A Resilient Access Control Scheme for Secure Electronic Transactions
نویسنده
چکیده
There have been m any studies ofthe m anagem entofpersonalsecretssuch asPIN codes,passwords,etc.,in access controlm echanism s. The leakage of personal secrets is one of the m ost significant problem s in access control. To reducesuch risks,wesuggesta way ofauthenticating custom ers withouttransferring explicitcustom ersecrets.Furtherm ore,wegivea secureonline transaction schem e based on ouraccesscontrolm echanism . N eedham gave an exam ple ofPersonalIdentification N um ber (PIN )m anagem ent for banking system s[N ee97]thatpresented a way to control PIN codes. It inspired us to develop an access controlm odelfor electronic transactions which enforces a strict role definition for personalsecretgeneration and m aintenance. W e extend it to a paym ent m odel. Our schem e provides enhanced privacy for custom ers, non-repudiation of origin for the custom er order and paym ent transactions,and protection from personalsecret leakage. Since itdoes notrely on either public keycryptosystem sorauxiliary hardwaresuch as chip cardsand readers,itsdeploym entwithin existing environm entscould becost-effective. This work is supported in part by the EPSRC,under grantnum berGR/L95809 on ResilientSecurityM echanism s. The views and conclusions in this paper are that ofthe authoralone.
منابع مشابه
Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملCloud Computing 1. Attribute Based Encryption with Privacy Preserving In Clouds
Security and privacy are very important issues in cloud computing. In existing system access control in clouds are centralize d in nature. The scheme uses a symmetric key approach and does not support authentication. Symmetric key algorithm uses same key for both encryption and decryption. The authors take a centralized approach where a single key distribution center (KDC) distributes secret ke...
متن کاملAttribute based Encryption and Key Distribution for Secure Storage in Clouds
A new decentralized access control scheme is used for secure data storage in clouds that supports anonymous authentication. According to this scheme a user can create a file and store it securely in the cloud. Decryption will only work if the attributes associated with the decryption key match the policy used to encrypt the message. The cloud verifies the authenticity of the users without knowi...
متن کاملTrustworthy and Resilient Time Synchronization in Wireless Sensor Networks
SUN, KUN. Trustworthy and Resilient Time Synchronization in Wireless Sensor Networks. (Under the direction of Dr. Peng Ning and Dr. Cliff Wang.) Wireless sensor networks have received a lot of attention recently due to its wide applications. Accurate and synchronized time is crucial in many sensor network applications. A number of time synchronization schemes have been proposed recently to addr...
متن کاملA Secure Chaos-Based Communication Scheme in Multipath Fading Channels Using Particle Filtering
In recent years chaotic secure communication and chaos synchronization have received ever increasing attention. Unfortunately, despite the advantages of chaotic systems, Such as, noise-like correlation, easy hardware implementation, multitude of chaotic modes, flexible control of their dynamics, chaotic self-synchronization phenomena and potential communication confidence due to the very dynami...
متن کامل