Trusted third party

About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.

Trustworthiness in distributed electronic healthcare records - basis for shared care

Abstract: Shared care is the common answer to the challenge for improving health system quality and efficiency. This development must be accompanied by implementing shared care information systems moving to extended electronic healthcare record systems which are distributed and have to be interoperable too. Comprehensive communication and co-operation between healthcare establishments is increasingly using the open Internet. Regarding the sensitivity of personal medical data due to legal, ethical, social and psychological implications, such communication and co-operation must be provided in a trustworthy way. The HARP project, launched and funded by the European Commission, specified and offered a solution for distributed, component-based, trustworthy applications based on Internet technology. Specifying and implementing enhanced trusted third party (ETTP) services, the HARP solutions concern secure authentication as well as authorisation of principals. By associating role profiles and security attributes to standard Web-based interactions, HARP provides an initial degree of 'automation' in building certified secure medical Internet-based applications deploying established paradigms such as object orientation, component architecture, Secure Socket Layer (SSL) protocol, and XML standard. The solution has been demonstrated and evaluated in a clinical study environment.

Transversality and the role of the library as fair witness

Abstract: Scholarship conducted in an increasingly online environment requires the services of a trusted third party in order to ensure that scholarly communication remains reliably accessible and applicable over the longer term. The library, by virtue of its most fundamental values and attributes, is probably better suited at this time than other information intermediaries to assume such a role. In order to understand the nature and responsibility of the trusted third party, or fair witness, it is essential to consider the key concept of transversality (especially as it is defined by the German philosopher Wolfgang Welsch) as it relates to information services. Assuming the role of trusted third party will also require that the academic library be prepared to undertake some fundamental changes in currently prevalent directions and values that will affect its relationship to other information intermediaries and, potentially, also to its parent institution.

Formal Analysis of ISO/IEC 9798-2 Authentication Standard Using AVISPA

Abstract: Use of formal methods is considered as a useful and efficient technique for the validation of security properties of the protocols. In this paper, we analyze the protocols of ISO/IEC 9798-2 entity authentication standard using a state-of-the-art tool for automated analysis named AVISPA. Our analysis of the standard using AVISPA's OFMC and CL-AtSe back-ends shows that the two party protocols are secure against the specified security properties while the back-ends are able to find attacks against unilateral and mutual authentication protocols involving a trusted third party.

An Anonymous and Efficient Multiserver Authenticated Key Agreement With Offline Registration Centre

Abstract: Multiserver authentication (MSA) architecture permits its registered users to get the services of various service providers without performing separate registrations with each server. Since, a single registration from registration authority, a trusted third party, is sufficient to get mutually authenticated with service providers, onwards. In this paper, we have emphasized only on the MSA-based schemes that do not require online registration authority for mutual authentication. While, considering those MSA schemes, to date, there is no secure and efficient MSA protocol in our observation that is free of all four limitations at the same time, such as 1) free of the hassle of storage of server-based parameters in users’ smart card by registration authority, 2) free of the transmission of user-based identities to all servers in a network, 3) free of a single secret key distribution to all servers as assumed in a trusted system, and 4) free from employing costly bilinear pairing operations. In view of those shortcomings, we present an anonymous MSA protocol that nearly counters all those problems using elliptic curve cryptography and escaping costly pairing operations. Our scheme also demonstrates the scheme's robustness using formal security analysis employing random oracle model and automated tool analysis.

A Privacy-Preserving Asynchronous Averaging Algorithm based on Shamir’s Secret Sharing

Abstract: Average consensus is widely used in information fusion, and it requires information exchange between a set of nodes to achieve an agreement. Unfortunately, the information exchange may disclose the individual’s private information, and this raises serious concerns for individual privacy in some applications. Hence, a privacy-preserving asynchronous averaging algorithm is proposed in this paper to maintain the privacy of each individual using Shamir’s secret sharing scheme, as known from secure multiparty computation. The proposed algorithm is based on a lightweight cryptographic technique. It gives identical accuracy solution as the non-privacy concerned algorithm and achieves perfect security in clique-based networks without the use of a trusted third party. In each iteration of the algorithm, each individual’s privacy in the selected clique is protected under a passive attack where the adversary controls some of the nodes. Finally, it also achieves robustness of up to one third transmission error.