An authentication and auditing architecture for enhancing security on egovernment services

Flores, Denys A.

doi:10.1109/icedeg.2014.6819952

Cited by 3 publications

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As stated in IEEE document entitled 'An Authentication and Auditing Architecture for Enhancing Security on eGovernment Services', "…the lack of security at the backend level hinders every effort to find evidence and investigate events related to credential misuse and data tampering". Control measures are wrongly applied at application level, and should be applied at database level instead [7]. It is unlikely that organisations will openly declare that they do not store authentication data to best practise, as doing so poses a grave threat to their user accounts, customer data and system security, not to mention their reputation.…”

Section: Introductionmentioning

confidence: 99%

An Evaluation of Secure Storage of Authentication Data

Blue¹,

Furey²,

Curran³

2017

IJISR

View full text Add to dashboard Cite

The issue of secure password storage is of major industry concern, as all databases are at risk of breach, potentially leaving all associated user accounts vulnerable. Key industry documents such as 'IEEE Standard Specifications for Password-Based Public-Key Cryptographic Techniques' and 'RFC 2898: Password-Based Cryptography Specification' outline best practice mechanisms for secure storage of authentication credentials. We examine here authentication and secure storage of authentication data, inclusive of common industry implementation and best practice standards and regulation. The broader topic of authentication is examined to assess 'state-of-the-art' technologies that are currently available. The technologies researched included biometrics, multifactor authentication and smart cards and we show that despite the advancements these technologies have contributed to the area of authentication, it is unrealistic to expect their common implementation soon.

show abstract

Section: Introductionmentioning

confidence: 99%

An Evaluation of Secure Storage of Authentication Data

Blue¹,

Furey²,

Curran³

2017

IJISR

View full text Add to dashboard Cite

show abstract

Decentralised and Collaborative Auditing of Workflows

Nehme

Jesus

Mahbub

et al. 2019

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity at generation and storage phases, as well as its availability. Collusion with an audit authority is a threat that can affect all these security aspects, and there is room for improvement in existent approaches that target this problem. This work presents an approach for workflow auditing which targets security challenges of collusion-related threats, covers different trust and confidentiality requirements, and offers flexible levels of scrutiny for reported events. It relies on participants verifying each other's reported audit data, and introduces a secure mechanism to share encrypted audit trails with participants while protecting their confidentiality. We discuss the adequacy of our audit approach to produce reliable evidence despite possible collusion to destroy, tamper with, or hide evidence.

show abstract

Breaking Through Opacity: A Context-Aware Data-Driven Conceptual Design for a Predictive Anti Money Laundering System

Hamid

2017

2017 9th IEEE-GCC Conference and Exhibition (GCCCE)

View full text Add to dashboard Cite

An authentication and auditing architecture for enhancing security on egovernment services

Cited by 3 publications

References 11 publications

An Evaluation of Secure Storage of Authentication Data

An Evaluation of Secure Storage of Authentication Data

Decentralised and Collaborative Auditing of Workflows

Breaking Through Opacity: A Context-Aware Data-Driven Conceptual Design for a Predictive Anti Money Laundering System

Contact Info

Product

Resources

About