Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
1Activity
×
0 of .
Results for:
No results containing your search query
P. 1
Enterprise Crypto method for Enhanced Security over semantic web

Enterprise Crypto method for Enhanced Security over semantic web

Ratings: (0)|Views: 258|Likes:
Published by ijcsis
the importance of the semantic web technology for enterprises activities and other business sectors is addressing new patters which demand a security concern among these sectors. The security standard in the semantic web enterprises is a step towards satisfying this demand. Meanwhile, the existing security techniques used for describing security properties of the semantic web that restricts security policy specification and intersection. Furthermore, it’s common for enterprises environments to have loosely-coupled components in the security. RSA used widely to in the enterprises applications to secure long keys and the use of up-to-date implementations, but this algorithm unable to provide a high level of security among the enterprise semantic web. However, different researchers unable to identify whether they can interact in a secure manner based on RSA. Hence, this study aimed to design a new encryption model for securing the enterprise semantic web with taking in account the current RSA technique as a main source of this study.
the importance of the semantic web technology for enterprises activities and other business sectors is addressing new patters which demand a security concern among these sectors. The security standard in the semantic web enterprises is a step towards satisfying this demand. Meanwhile, the existing security techniques used for describing security properties of the semantic web that restricts security policy specification and intersection. Furthermore, it’s common for enterprises environments to have loosely-coupled components in the security. RSA used widely to in the enterprises applications to secure long keys and the use of up-to-date implementations, but this algorithm unable to provide a high level of security among the enterprise semantic web. However, different researchers unable to identify whether they can interact in a secure manner based on RSA. Hence, this study aimed to design a new encryption model for securing the enterprise semantic web with taking in account the current RSA technique as a main source of this study.

More info:

Published by: ijcsis on Nov 02, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

11/02/2010

pdf

text

original

 
 
Enterprise Crypto method for Enhanced Securityover semantic web
Talal Talib JameelDepartment of Medical Laboratory Sciences, Al Yarmouk University CollegeBaghdad, Iraqutmitt69@yahoo.com
 Abstract
 — 
the importance of the semantic web technologyfor enterprises activities and other business sectors isaddressing new patters which demand a security concernamong these sectors. The security standard in thesemantic web enterprises is a step towards satisfying thisdemand. Meanwhile, the existing security techniques usedfor describing security properties of the semantic web thatrestricts security policy specification and intersection.Furthermore, it’s common for enterprises environments tohave loosely-coupled components in the security. RSAused widely to in the enterprises applications to securelong keys and the use of up-to-date implementations, butthis algorithm unable to provide a high level of securityamong the enterprise semantic web. However, differentresearchers unable to identify whether they can interact ina secure manner based on RSA. Hence, this study aimed todesign a new encryption model for securing the enterprisesemantic web with taking in account the current RSAtechnique as a main source of this study.
 Keywords: Agent systems, RSA, ECC, recommendation method, XML, RDF, OWL,
 
enterprise application.
I.
 
I
 NTRODUCTION
 The threats to security are increasing with theemergence of new technologies such as software agents.There have been many attacks in past where maliciousagents entered into agent platforms and destroyed other active agents. Most of researchers refer to the real worldscenario where malicious agent destroyed the other agents on the platform [7]. It will be very critical tofocus on security when agents will be used for missioncritical systems [3]. In that scenario, a security leak could cause a big harm especially among the enterpriseapplications over semantic web [6]. A software agentknows as an important part of semantic web [11]. Theagents help to get and understand information fromdifferent semantic constructs, for instance ontologies,Resource Description Framework (RDF) and (XML).Therefore it is important to secure data and other relevant technologies for safe enterprise semantic web.Multi-agent systems are an environment where differentagents collaborate to perform a specific task [5]. Theinteraction leaves agents in a different enterprisesemantic web vulnerable state, where malicious agentcan enter to the system. For example, a malicious agentcan enter in an agent platform and kill an agent that wasused to perform sales. After killing that agent, thismalicious agent can process the order and send the payment to wrong party [17].The rest of this paper is organized as follows. Issuesof the study are presented in section 2. Section 3 presents the proposed model. The Expected benefits are presented in section 4. Conclusion also introduced insection 5 followed by the references.II.
 
I
SSUES OF THE
S
TUDY
 Often there has been a need to protect information from'prying eyes'. Moreover, enterprises applications alwaysrequire a high level of security. There exist severaltechniques and frameworks for agents' communication,among enterprise semantic web, but none of those provide cross-platform security [1]. For instance, toencrypt data communication between agents. In their technique both source and destination platforms musthave a same cryptography algorithm. Most of theseapproaches negatively affect the performance agent’scommunication. There are a number of users around theglobe using the semantic web applications and anumber of agents are created by those users [1].Therefore, to reduce the bottlenecks, an ad-hoc basedauthentication is required for agent communication.
 A.
 
 Enterprise Semantic Applications
 The enterprise semantic applications defined as platform-independent for supporting semantic webapplication which written in different programminglanguages [8] [11]. The semantic web platform consistsof a set of services and protocols that provide thefunctionality for developing multitiered.The main enterprise semantic web applicationfeatures can be addressed into the following:
 
Working together with the HTML basedapplication that consists on RDF, OWL, andXML to build the HTML web relation or other formatted data for the client.
 
Provide external storage platforms’ that aretransparent to the author.
 
Provide
d
atabase connectivity, for managingand classifying the data contents.These technologies are the important constituentsof semantic web services. It is therefore very likely thatthese services will be agent based in the near future.The success of enterprise application will highly rely onthe implementation and usage of these web services[16]. Agents can use intelligent collaborations in order to achieve global optimization while adhering to localrequirements.Figure 1 presents the enterprise communicationnetwork among its components.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 7, October 201044http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
 Fig 1. Enterprise communication network 
 B.
 
 Encryption over Semantic Web
Generally, several methods can be used to encrypt datastreams, all of which can easily be implementedthrough software, but not so easily decrypted wheneither the original or its encrypted data stream areunavailable [13]. (When both source and encrypted dataare available, code breaking becomes much simpler,though it is not necessarily easy). The best encryptionmethods have little effect on system performance, andmay contain other benefits (such as data compression) built in.The current adopting of the new technology have brought a new ideal integration for securing andsimplifying the data sharing for all components of enterprise applications [9]. The elements of enterpriseapplication which can be possibly configured withinslandered Crypto methods, Table 1 stated the Cryptoalgorithms comparison:Table 1. Crypto algorithms comparison [14]Parameter/algorithm RSA ECC XTR Key length (bits) 1024 161 Comparablewith ECCKey generation time(processor clocks)1 26126126140 540540,5Less thanECC
Encryption time(processor clocks)
 
11 261261,3
 
3 243243243
 
Comparablewith ECC
 
C.
 
 RSA over Semantic Web
Because of the need to ensure that only those eyesintended to view sensitive information can ever see thisinformation, and to ensure that the information arrivesunaltered, security systems have often been employedin computer systems for governments, corporations, andeven individuals [18]. Encryption schemes can be broken, but making them as hard as possible to break isthe job of a good cipher designer. Figure 2 presents theRSA security process from client to server. As shown,the encrypted client data requested public key from theweb decrypts using private key over the internet [15].Fig 2. The RSA security over semantic webThis process (encryption) happens when clientrequests private key from server user name and password. In this way everything client type in andclick on can only be decrypted by server through private key.RSA Crypto example1>> n = pq, where p and q are distinct primes.2>>phi,
φ
= (p-1)(q-1)3>> e < n such that gcd(e, phi)=14>> d = e-1 mod phi.5>> c = me mod n, 1<m<n.6>> m = cd mod n.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 7, October 201045http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
 III.
 
T
HE
P
ROPOSED
M
ODEL
 As known, the representing and accessing of the webcontents among platforms are determined to be a morerecent innovation; most of this representation involvesthe use of other techniques such as (RDF, XML, andOWL) these technologies works together to link systems together. Enterprise application platformindependent facing several security problems in datasharing and accessing which enable web services towork across low level of security. However, thecommunication process in these platforms (Enterpriseapplication) from the client to the service uses certaintechnology that helps to translate the client data andassign its security level based XML as the commonlanguage. This allows one application to call theservices of another application over the network bysending an XML message to it.Thus, our proposed model will be more efficient in away that there is no need for agents communication byencrypting the client requests into public store, whichreduces the processing and communication time. Alsoour proposed model will be platform independent because there is no need to maintain standards for cross-platform agents’ communication security.In a pervasive environment, trust can be used for collaboration among devices. Trust can be computedautomatically without user interference on the basis of direct and indirect communication [2]. In the directcommunication or observation mode the device user’sinteraction history is considered. For this purpose a trustvalue is assigned to each identity in the trust database[12]. There exist some formulas such as (Observationsand recommendations) that use to calculate the singletrust value for the user on the basis of observations andrecommendations [2].This study applies the recommendations techniquewhich aims to specify a degree of trust for each personin the network, for automating trust, which is alsocalled indirect communication [4]. Therefore theobservation and recommendation are used together togenerate a trust value for a user. Given a user trustvalue, a trust category is assigned to user with a valueof low, medium or high. The trust values should beregularly monitored because when a newrecommendation is received new trust value iscompared with its old value and trust database isupdated by the enterprise application services for singleand multi accessing which operate the use accessaccordingly.Recommendations are another method of automating trust, which is also called indirectcommunication [16].Therefore the observation is used together togenerate a trust value for a user. Given a user trustvalue, a trust category is assigned to user with a valueof low, medium or high. The access rights distributionis performed on the basis of the category value. Thetrust values should be regularly monitored becausewhen a new recommendation is received new trustvalue is compared with its old value and trust databaseis updated by update trust category accordingly.Figure3 and 4 presents the type of trust over enterprise applications which model the logicalrelationship between the nodes. These nods will beclassified into several groups such as:
 
Process Request Group: A request for a servicegroup composed of nodes, node I and node n.
 
Register Level Group Provider Group: to provide a service in the network of nodes thatcomprises the group, as these nodes sharecertain files, or the provision of certain goods purchases.
 
Trust Level Group: trust nodes that comprisethe group, node m1, node m2 and node m3.
 
Save trust nodes Group: trust network, trust inother nodes on the path formed by the agent.Fig 3. Two type of trust for agent registration level(public store)Fig 4. Truest network based recommendation andobservation
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 7, October 201046http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->