Secure data collection in Virtual Organizations
Monitoring information system of a virtual organization should, despite frequent changes in its organization and operation, allow analysis in a given period of time (i.e. during past year). This requires gathering huge amount of data from multiple, often geographically distributed locations. Because the subject of monitoring forms a set of sensitive data (information system components’ state of security reports), it is important to provide confidentiality and integrity of communication and all sets of such data. Only if the source of acquired data (e.g. agent) is trusted and the data itself reach repository in untouched form, with no third-party influence, data can be trusted and saved.
A common way to provide confidentiality and integrity (including protection against denial of origin) is application of asymmetric cryptography of PKI in the form of digital signature and encryption. Unfortunately, the downside of PKI is long path of signature verification, troublesome especially in the case of sending numerous reports of small size, e.g. through mobile connections. One of possible alternative approaches is to rely on certificateless cryptography CL-PKC by Al-Riyami and Patterson, as it gets rid of multilayer certificate verification path. A simple identity verification protocol by Pejaś and Klasa was designed to solve a similar problem, assuming that a reasonable man is on one side of verification and the other side is any kind of service and communication scheme. The protocol, however, did not include any kind of role verification, which means that it is not possible to say, whether adversary is authorized to receive certain sort of data. To solve this problem, the original protocol was adapted. It still provides sufficient security and simple verification of each message, but was supplemented with additional verification of adversary role in the system. Security of the model was verified formally.
Information security, virtual organizations, security monitoring
- Al-Riyami S.S., Paterson K.G. (2003). Certificateless public key cryptography. [red.] Laih C.S. Advances in Cryptology – Asiacrypt 2003, Lecture Notes in Computer Science. 2003, Tom 2894, strony 452–473.
- Zhao, Z. (2014) An Efficient Anonymous Authentication Scheme for Wireless Body Area Networks Using Elliptic Curve Cryptosystem. Journal of Medical Systems, 38:12, Feb.2014.
- Guo, R., Wen, Q., Jin, Z., Zhang, H. (2013) An Efficient and Secure Certificateless Authentication Protocol for Healthcare System on Wireless Medical Sensor Networks, The Scientific World Journal, vol. 2013.
- Cohen, S. (1997). On becoming virtual. Training and Development. 1997, 51:5.
- Długosz, P. (2010). Wybrane aspekty bezpieczeństwa systemów ochrony. Bezpieczeństwo transmisji danych. Zabezpieczenia. 2010, 3.
- Al. Baalbaki, Bilal, et al. (2013). Autonomic Critical Infrastructure Protection (ACIP) System. 2013 ACS International Conference on Computer Systems and Applications (AICCSA). 2013.
- Ghani, Hamza, et al. (2014). Assessing the security of internet-connected critical infrastructures. Security Comm. Networks. 2014, 7, pp. 2713–2725.
- United States Code. (2006). Title 44, Chapter 35, Subchapter III. 2006.
- Liber, A. (2008). Kryminalistyczne badanie oprogramowania zabezpieczanego w sprawach karnych. [book auth.] Mazur Z. (red.) Huzar Z. (red.). Zagadnienia Bezpieczeństwa w systemach informacyjnych. Warszawa : Wydawnictwa Komunikacji i Łączności, 2008 (in Polish).
- Szmit, M. (2014). Wybrane zagadnienia opiniowania sądowo-informatycznego. Warszawa : Polskie Towarzystwo Informatyczne, 2014 (in Polish).
- Pejaś, J., Klasa, T. (2010). Identity verification based on certificateless public key cryptography. Pomiary Automatyka Kontrola. 2010, Tom Vol.56, 12-2010.
- Klasa, T. (2010) Elektroniczna weryfikacja tożsamości w medycznych systemach informacyjnych. Zeszyty Naukowe Studia Informatica. 2010, 25. (in Polish).
- Burrows, M., Abadi, M. and Needham, R. (1990) A Logic of Authentication. SRC Research Report 39. s.l.: Digital Equipment Corporation, 1990.
Back to list