XML data format for input and output which allows easy adoption by the user agencies. API input data should be sent to the URL as XML document. https://<host>/kyc/<ver>/<ac>/<uid[0]>/<uid[1]>/<asalk> Host:Aadhar KYC server address Kyc: indicate KYC call Ver :indicate KYC version Ac: unique code foe KUA uid[0] and uid[1] : first 2 digits of Aadhaar number. asalk : A valid KSA license key. It is used for authorization.
  • 17. The XML data format for authentication API: 31-12-2014 <Kyc ver=“” ts=“” ra=“” rc=“”> <Rad>base64 encoded fully valid Auth XML for resident</Rad> <Signature/> </Kyc> ver:KYC version ts: timestamp of authentication request ra: resident authentication type rs: resident consent to use resident data from Aadhar system <rad>: element contains base64 encoded Auth XML for authentication with a valid transaction value(txn). <Signature>: It is mandatory and used exchanging information regarding digital signature and certificates using which the KSA and KUA ensure the message security and integrity between their servers.
  • 18. Response XML for the KYC API is as follows: 31-12-2014 <Resp status=“”>encrypted and base64 encoded “KycRes” element</Resp> Resp : container for keeping encrypted KYC data signed by UIDAI. “KysRes” is encrypted using either KSA public key or KUA public key based on the KSA/KUA setup on UIDAI server. KysRes once decoded containing information regarding response, transaction, timestamp, authentication API, UID data, error code in case of error. It also has encoded Signature element to check for message integrity and non-repudiation.
  • 19. Conclusion 31-12-2014 For successful implementation of such frameworks it is necessary to provide secure, reliable and high quality services and applications to the citizen as per their expectation. The case study provided will surely help m-governance project implementers to understand the security mechanism involved in the authentication of the entities and encryption of the request and response data. Consequently, it will enhance the complete user experience of using this government services using this newly addedresponse data
  • 20. ACKNOWLEDGMENT We are thankful to C-DAC Mobile Seva team for their practical inputs and for helping us in providing the deeper understanding of m- governance project implementation security issues. We would like to pay our special thanks to Dr. Zia Saquib, Executive Director, C-DAC for supporting us in pursuing this investigation. 31-12-2014
  • 21. References 1) Antovski, L and Gusev, M 2005, M-Government Framework, Proceedings of the First European Conference on Mobile Government, 10-12 July, University Sussex, Brighton, UK. 2) Mengistu, Desta, Hangjung Zo, and Jae Jeung Rho. "M-government: opportunities and challenges to deliver mobile government services in developing countries." Computer Sciences and Convergence Information Technology, 2009. ICCIT'09. Fourth International Conference on. IEEE, 2009. 3) Kumar, Ranjan, Manish Kumar, and Kapil Kant Kamal. "Indian Ecosystem for Mobile based Service Delivery." www. excelpublish. com: 129. 4) http://india.gov.in/spotlight/mobile-seva-citizen-services-mobile-phones 5) https://mgov.gov.in/ 6) mobile.karnataka.gov.in/ 7) http://www.itmission.kerala.gov.in/mobile-governance.php 8) https://mgov.gov.in/msdpbasic.jsp 9) www.developershome.com/sms/smsIntro.asp 10) A. Pourali, Dr. M. V. Malakooti, Dr. M.H Yektai, " A Secure SMS Model in E- Commerce Payment using Combined AES and ECC Encryption Algorithms", Proceedings of the International conference on Computing Technology and Information Management, Dubai, UAE, pp 431-442,2014. 11) Watari, M.A., A.A. Zaidan and B.B. Zaidan,, 2013. Securing m-government transmission based on symmetric and asymmetric algorithms: a review.. Asian J. Sci. Res., 6: 632-649. 12) http://uidai.gov.in/images/authDoc/d2_authentication_framework_v1.pdf 31-12-2014