Beruflich Dokumente
Kultur Dokumente
SUBMITTED TO
DR. GABRIEL AROME
OF
THE DEPARTMENT OF COMPUTER SCIENCE, SCHOOL OF
SCIENCES,
FEDERAL UNIVERSITY OF TECHNOLOGY AKURE, ONDO
STATE NIGERIA.
IN PARTIAL FULFILLMENT FOR THE AWARD OF
BACHELOR OF TECHNOLOGY (B. TECH) IN COMPUTER
SCIENCE
April, 2016.
CHAPTER ONE
INTRODUCTION
form which ensures the integrity of the information during communication. (Mohammad et. al.
2014).
In the last three decades, public key cryptography has become an indispensable component of
our global communication digital infrastructure. These networks support a plethora of
applications that are important to our economy, our security, and our way of life, such as mobile
phones, internet commerce, social networks, and cloud computing. In such a connected world,
the ability of individuals, businesses and governments to communicate securely is of the utmost
importance.
Many of our most crucial communication protocols rely principally on three core cryptographic
functionalities: public key encryption, digital signatures, and key exchange. Currently, these
functionalities are primarily implemented using Diffie-Hellman key exchange, the RSA
cryptosystem, and elliptic curve cryptosystems. The security of these depends on the difficulty of
certain number theoretic problems such as Integer Factorization or the Discrete Log Problem
over various groups.
In 1994, Peter Shor of Bell Laboratories showed that quantum computers, can efficiently solve
each of these problems, thereby rendering all public key cryptosystems based on such
assumptions impotent. Thus a sufficiently powerful quantum computer will put many forms of
modern communication from key exchange to encryption to digital authentication in peril.
Thus the goal of post-quantum cryptography (also called quantum-resistant cryptography) is to
develop cryptographic frameworks that are secure against both quantum and classical computers,
and can interoperate with existing communications protocols and networks.
Access control deals with the elicitation, specification, maintenance and enforcement of
authorization policies in software-based systems (Sandhu and Samarati 1994). In order to allow
an enforce of authorization policies, the high-level control objectives specified for a system need
to be mapped to the structures provided by an access control model. An access control model
provides an abstract framework for the definition of authorization policy rules. It also defines
how essential access control elements (like subjects, operations, objects) could be interrelated.
Attribute, Location and Time-Based Access Control (ABLTAC) is used by many enterprise
systems to protect their information resources from unauthorized access. ABLTAC policies are
declined in terms of permission that are associated with attributes assigned to users. A permission
determines what operations a user with a specific attribute can perform on information resources.
Attributes define, classify, or annotate the datum to which they are assigned. The semantics of an
attribute indicate some purpose or characteristic and, when used within larger collections, enable
efficient identification and classification of like objects. These attributes are then used to
associate sets of permissions and tasks to the specified individuals. In an attribute based
information security system, data flow from one person or department to another are dependent
on the attribute possessed by a certain set of people which can have access to them.
1.2 MOTIVATION
The rapid evolution of computers and microprocessor chips with higher computational powers
has led to the creation of quantum computers that are specially designed for effective information
processing and communication network which in turn has increased security (confidentiality,
integrity, availability, authenticity, accountability, non-repudiation and reliability) concerns for
experts in the industry in recent years. The arising issues were not far-fetched since Classical
3
computer security systems are based on Public Key Cryptographic schemes such as RSA, DES
and Elliptic Curve Cryptography (ECC), whose security solely depends on the difficulty of
solving Discrete Logarithm Problems (DLP) and Integer Factorization Problems (IFP) (Gabriel,
Alese, et. al., 2014) the advent of quantum computers in large quantities will make it easy to
solve these mathematically hard problems, thus creating serious damages to existing information
security frameworks. This project therefore attempts to develop a code based Post-Quantum
Cryptography access control framework to ensure data integrity and information security.
Information Security.
ii.
Implement the framework in (a).
iii.
Evaluate the performance of the proposed system using selected standard metrics.
subject of discuss would be done, this review would examine the aim and objectives,
functions, methodology and limitations of existing cryptography based access control
systems earlier developed.
ii.
SYSTEM DESIGN: This would clearly describe the design of various system
subunits and their operations, software design tools such as Unified Modelling Language
4
(UML) would be used to design various system class models, other design tools which
include: Use Case Diagrams, Sequence Diagrams, Activity and State Charts would also
be used during the design process to explain various system operations and the
interactions between the system components. The overall architecture of the proposed
system is a three tired architecture where the first layer is the Application layer which
serves as the primary interface between the system and the client, instructions from the
Application Layer are authenticated in the middle tire i.e. the Access Control Layer of the
system, this layer contains an access control engine which uses a post quantum
cryptography algorithm for information encryption and an access role map which is used
to authenticate each unique user of the system, the last layer of the system is the Resource
Layer which is the information repository of the system.
iii.
SYSTEM DEVELOPMENT AND IMPLEMENTATION: This follows the
system design phase of this project, during this phase, the component modules of the
system created during the design phase would be developed and integrated to make the
entire system, the development of the modules would be in phases which include:
a. USER INTERFACE/ FRONT END DEVELOPMENT: This
involves the development of a user friendly interface for easy interaction with
system by its users. The user interface would be responsive i.e. it would be device
independent and all user type devices would be able to see the same information.
HTML5 and CSS3 seasoned with JavaScript and some JQuery libraries would be
employed to achieve this aim.
b. BACKEND DEVELOPMENT: This involves the development of
the web services that would be used in the system, some of the web services that
would be used include, the Google Geolocation API which would be used for
location authentication, access control / user creation module would be created
5
system, unit testing of individual modules that makes up the system would be done to
ensure the efficiency of systems components after which the entire system would be
evaluated against other classical cryptosystems using selected standard metrics.
v. SYSTEM DEPLOYMENT: The design will be deployed on a computer system
with minimum microprocessor of core i3 with bus speed of at least 1.6Ghz, with
Windows 10 Operating System software installed on it. The minimum required RAM size
of the PC is 2GB RAM.
1.5 CONTRIBUTION TO KNOWLEDGE
6
After full Implementation of this project, a post quantum cryptography based access control
system would be developed to provide solutions to security concerns attributed to information
security.
CHAPTER TWO
LITERATURE REVIEW
ACCESS CONTROL: Ensuring that users access only those resources and
services that they are entitled to access and that qualified users are not denied access to
services that they legitimately expect to receive.
ii.
AUTHENTICATION: Ensuring that users are the persons they claim to be.
Gabriel (Gabriel et al., 2014,2015), Stallings (Stallings, 2005), in their attempt to define
security, defines authentication as a service which provides a system the capability to
verify that a user is the very one he or she claims to be, some of the common means used
to assure authentication includes users username, password, retinal images, physical
location and identity cards.
iii.
a.
b.
Authentication
Authorization
a way that is not detectable by authorized users. This service, through encryption and
hashing algorithms, ensures the integrity of information in a system.
v.
AVAILABILITY: Ensuring that a system is operational and functional at a given
moment, usually provided through redundancy; loss of availability is often referred to as
"denial-of-service". It applies both to data and to services in an information system.
vi.
NONREPUDIATION: Ensuring that the originators of messages cannot deny
that they in fact sent the messages. In practice, there is possibility that the sender of a
message may deny the ownership of the exchanged digital data that originated from him
or her. This service, through digital signature and encryption algorithms, ensures that
digital data may not be repudiated by providing proof of origin that is difficult to deny. A
digital signature is a cryptography mechanism that is the electronic equivalent of a written
signature to authenticate a piece of data as to the identity of the sender.
Over the years there have been dynamism in Information Security. The revolution has come both
in the mode of commission and countermeasures. In this present age, State of security can be
guaranteed if the following forms of protection mechanisms are put in place.
i. DETERRENCE: Reduces the threat to information assets through fear. Can
consist of communication strategies designed to impress potential attackers of the
likelihood of getting caught.
ii. PREVENTION: The traditional core of computer security. Consists of
implementing safeguards like the tools covered in this book. Absolute prevention is
theoretical, since there's a vanishing point where additional preventative measures are no
longer cost-effective.
iii. DETECTION: Works best in conjunction with preventative measures. When
prevention fails, detection should kick in, preferably while there's still time to prevent
damage. Includes log-keeping and auditing activities.
2.3
ACCESS CONTROL
Access control is concerned with determining the allowed activities of legitimate users,
mediating every attempt by a user to access a resource in the system. A given information
technology (IT) infrastructure can implement access control systems in many places and at
different levels. Operating systems use access control to protect files and directories, Database
management systems DBMS apply access control to regulate access to tables and views. Most
commercially available application systems implement access control, often independent of the
operating systems and/or DBMSs on which they are installed. The objectives of an access control
system are often described in terms of protecting system resources against inappropriate or
undesired user access. From a health management perspective, this objective could just as well
be described in terms of the optimal sharing of information resources about clients. After all, the
main objective of information system is to make information available to users and applications.
A greater degree of sharing may get in the way of resource protection; in reality, a well-managed
and effective access control system actually facilitates sharing.
2.3.1
10
i.
potentially implies access to the information it contains. Examples of objects are records,
fields (in a database record), blocks, pages, segments, files, directories, directory trees,
process, and programs, as well as processors, video displays, keyboards, clocks, printers,
and network nodes.
ii.
automatic teller machine (ATM) user enters a card and correct personal identification
number (PIN), the control program operation on the users behalf is a process, but the
subject can initiate more than one operation-deposit, withdrawal, balance inquiry, etc.
iv.
on the system. In most computer security literature, the term permission refers to some
combination of object and operation. A particular operation used on two different objects
represents two distinct permissions, and similarly, two different operations applied to a
single object represent two distinct permissions. For example, a bank teller may have
permissions to execute debit and credit operations on customer records through
transactions, while an accountant may execute debit and credit operations on the general
ledger, which consolidates the banks accounting data.
v.
specifies all the subjects that can access the object, along with their rights to the object.
Each entry in the list is a pair (subject, set of rights). An ACL corresponds to a column of
11
the access control matrix (described next). ACLs are frequently implemented directly or
as an approximation in modern operating systems.
vi.
each column represents an object, and each entry is the set of access rights for that
subject to that object.
vii.
enough privileges to misuse the system. For example, the person authorizing a paycheck
should not also be the one who can prepare it. Separation of duties can be enforced either
statically by defining conflicting roles (i.e., roles which cannot be executed by the same
user) or dynamically by enforcing the control at access time.
viii.
SAFETY: Measures that the access control configuration (e.g., access control
2.3.2
When planning an access control system, three abstractions of controls should be considered:
access control policies, models, and mechanisms. Access control policies are high-level
requirements that specify how access is managed and who, under what circumstances, may
access what information. While access control policies can be application-specific and thus taken
into consideration by the application vendor, policies are just as likely to pertain to user actions
within the context of an organizational unit or across organizational boundaries. For instance,
policies may pertain to resource usage within or across organizational units or may be based on
12
There are several well-known access control policies, which can be categorized as discretionary
or non-discretionary. Typically, discretionary access control policies are associated with identitybased access control, and non-discretionary access controls are associated with rule-based
controls (for example, mandatory security policy).
13
received it.
iii.
the object, rather than through a system-wide policy that reflects the
organizations security requirements.
2.3.3.2 NON-DISCRETIONARY ACCESS CONTROL
14
In general, all access control policies other than DAC are grouped in the category of NonDiscretionary Access Control (NDAC). As the name implies, policies in this category have
rules that are not established at the discretion of the user. Non-discretionary policies establish
controls that cannot be changed by users, but only through administrative action.
SEPARATION OF DUTY (SOD) policy can be used to enforce constraints on the assignment
of users to roles or tasks. An example of such a static constraint is the requirement that two roles
be mutually exclusive; if one role requests expenditures and another approves them, the
organization may prohibit the same user from being assigned to both roles. So, membership in
one role may prevent the user from being a member of one or more other roles, depending on the
SOD rules, such as Workflow and Role-Based Access Control. Another example is a historybased SOD policy that regulates, for example, whether the same subject (role) can access the
same object a certain number of times.
15
note that an employees role in the organization can serve as one attribute that can be (and often
is) used in making an access control decision.
A typical ABAC scenario involves a requester who attempts to access a system either directly or
through an intermediary. The requester will have to directly or indirectly provide a set of
attributes that will be used to determine whether the access will be allowed. Once the requester
provides these attributes, they are checked against the permissible attributes and a decision will
be made depending on the rules for access. A key advantage to the ABAC model is that there is
no need for the requester to be known in advance to the system or resource to which access is
sought. As long as the attributes that the requester supplies meet the criteria for gaining entry,
access will be granted. Thus, ABAC is particularly useful for situations in which organizations or
resource owners want unanticipated users to be able to gain access as long as they have attributes
that meet certain criteria. This ability to determine access without the need for a predefined list of
individuals that are approved for access is critical in large enterprises where the people may join
or leave the organization arbitrarily.
For relatively simple implementations, large databases or other infrastructure are not necessary
and the application logic for allowing access based on attributes is all that is required. In more
complicated environments, however, the need for databases becomes critical, particularly if some
of the attributes that go into making a decision include organizational or personal information.
For example, if a persons role in the organization were used as one of the attributes that
determines access, a database and directory services infrastructure become indispensable.
the issue of network security is becoming increasingly demanding as far as size and
implementation of new information technologies is concerned (Anderson, 2001; Manchala,
2000). A good network security must be able to address the issue of availability, confidentiality,
integrity accuracy, efficiency and usability. This means that a good security measure that will be
on a record management system must be able to work real time. Several attempts have been
made to provide security using a software agent systems approach. In these systems, the main
focus was on providing a solution for specific security issues, such as authentication and
authorization. (Alowolodu, 2009) ascertained the essence of network security and used Genetic
Algorithm (GA) to differentiate between a normal network connection and an attack. The GA
which is a programming technique that mimics biological evolution as a problem-solving
strategy was used and a result of almost 95% success was achieved. One of the problems of GA
was how to find a representation of the problem at hand since there are various ways by which
the given problem could be represented or encoded. (Balding, 2008) also developed a framework
using multi-agent systems for Internet security. The proposed system architecture of this
approach composed of three different agent types classified on their functionalities. The first type
is responsible for intrusion detection; the second type is responsible for encryption and
decryption of messages, while the third type can act as the combination of the previous two
types. Although this approach has provided useful security system, it does not address some
other important issues such as authentication, authorization, digital signature, and verification
security services. (Lalana, 2002) have proposed an approach to solve some of the security
problems in multi-agent systems, which utilizes delegation based trust management. However,
the main focus of his approach was on authentication and authorization.
17
Ron Rivest, Adi Shamir and Leonard Adleman of the Massachusetts Institute of Technology in
1977 developed a public key cryptography called RSA. This algorithm uses two different but
mathematically linked keys, one public and one private. The public key can be shared with
everyone, whereas the private key must be kept secret. In RSA cryptography, both the public and
the private keys can encrypt a message; the opposite key from the one used to encrypt a message
is used to decrypt it. This attribute is one reason why RSA has become the most widely used
asymmetric algorithm: It provides a method of assuring the confidentiality, integrity, authenticity
and non-reputability of electronic communications and data storage.
Many protocols like SSH, OpenPGP, S/MIME, and SSL/TLS rely on RSA for encryption and
digital signature functions. It is also used in software programs -- browsers are an obvious
example, which need to establish a secure connection over an insecure network like the Internet
or validate a digital signature. RSA signature verification is one of the most commonly
performed operations in IT. The security of RSA relies on the computational difficulty of
factoring large integers. As computing power increases and more efficient factoring algorithms
are discovered, the ability to factor larger and larger numbers also increases. Encryption strength
is directly tied to key size, and doubling key length delivers an exponential increase in strength,
although it does impair performance. RSA keys are typically 1024- or 2048-bits long, but experts
believe that 1024-bit keys could be broken in the near future, which is why government and
industry are moving to a minimum key length of 2048-bits. A team of researchers which included
Adi Shamir, a co-inventor of RSA, has successfully determined a 4096-bit RSA key using
acoustic cryptanalysis. Amandeep Kaur (Amandeep et.al, 2013) looks into efficient data storage
security algorithm in a cloud environment using RSA Algorithm, he and his research colleagues
looks into the effectiveness of using RSA algorithm to ensure data integrity and information
18
19
information means using expensive physical shields to prevent attackers from seeing the
informationfor example, hiding USB sticks inside a locked briefcase chained to a trusted
couriers wrist.
A closer look reveals, however, that there is no justification for the leap from quantum
computers destroy RSA and DSA and ECDSA to quantum computers destroy cryptography.
There are now many important classes of cryptographic systems beyond RSA and DSA and
ECDSA that can defeat the treat posed by Quantum systems, they include:
i.
Lattice-based cryptography. The example that has perhaps attracted the most
algorithm, Grovers algorithm, does have some applications to these systems; but Grovers
algorithm is not as shockingly fast as Shors algorithm, and cryptographers can easily
compensate for it by choosing somewhat larger key sizes.
2.4.1 THE CODE-BASED PUBLIC-KEY ENCRYPTION SYSTEM
Assume that b is a power of 2. Write n = 4b lg b; d = lg n; and t = 0.5n/d.
For example, if b = 128, then n = 3584; d = 12; and t = 149.
The receivers public key in this system is a dt n matrix K with coefficients in F2. Messages
suitable for encryption are n-bit strings of weight t, i.e., n-bit strings having exactly t bits set to
1. To encrypt a message m, the sender simply multiplies K by m, producing a dt-bit ciphertext
Km.
The basic problem for the attacker is to syndrome-decode K, i.e., to undo the multiplication by
K, knowing that the input had weight t. It is easy, by linear algebra, to work backwards from Km
to some n-bit vector v such that Kv = Km; however, there are a huge number of choices for v,
and finding a weight-t choice seems to be extremely difficult. The best known attacks on this
problem take time exponential in b for most matrices K. How, then, can the receiver solve the
same problem? The answer is that the receiver generates the public key K with a secret structure,
specifically a hidden Goppa code structure, that allows the receiver to decode in a reasonable
amount of time. It is conceivable that the attacker can detect the hidden Goppa code structure
in the public key, but no such attack is known.
Specifically, the receiver starts with distinct elements 1,2, . . . ,n of the
field F2d and a secret monic degree-t irreducible polynomial g F2d [x]. The
main work for the receiver is to syndrome-decode the dt n matrix where
each element of F2d is viewed as a column of d elements of F2 in a standard
21
2.5
INFORMATION SYSTEM
22
From the above, it is clear that the term is used to refer not only to the Information Technology
(IT) that an organization uses, but also to the way in which people interact with this technology
in support of business processes. Information systems are implemented within an organization
for the purpose of improving the efficiency and effectiveness of that organization. Capabilities of
the information system and characteristics of the organization, its work systems, its people, and
its development and implementation methodologies together determine the extent to which the
purpose is achieved (Silver et al. 1994).
Information systems serve all the systems of a business, linking the different components in such
a way that they effectively work towards the same purpose. The role of most information
systems was simple in the early years until 1960. They were mainly used for electronic data
processing (EDP) purposes such as transactions processing, record-keeping and accounting. EDP
is often defined as the use of computers in recording, classifying, manipulating, and summarizing
data.
2.5.1
Companies are able to highlight their strength and weaknesses due to the
24
produced by the analysis of sales and revenue reports from each operating region of
the company.
By the 1970s, these pre-defined management reports were not sufficient to meet many of the
decision-making needs of management. In order to satisfy such needs, the concept of decision
support systems (DSS) was born. The new role for information systems was to provide
managerial end users with ad hoc and interactive support of their decision-making processes.
analytical modelling capabilities of DSS, so the concept of executive information systems (EIS)
was developed.
2.5.1.4 EXPERT SYSTEMS (ES) serve as consultants to users by providing expert advice in
limited subject areas. It is a knowledge-based system that provide expert advice and act as expert
consultants to users. Examples are credit application advisor, process monitor, and diagnostic
maintenance systems.
2.6
An attribute is a named property of a class that describes a range of values that instances of the
property may hold. A class may have any number of attributes or no attribute at all. An attribute
represents some property of the thing you are modeling that is shared by all objects of that class.
For example, every wall has a height, width, and thickness; you might model your customers in
such a way that each has a name, address, phone number, and date of birth. An attribute is
therefore an abstraction of the kind of data or state an object of the class might encompass. At a
given moment, an object of a class will have specific values for every one of its class's attributes.
attributes
2.7
Information systems are generally categorized either based on the method used for implementing
access control or based on the entity which enforces access control. Using the former technique,
they can be broadly categorized as Identity-based, role-based and attribute-based access control
systems. Using the latter technique, they are categorized as discretionary access control (DAC)
and mandatory access control(MAC) systems.
The followings are the early technologies that are used by the early systems. The explanation
will include their advantages and limitations.
2.7.1
In Discretionary access control (DAC), the owner of the object specifies the access policy, listing
who is allowed to access the resources and their corresponding access rights. In DAC the creator
27
of the object is the owner by default and he can delegate his ownership rights to another principal
(Department of Defence, 1989). The DAC model can be implemented using ACL or capability
certificates. In the capability-based model, the capability certificates are created by the resource
owner. Although this system provides great exibility in defining access control policies, it also
makes it hard to verify the security policies of the overall system. This is primarily due to the fact
that resource owners control specifies security policies. Another problem is that DAC is that its
more prone to errors or misconfigurations in security policies and hence more susceptible to
exploits.
2.7.2
In Mandatory access control (MAC) the access control policies are defined by the system
administrator. It is implemented as a multi-level access control system often containing highly
sensitive data. It has several hierarchical classification levels and each resource and principal in
the system is classified as a member of one of those levels. The principal's classification specifies
his access level whereas the resource's classification specifies the minimum level of access a
principal would require to access that resource. Examples of MAC are the Bell-LaPadula
confidentiality model (Bell and LaPadula 1976 ) and the Biba integrity model (Biba, 1977).
MAC requires that certain functional components like the operating system and associated
utilities be `trusted' and placed outside the MAC model because they are required to access
resources at each access level. This makes it impossible to model a complete system using MAC
without assuming that certain components are completely trusted. In computer security, the
principle of least privilege requires that a principal should be able to access only resources which
are required for its legitimate purpose. Since the MAC model is based on a few distinct levels, it
does not provide fine grained control to satisfy this requirement completely. Separation of duty
28
(SoD) is another principle which requires that the same principals are not given the privilege to
execute transactions which are mutually exclusive from the security point of view, especially in
the context of avoiding fraud. SoD can either be static or dynamic. Static SoD can easily be
achieved by assigning principals privileges from only one group of mutually exclusive
transactions. In practice, such a system is very inefficient and a more common approach, called
dynamic SoD, is to assign principals privileges from multiple groups but restrict them to execute
transactions from only one group during system execution. Since MAC assigns fixed security
levels to principals, dynamic SoD cannot be achieved in MAC.
2.7.3
combinations of principals, the RBAC model results in a problem called `role explosion' where
the number of roles increases exponentially (Elliott and Knight, 2010) and ultimately becomes
unmanageable.
2.7.3.1 CONTEXT-AWARE
ROLE
BASED
ACCESS
CONTROL USING
USER
30
CHAPTER THREE
SYSTEM ANALYSIS AND DESIGN
3.1
INTRODUCTION
This chapter analyses the proposed system, expressing the detailed design of the proposed model
by using various software engineering design tools to present the system key modules, the
interactions between the modules as well as use case scenarios to determine the possible working
conditions of the system.
The design of the systems component is represented using the unified modelling language
(UML).
The Unified Modeling Language (UML) is a standard language for specifying, visualizing,
constructing, and documenting the software system and its components. The UML focuses on the
conceptual and physical representation of the system. It captures the decisions and
understandings about systems that must be constructed. It is used to understand, design,
configure, maintain, and control information about the systems. Being the international standard
notation for object-oriented analysis and design, the UML is ideal for this purpose.
3.2
security, secure multicast, collaborative online communities, and distributed file systems. The
fundamental importance of the secure exchange of information has resulted in a wide range of
solutions. Traditional access control mechanisms can be categorized into three groups:
mandatory access control (MAC) (Denning, 1976), discretionary access control (DAC)
(Lampson,1971, Sandhu and Samarati 1994), and role-based access control (RBAC) (Ferraiolo et
al.,2001, Sandhu et al.,1996). In MAC, an administrative mechanism enforces centralized access
control on every object. Systems implementing DAC require the owner of an object to dictate
policy. Under RBAC, a users role in an organization inherently dictates their ability to access
and manipulate data. Each role in an RBAC system is associated with a set of permissions
required to carry out that role, cryptographic algorithms such as RSA, Advanced Encryption
Standard (AES), DES and Elliptic Curve Cryptography (ECC) are used in the implementation of
various access controls system above classical systems which accounts for their flaws with the
advent of Quantum computing.
3.3
Although the existing systems, with the cryptographic schemes used to ensure information
security and access control are highly effective at controlling access to such systems under a
single administrative authority, but with the advent of quantum computing which introduces high
performance computing for information processing, the security schemes in use becomes
inadequate to ensure information security and access restrictions in systems which was due to the
reliability of classical systems cryptographic schemes on the difficulty of solving Discrete
Logarithm Problems (DLP) and Integer Factorization Problems (IFP) which is rather easy for
quantum systems to solve compared to classical computers.
32
3.4
Attribute based information security system is a system that has extremely large advantages for
providing data security in a distributed environment. Examples of such systems are the peer to
peer systems whereby individuals may publish documents that implicitly target those users who
are assigned the appropriate attributes. The attributes to be used define, classify, or annotate the
datum to which they are assigned. The semantics of an attribute indicate some purpose or
characteristic and, when used within larger collections, enable efficient identification and
classification of like objects. For example, individuals in enterprise systems are often segregated
into groups of common interest or duty based on a given set of attributes (Sandhu et al., 1996),
e.g., function, department, university level, rank/position etc. These attributes are then used to
associate sets of permissions and tasks to the specified individuals.
3.5
SYSTEM ARCHITECTURE
In Information systems, users try to access various resources they need from the system by
making appropriate request to the server. In attribute-based information systems, resources that
are available to each user are determined based on the authorization level indicated in the
attributes submitted by the user.
The system architecture of the proposed system i.e. the attribute, time and location based access
control system for an hospital management information system is a three-layered system
architecture. The architecture is composed of Application Layer (Front End), Access Control
Layer (Web Services + Security) and the Resource Layer (Backend). The Resource Layer is
implemented using the file system, as managed by the database manager. The Access Control
Layer is where the attribute provided by the system users are used in categorizing system users
33
and the resources to be made available to them are determined based on their access roles.
Finally, the Application layer covers the interfaces by which users relates with the system i.e. the
layer at which users operates. At this layer, the user supplies his unique attribute information
upon request, this request will be sent to the Access Control Layer where the access level of the
user is determined and relevant resource with respect to the identified access level and user query
are release by the resource layer of the system.
Figure : System architecture of the Attribute, Time, Location Based Access Control
System for Hospital Management Information System.
The Access Control Layer is made up of two cascading system modules which are:
34
i.
The Access Control Engine (Security System): The access control engine
is a dedicated service that performs rule-based access control for users' requests. It
contains three components, the Evaluator, the Interface and the Predicates API. The
core of the engine is the evaluator, which acts as a reasoning system to validate the
rule set for allowing access to the system. Another important component of the engine
is the predicates API, which implements all required user-specific predicates used in
our system. It is also responsible for collecting data, such as Current Server Time,
Server Load, Appointment Information, User Profile, etc., to instantiate the variables
in each predicate. The third component is the interface that sends request to and
receives response from the Application Layer and exposes the validation interface as
a Web service which can be invoked by access control proxies resided in applications.
The diagram below shows an annotated architecture of the Access Control Engine.
36
Web Services: This are functional modules that are responsible for
executing users requests based on the access control engine authentication for the
respective user.
The Application Layer: This is an interface layer where users can easily interact with the
system by passing in their respective request into the system while it output the respective result
of the system query to the respective user.
37
The Resource Layer / Database: A database is a storage location where organized information
is stored, it is reliable because information can easily be managed, accessed and updated and also
retrieved, it can also be referenced to for future purposes, this database serves as the
information/resource repository for the system, it stores information about the agents that is
allowed access into the system as well as various data that are stored inside it about each unique
system user and MySQL database was used for the design of the database.
3.6
UML DIAGRAMS
Unified Modeling Language (UML) is a modeling language that is used to visualize, specify,
construct and document the artifacts or architecture of a software system/framework. It provides
a set of notations to create a visual model of the system. Like any other language, UML has its
own syntax and semantics. UML is however, not a system design or development methodology,
but can be used to document object-oriented and analysis results obtained using some
methodology.
UML can be used to construct different types of system design diagrams i.e. Class, Objects,
Activity, Use Case diagrams etc. to capture various perspective views of the system such as the
user, behavioral, structural, implementation, and environment views of a system. The different
UML diagrams provide different perspectives of the software system to be developed and
facilitate a comprehensive understanding of the system. Such models can be refined to get the
actual implementation of the system.
3.6.1
38
The use case diagram shows the various functions of the stakeholders in the proposed system and
how the key stakeholders of the system interacts with each other. The use case diagram below
shows the functional modules of the proposed systems with stakeholders interaction with the
system.
CLASS DIAGRAM
A Class is a category or group of things that has similar attributes and common behavior. A
Rectangle is the icon that represents the class it is divided into three areas. The upper most area
contains the name, the middle; area contains the attributes and the lowest areas show the
operations. Class diagrams provides the representation that developers work from. Class
diagrams help on the analysis side, too.
39
3.6.3
SEQUENCE DIAGRAM
A Sequence Diagram is an interaction diagram that emphasis the time ordering of messages; a
collaboration diagram is an interaction diagram that emphasizes the structural organization of the
objects that send and receive messages. Sequence diagrams and collaboration diagrams are
isomorphic, meaning that you can take one and transform it into the other.
40
3.6.4
COLLABORATION DIAGRAM
41
3.6.5
The state diagram shows the states of an object and represents activities as arrows connecting the
states. The Activity Diagram highlights the activities. Each activity is represented by a rounded
rectangle-narrower and more oval-shaped than the state icon. An arrow represents the transition
42
from the one activity to the next. The activity diagram has a starting point represented by filledin circle, and an end point represented by bulls eye.
Engineering.
15. Kangsoo Jung and Seog Park (2013): Context-Aware Role Based Access Control
Using User
Vol. 5(3).
44