Since 1984, the Condor project has enabled ordinary users to do extraordinary computing. Today, the project continues to explore the social and technical problems of cooperative computing on scales ranging from the desktop to the world-wide computational grid. In this chapter, we provide the history and philosophy of the Condor project and describe how it has interacted with other projects and evolved along with the field of distributed computing. We outline the core components of the Condor system and describe how the technology of computing must correspond to social structures. Throughout, we reflect on the lessons of experience and chart the course traveled by research ideas as they grow into production systems.

This article presents a proposal for an authentication protocol for Radio Frequency Identification (RFID) smart tags. RFID tags are microchips attached to products to identify them contactless during production or in use via radio frequency. Cryptographic authentication is necessary to protect branded goods from forgery. Existing protocols do not include cryptographic authentication mechanisms. Therefore, a new approach for authentication is proposed in this paper. Because of the limited computing power, low die-size, and low-power requirements a two-way challenge-response authentication scheme is used. Packet and frame formats are presented to include the new approach to the existing protocol which is defined in the ISO/IEC 18000 standard. To verify this approach Java models in different abstraction levels were implemented. The hardware implementation was done in VHDL for an FPGA target device to get a fast prototype.

Conventional authentication systems especially in a ubiquitous environment do not consider interoperability among different organizations. Therefore, carrying multiple security cards is inevitable for incompatible authentications. In this paper we propose a flexible, scalable, interoperable and usable authentication system using a ZigBee-enabled tiny portable device. It is specialized for the ubiquitous computing environments. In our authentication system, public key infrastructure (PKI) is used for interoperability and scalability. The noble security mechanism using PKI is also proposed. By applying Single Sign-On concept into our authentication system, possible frequent authentic operations in ubiquitous environment can be reduced. Instead of using the conventional security card, we developed a new lowpower tiny terminal which has ability of encryption-related computation. Therefore, authentication operations over many different services are possible with our tiny terminal. We presented three reference application models that use our authentication system in order to show that our proposed system does not sacrifice usability for security.

One of the design principles of the Internet is that the network is made more flexible, and therefore useful, by placing functionality in end applications rather than in network infrastructure. Network gateways that violate this principle are considered harmful. This paper demonstrates that such upper-level gateways exist because of realm-specific performance, security, and protocol needs of certain portions of the Internet. Placing this functionality in end hosts is, conversely, harmful to the flexibility of using the Internet to link disparate networks. Requirements are developed for a protocol to allow end-hosts and gateways to negotiate the functionality of these gateways in terms of the needs of both end applications and network realms. 1 End-to-End Arguments In [28], arguments are made for placing functionality close to the applications that use that functionality. Because the end applications have the most information regarding the given ∗ This work was supported by the U.S. Dept.of Energy’s

this paper, I define a role as a life role: for example, doctor, student, scoutmaster, professor, member of a professional organization, etc. These roles may or may not map to specific email addresses. Within the context of email, role and identity are often conflated, particularly since people tie identities to roles that are in turn tied to an email address. No guarantees of transitivity exist for any combination of role, identity or email address, meaning that you cannot rely on an address to map to a particular role or identity or vice versa

no plaintext passwords

The management of an Internet service involves a variety of aspects, ranging from the economic to the technical and organizational. Cost reduction, management simplification and improvement of service quality are the fundamental targets of every Internet service project. In geographically widespread organizations where numerous servers are used in order to implement distributed network services, both costs and human labor for maintenance and management are greatly multiplied. We believe that security and maintenance problems, and thus costs, could be reduced by transferring from a distributed to a centralized service. However, this choice would undermine the flexibility needed by local administrators in order to be able to administer their own services. This paper describes a hybrid service management model (partly centralized, partly distributed) and outlines the results we obtained by applying this model to the e-mail service of our organization.

This paper describes a secure role based messaging system design based on the use of X.509 Attribute Certificates for holding user roles. Access to the messages is authorised by the PERMIS Privilege Management Infrastructure, a policy driven role based access control (RBAC) infrastructure, which allows the assignment of roles to be distributed between trusted issuing authorities, and allows a change of access control policy at runtime. Messages can be sent by roles and users, and can be sent to roles and users. Messages are secure in their exchange between senders and recipients. Details of the security and messaging design are presented.

RFID (Radio Frequency Identification) is a technology whose employment will certainly grow in the following years. It is therefore necessary to consider the security issues that come out from the implementation of that type of systems. In this paper we present an approach to solve the security problems in RFID systems by designing a naive security layer based on authentication and encryption algorithms. The authentication mechanism is the mutual authentication based on a three-way handshaking model, which authenticates both the reader and the tag in the communication protocol. The cipher algorithm based on a symmetric-key cryptosystem is RC4 implemented in a proposed modification to the existing WEP protocol to make it more secure in terms of message privacy. The proposed approach is implemented using VHDL in FPGAs communicated through RF transceivers. The results show that the security layer is simple enough to be implemented in a low-price RFID tag.