Towards a Framework for Supporting Unconditionally Secure Authentication Services within E-Government Infrastructures
DOI:
https://doi.org/10.21928/juhd.v2n3y2016.pp490-497Keywords:
A-codes, authentication, e-government, unconditional securityAbstract
It has been noticed by many researchers that the speed of ICT advancement in developing, deploying, and using e-government infrastructures is much faster than the development and deployment of security services. Therefore, government organizations are still suffering from the existence and emerging of security risks. One important category of cryptographic primitives that needs to be considered in this respect is the unconditionally secure message authentication codes (or A-codes). These A-codes are cryptographically approached based on information theory. They offer unconditional security, i.e., security independent of the computing power of an adversary. For many years, it was widely thought that A-codes were impractical for real applications. However, in recent years, many A-codes have been developed which are extremely efficient in terms of computations and key requirements.
The aim of this work is to show the importance and validation of including unconditionally secure authentication services within e-government infrastructures. We believe that all main e-government services can get benefit from that in a way or another. This includes Government to Citizen (G2C), Government to Business (G2B), Government to Government (G2G), and Government to Constituents (E-Democracy) services. The work highlights the basic requirements for a general framework that facilitates the inclusion of such authentication services within the security infrastructure of e-government.
References
[2] _____, “Authentication in an Internet Banking Environment,” Federal Financial Institutions Examination Council (FFIEC), Arlington, VA, USA, 2009, http://www.ffiec.gov.
[3] A. Adegun, A. Adigun, and E. Asani, “A REVIEW OF TRENDS OF AUTHENTICATION MECHANISMS FOR ACCESS CONTROL,” Computing, Information Systems, Development Informatics & Allied Research Journal, Vol. 5, No. 2, June 2014.
[4] Frederique Oggier and Hanane Fathi, “An Authentication Code against Pollution Attacks in Network Coding,” IEEE/ACM Transactions on Networking, Vol. 19, Issue 6, pp. 1587 – 1596, Dec. 2011.
[5] Goichiro Hanaoka, Junji Shikata, Yuliang Zheng, and Hideki Imai, “Efficient and Unconditionally Secure Digital Signatures and a Security Analysis of a Multireceiver Authentication Code,” D. Naccache and P. Paillier (Eds.): PKC 2002, LNCS, Vol. 2274, Springer-Verlag, pp. 64–79, 2002.
[6] Johannes Buchmann et al, “Post-Quantum Signatures,” eprint.iacr.org, September 30, 2004
[7] Shailendra C. Jain Palvia and Sushil S. Sharma, “E-Government and E-Governance: Definitions/Domain Framework and Status around the World,” Foundations of E-government, Computer Society of India.
[8] Geoffrey Karokola, Stewart Kowalski and Louise Yngström, “Secure e-Government Services: Towards A Framework for Integrating IT Security Services into e-Government Maturity Models,” Department of Computer and Systems Sciences, Stockholm University/Royal Institute of Technology, Forum 100, SE-164 40 Kista, Sweden
[9] Geoffrey Rwezaura Karokola, “A Framework for Securing e-Government Services- The Case of Tanzania,” Doctoral Thesis in Computer and Systems Sciences, Stockholm University, Sweden, 2012.
[10] A. Rabaiah and E. Vandijck, “A Strategic Framework of e-Government: Generic and Best Practice,” Electronic Journal of e-Government, Vol. 7, Issue 3, 2009, pp. 241-258.
[11] Bart Preneel, “Cryptographic Primitives for Information Authentication: State of the Art,” Appeared in State of the Art and Evolution of Computer Security and Industrial Cryptography, Lecture Notes in Computer Science, vol. 1528, Springer-Verlag, 1998, pp. 50-105.
[12] Huaxiong Wang, Chaoping Xing, and Rei Safavi-Naini, “Linear Authentication Codes: Bounds and Constructions,” IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 49, NO. 4, APRIL 2003, pp. 866-872.
[13] Aysajan Abidin and Jan-°Ake Larsson, “Direct Proof of Security of Wegman-Carter Authentication with Partially Known Key,” Quantum Information Processing, Vol. 13, No. 10, pp. 2155-2170, 2013.
[14] D.R. Stinson, “Universal hashing and authentication codes,” Advances in Cryptology-CRYPTO’91, Lect. Notes in Comput. Sci., Vol. 576, pp. 74-85, 1992.
[15] Sufyan T. Faraj Al-Janabi, “Unconditionally Secure Authentication in Quantum Key Distribution,” i-manager's Journal on Software Engineering, India, Vol. 1, No. 3, 2007, pp.31-42
[16] J.L Carter and M.N. Wegman, “Universal classes of hash functions,” J. Comput. and System. Sci., Vol. 18, pp. 143-154, 1979.
[17] M.N. Wegman and J.L Carter, “New hash functions and their use in authentication and set equality,” J. Comput. and System. Sci., Vol. 22, pp. 256-279, 1981.
[18] Thomas Johansson, “Bucket hashing with a small key size,” W. Fumy (Ed.): Advances in Cryptology - EUROCRYPT ’97, LNCS 1233, Springer-Verlag, pp. 149-162, 1997.
[19] Phillip Rogaway, “Bucket Hashing and its Application to Fast Message Authentication,” Department of Computer Science, University of California, Davis, October 13, 1997 ( an Earlier version appeared in Advances in Cryptology – CRYPTO ’95).
[20] Lj. Antovski, M. Gušev, “E-BANKING – DEVELOPING FUTURE WITH ADVANCED TECHNOLOGIES,” Proceedings of the Second International Conference on Informatics and Information Technology (2nd Int. Conf. CiiT), Molika, 20-23 Dec. 2001, 154-164.
[21] Herbert Leitold, Arno Hollosi, and Reinhard Posch, “Security Architecture of the Austrian Citizen Card Concept,” Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC '02), p. 391, 2002.
[22] Audun Josang, Kent A. Vardemal, Christophe Rosenberger, and Rajendra Kumar, “Service Provider Authentication Assurance,” International Conference on Privacy, Security and Trust (PST), 2012, Paris, France, 2012.
[23] R. Alléaumea et al, “Using quantum key distribution for cryptographic purposes: a survey,” arXiv:quant-ph/0701168v3, 4 Dec. 2014.
[24] Sufyan T. Faraj Al-Janabi, “A Novel Extension of SSL/TLS Based on Quantum Key Distribution,” Proceedings of the International Conference on Computer and Communication Engineering 2008 (ICCCE08), VOLUME I, pp. 919-922, Malaysia, May 13-15, 2008.
[25] M. Peev, M. Nolle, O. Maurhardt, T. Lorunser, M. Suda, A. Poppe, R. Ursin, A. Fedrizzi, and A. Zeilinger, “A novel protocol-authentication algorithm ruling out a man-in-the-middle attack in quantum cryptography,” quant-ph/0407131, June 2005.
[26] JUNG MIN PARK, EDWIN K. P. CHONG, and HOWARD JAY SIEGEL, “Efficient Multicast Stream Authentication Using Erasure Codes”, 2001 ACM 1073-0516/01/0300-0034.
[27] Rei Safavi-Niani and Huaxiong Wang,” New results on multi-receiver authentication codes,” In Advances in Cryptology - Eurocrypt’98, volume 1403 of Lecture Notes in Computer Science, pp. 527 – 541, Espoo, Finland, June 1998. Springer - Verlag.
[28] M. Atici and D.R. Stinson, “Universal hashing and multiple authentication,” Advances in Cryptology-CRYPTO’96, Lect. Notes in Comput. Sci., Vol. 1109, pp. 16-30, 1996.
[29] Shai Halevi and Hugo Krawczyk,” MMH: Software message authentication in the Gbit/second rates,” Proceedings of the 4th Workshop on Fast Software Encryption, LNCS, Vol. 1267, Springer, 1997, pp. 172-189.
[30] Goichiro Hanaoka, Junji Shikata, Yuliang Zheng, and Hideki Imai, “Unconditionally Secure Digital Signature Schemes Admitting Transferability,” T. Okamoto (Ed.): ASIACRYPT2000, LNCS, Vol. 1976, Springer-Verlag, pp. 130–142, 2000.
[31] G. Hanaoka, J. Shikata, Y. Hanaoka, and H. Imai, “Unconditionally secure anonymous encryption and group authentication,” The Computer Journal, Vol. 49, pp.310-321, May 2006.
[32] T. Seito, Y. Watanabe, K. Kinose, and J. Shikata, “Information-Theoretically Secure Anonymous Group Authentication with Arbitration: Formal Definition and Construction,” Proc. of Annual Workshop on Mathematical and Computer Science, Josai Mathematical Monograph 7, pp.85-110, Tokyo, Japan, March 2014.
[33] Zhaohui Tang, “Homomorphic Authentication Codes for Network Coding,” CONCURRENCY AND COMPUTATION: PRACTICE AND EXPERIENCE, Wiley InterScience, Volume 27, Issue 15,
October 2015, pp. 3892–3911
[34] Hong Yang and Mingxi Yang, “An Unconditionally Secure Authentication Code for Multi-Source Network Coding,” I. J. Wireless and Microwave Technologies, MECS, 2012, 1, pp. 45-52.
[35] Basel Alomair and Radha Poovendran, “Information Theoretically Secure Encryption with Almost Free Authentication”, Journal of Universal Computer Science, vol. 15, no. 15 (2009), pp. 2937-2956.
[36] Basel Alomair and Radha Poovendran, “Efficient Authentication for Mobile and Pervasive Computing,” IEEE Transactions on Mobile Computing, Vol. 13, Issue No. 03, March 2014, pp: 469-481.