• DocumentCode
    599366
  • Title

    A shared secret security broker implementation in a commercial context

  • Author

    Gao, T.Y. ; Kearney, Damien

  • Author_Institution
    Sch. of Comput. & Inf. Sci., Univ. of South Australia, Adelaide, SA, Australia
  • fYear
    2012
  • fDate
    10-12 Dec. 2012
  • Firstpage
    133
  • Lastpage
    138
  • Abstract
    Many organizations today require secure interactions both externally (with banks for example) and internally (to preserve internal/external organizational boundaries or for confidential information exchange). At present these organization rely on a model where the IT department is a trusted broker of passwords and credentials. There are a number of vulnerabilities in this approach especially the disgruntled IT employee who could leverage their system wide access to passwords for malicious purposes. The implementation of an option that overcomes these vulnerabilities is described in this paper. It uses a security broker based on shared secret technology to transfer the trust from the IT department to the business players who are parties to each type of transaction. It is argued that the business players are better placed to be trusted with these types of transactions. The paper describes the design of a process for developing integration between systems, presents a formal model that demonstrates security against a commonly agreed type of attack and gives details of its implementation in a real commercial context. The paper also outlines a plan to evaluate the real implementation through stakeholder surveys and a vulnerability attack assessment.
  • Keywords
    business data processing; cryptographic protocols; organisational aspects; private key cryptography; public key cryptography; IT department; confidential information exchange; credential broker; information technology; organizational boundary; password access; password broker; shared secret security broker; stakeholder survey; vulnerability attack assessment; Cryptography; Educational institutions; Libraries; Polynomials; TV; Commercial Implementation; Security Broker; Shamir´s Shared Secret Scheme;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Technology And Secured Transactions, 2012 International Conference for
  • Conference_Location
    London
  • Print_ISBN
    978-1-4673-5325-0
  • Type

    conf

  • Filename
    6470884