Elektronika 2009-11.pdf - Instytut SystemÃ³w Elektronicznych

More documents

Recommendations

Info

The client may be interested on authenticity verification of received geodata. Server communicates simultaneously with many clients, and each client generates many requests during his session. In such situation standard methods of securing data authenticity are not suitable, digital signing of each response wouldnt be effective. The proposal of efficient data authentication method relevant to the described Web GIS architecture is presented in the next section. Data authentication schema The most of communication in described model is confined to receiving by client geodata or ready map fragments from server (e.g. by WMS GetMap call), how it was mentioned above. Presented scheme should enable authenticity verification of geodata received from server. Whole communication process between client and server, which is referred to as a session, consists of geodeta transmission stage, authenticity proofs publication stage and received geodata authenticity. We assume that during one session client may ask for and receive geodata many times, but authenticity verification is done once at the end of the session. Process of proofs publication is done in fixe time intervals, independently of running sessions. Server serves simultaneously many session, potentially with different clients. Downloading geodata from server Course of i-th session between client C and server M is presented in Fig. 2. For our schema we introduces following symbols: C - client, M - map server, sid i - identifier of i-th session, q i,j - j-th question during i-th session, α i,j - j-th geodata answer during i-th session, st i - time of i-th session begining, et i - time of i-th session ending, ct i - time of i-th session authenticity proof publication, p i - authenticity proof. The session is started by a client, which sends to server StartSession call. As an answer server sends back StartSessionAcknowledgment with new session identifier sid i and time of session beginning st i . Then client begins sending Request calls to the server (appropriate for particular server type geodata request e.g. WMS GetMap). Single Request contains of right question q i,j and current session indetifier sid i . Server sends back Response for each Request. Single Response contains demanded geodata α i,j . The session is ended by a client. It sends to server End- Session with session identifier sid i . In answer server sends back EndSessionAcknowledgment, which contain among others session end time et i and time ct i of next authenticity proofs publication. In this publication will be present authenticity information for the session. Client sends GetSessionProof just after ct i moment of time (which was pointed by server in EndSessionAcknowledgment) and in response it receives SessionProof containing p i data necessary to verification of geodata transmitted in this session. Server proof publication The server serves simultaneously many session and many different clients. It publishes authenticity proofs in fixed time intervals. The time period between two following publishing points will be called a round. We introduce additional symbols: h - cryptographic hash function, h 2 - two-argument cryptographic hash function, h 3 - three argument cryptographic hash function, d i,j - in-round message digest for pair (q i,j , α i,j ), f i,k - k-th round-ending message digest for i-th session, f i,k - k-th round-ending message digest for i-th session, s k - round-ending signature, T k - Merkle hash tree for k-th round, P i,k - path from leaf to root of T k tree for i-th session. At the beginning of each session client and server initialize theirs local copies of first in-round message digest using session identifier: During the session for each (q i,j , α i,j ) request/response pair client and servers creates their local copies of digests: Optionally client may store in its local archives all pairs (q i,j , α i,j ) generated during the session and compute right digest in a moment of geodata authenticity verification. At the end of the round server checks which sessions were active during this time period. Then server creates Merkle hash tree [7], using as leafs last digest of each active in-round session. Cryptographic functions h and h 2 are used for tree creation. Creation of T k tree for k-th round runs as follows. At the beginning are created digest for first level nodes (leafs): (1) (2) Digest for second level nodes are computed on the bases of first level nodes values: This procedure is repeated for each next level (number of levels depends on number of first level nodes which equel sessions number). Proccess ends on the last level, which contains one and only node, accumulating all previous digest (tree root): (3) (4) Fig. 2. i-th session between client C and server M Rys. 2 . i-ta sesja pomiędzy klientem C a serwerem M (5) 46 ELEKTRONIKA 11/2009
Fig. 3. Example run of three rounds of i sessions Rys. 3. Przykładowy przebieg trzech rund z i sesjami Root is signed by server private key and published: (6) There is example run of three rounds of i sessions presented in Fig. 3. Geodata authenticity verification We introduces additional symbol: C i,k - complete to path P i,k (set of nodes necessary for reconstructing path on the base of d i,last ). After sending EndSession request client receives from server information about closing time of current round (time ct i ). At this pointed moment client sends to server request Get- SessionProof and gets back information p i necessarry for authenticity verification of all pairss (q i,j , α i,j ) transmited during finished session: (7) Client reconstructs path from leaf (local copy of f i,k ) to root of T k tree for i-th session using received complement C i,k . Reconstructed f’ k root is verified with digital signature: (8) Example process of path reconstruction is shown in Fig. 4. Client wants to verify authenticity of data transmitted during his 3-th session. It received form server complement C 3,1 = Fig. 4. Example of P 4,1 path reconstruction Rys. 4. Przykład rekonstrukcji ścieżki P 4,1 {f 4,1 , f 1:2,1 , f i-3:1,1 }. Client reconstructs f’ 3:4,1 digest from local copy of digest f’ 3,1 and received digest f 4,1 and continues this process till obtain root digest f’ 1:i,1 . Conclusions The authenticity is today a major problem when dealing with information transmitted through internet. It’s obvious not every received data can be trusted. Proposed schema could be successfully used to publish geodata in authenticated way and to create proof of their origin. Presented method is simple, safe, efficient and reliable. It could be easily adapted to into existing WB GIS architectures. Implementation of the method should be our next concern. Currently integration of this schema with Geoserver and OpenLayers solutions is considered. More examination must be made to verify methods weaknesses and strengths. References [1] Neumann A.: Web Mapping and Web Cartography. Encyclopedia of GIS, pp.1261-1273, Springer 2008. [2] Thuraisingham B., Khan L., Subbiah G., Alam A., Kantarcioglu M.: Privacy and Security Challenges in GIS. Encyclopedia of GIS, pp. 898-902, Springer 2008. [3] Ae Chun S., Alturi V., Geospatial Security Models. Encyclopedia of GIS, pp. 1028-1035, Springer 2008. [4] http://www.opengeospatial.org/standards/sld, Open GIS Consortium Inc., Styled Layer Descriptor profile of the Web Map Service Implementation Specification. OpenGIS® Implementation Specification, Final version, v. 1.1.0, June 2007, Accessed 20 April 2009. [5] http://www.opengeospatial.org/standards/wfs, Open GIS Consortium Inc., Web Feature Service Implementation Specification. OpenGIS® Implementation Specification, Recommendation Paper, v. 1.1.0, May 2005, Accessed 20 April 2009. [6] http://www.opengeospatial.org/standards/wms,Open GIS Consortium Inc., OGC Web Map Service Interface. OpenGIS® Implementation Specification, Recommendation Paper, v. 1.3.0, January 2004, Accessed 20 April 2009. [7] Merkle R. C.: A certified digital signature. In CRYPTO ’89: Proceedings on Advances in cryptology, pp.218-238, Springer-Verlag New York, Inc. 1989. ELEKTRONIKA 11/2009 47
Page 5 and 6: konstrukcje technologie zastosowani
Page 7 and 8: Streszczenia artykułów • Summar
Page 13 and 14: Medical pattern intelligent recogni
Page 15 and 16: Fig. 2. Start graph Z and the set o
Page 17 and 18: Both models are created of the basi
Page 19 and 20: • in some cases in the methods of
Page 21 and 22: 4. Random operators: three types of
Page 23 and 24: useful. In work [1] is stressed, th
Page 25 and 26: Tabl. 1. Fuzzy sets of the objects,
Page 27 and 28: In addition, one has to remember th
Page 29 and 30: The correction of digital images ob
Page 31 and 32: Tabl. 4. MD error before and after
Page 33 and 34: tionship then determines which indi
Page 35 and 36: this goal. A user’s public key au
Page 37 and 38: a) will be or could be broken, or b
Page 39 and 40: Ontology-based approach to scada sy
Page 41 and 42: erarchy of vulnerability classes wi
Page 43 and 44: and the set of tasks is divided int
Page 45 and 46: tasks: T 0 , T 4 , T 5 , T 6 and T
Page 47 and 48: According to presented function CSF
Page 49: The efficient data authentication i
Page 53 and 54: Fig. 2. Possible scenarios of data
Page 55 and 56: e necessary, in worst case - also s
Page 57 and 58: dicates the number of tasks at the
Page 59 and 60: • information on their state come
Page 61 and 62: • data regarding their identity (
Page 63 and 64: k = 1, 2, ..., m and m is the numbe
Page 65 and 66: more powerful statistical (algorith
Page 67 and 68: Signal to Noise Ratio (PSNR). We pr
Page 69 and 70: [23] W3C - Web Services Glossary -
Page 71 and 72: Associated with every N-point M-dim
Page 73 and 74: The SMS-B system architecture (Sour
Page 75 and 76: Technika próżni i technologie pr
Page 77 and 78: wniosku i w konsekwencji za rok 200
Page 79 and 80: Poniżej przedstawiono krótki kome
Page 81 and 82: Wspomnienie Edward Leja (1937-2009)
Page 83 and 84: Zastosowanie technik immunoenzymaty
Page 85 and 86: z pasty węglowej, zaś odniesienia
Page 87 and 88: [33] Biani A., Centi S. Tombrlli S.
Page 89 and 90: Problemem bowiem w pracach instytut
Page 91 and 92: 1985 - Zdzisław Dorywalski 1986 -
Page 93 and 94: Rys. 4. Uroczyste wręczanie świad
Page 95 and 96: Imię i Nazwisko Patenty Wzory uży
Page 97 and 98: zadań określonych przez użytkown
Page 99 and 100: Ocena sugerowanych w ankiecie metod
Page 101:
Zaprenumeruj wiedzę fachową 2010
Page 104 and 105:
Radary pasywne - nowa technika radi
Page 106 and 107:
c) stopniowo przesuwać jeden przeb
Page 108 and 109:
W przypadku wykorzystania nadajnika
Page 110 and 111:
kreślić to, że owale Cassiniego
Page 112 and 113:
Dla każdego kierunku odbieranej fa
Page 114 and 115:
chomych, które w ogólnym przypadk
Page 116 and 117:
Rys. 19. Fragment zobrazowania SS3
Page 118 and 119:
Zbigniew Czekała jest projektantem
Page 120 and 121:
• wytypowaniu statków zobowiąza
Page 122 and 123:
• używanie właściwego osprzęt
Page 124 and 125:
W jednomodowym szklanym włóknie t
Page 126 and 127:
Światłowody scyntylacyjne W środ
Page 128 and 129:
Parametry materiałowe szklanego w
Page 130 and 131:
126 ELEKTRONIKA 11/2009
Page 132 and 133:
Literatura [1] Yamane M., Asahara Y
Page 134 and 135:
Rys.1. Przebiegi testowe na wyprowa
Page 136 and 137:
nież pasmo emisji od około 500 MH
show all

Elektronika 2009-11.pdf - Instytut SystemÃ³w Elektronicznych

Create successful ePaper yourself

Delete template?

Save as template?