A Metric for Evaluating Security Models based on Implementation of Public Key Infrastructure

Full Text (PDF, 306KB), PP.27-35

Views: 0 Downloads: 0

Author(s)

Sigsbert Rwiza 1,* Mussa Kissaka 1 Kosmas Kapis 1

1. University of Dar es Salaam, College of Information and Communication Technologies, Department of Electronics and Telecommunications Engineering, Dar es Salaam, 255, Tanzania

* Corresponding author.

DOI: https://doi.org/10.5815/ijwmt.2020.06.04

Received: 19 Jul. 2020 / Revised: 24 Sep. 2020 / Accepted: 28 Oct. 2020 / Published: 8 Dec. 2020

Index Terms

Metric, Security Models, PKI, Implementation, Evaluating

Abstract

International security evaluation metrics are too general and not focused on evaluating security models implemented using Public Key Infrastructure (PKI). This study was conducted to develop the metric for evaluating security models based on implementation of PKI by using insights from literature. Literature review was done based on inclusion and exclusion criteria. The developed metric was tested using ranking attributes and ranking scales. The results reveal that the developed metric is applicable for evaluating security models based on implementation of PKI. This is verified by the tabular results indicating evaluation of selected security models based on implementation of PKI by using ranking attributes and ranking scales. This study contributes to the body of knowledge a metric for evaluating security models based on implementation of PKI. 

Cite This Paper

Sigsbert Rwiza, Mussa Kissaka, Kosmas Kapis, " A Metric for Evaluating Security Models based on Implementation of Public Key Infrastructure ", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.10, No.6, pp. 27-35, 2020. DOI: 10.5815/ijwmt.2020.06.04

Reference

[1]B. Hoh, M. Gruteser, and H. Xiong, “Enhancing Security and Privacy in Traffic-Monitoring Systems,” IEEE Pervasive Computing. November: 38-46, 2006.

[2]E. Abuyang, “Mobile Banking in Developing Countries : Secure Framework for Delivery of SMS-banking Services,” Int. Bus. J., vol. 3, no. August, pp. 12–23, 2007.

[3]M. Pendleton, R. Garcia-Lebron, J. H. Cho, and S. Xu, “A survey on systems security metrics,” ACM Comput. Surv., vol. 49, no. 4, 2016, doi: 10.1145/3005714.

[4]S. Rwiza, M. Kissaka, and K. Kapis, “A Methodology for Evaluating Security in MNO Financial Service Model,” in IST-Africa 2020 Conference Proceedings, 2020, pp. 1–10.

[5]A. Albarqi, E. Alzaid, F. Al Ghamdi, S. Asiri, and J. Kar, “Public Key Infrastructure: A Survey,” J. Inf. Secur., vol. 06, no. 01, pp. 31–37, 2015, doi: 10.4236/jis.2015.61004.

[6]A. Jancic and M. J. Warren, “PKI - Advantages and Obstacles.,” Aism, pp. 104–114, 2004.

[7]L. Harn and J. Ren, “Generalized digital certificate for user authentication and key establishment for secure communications,” IEEE Trans. Wirel. Commun., vol. 10, no. 7, pp. 2372–2379, 2011, doi: 10.1109/TWC.2011.042211.101913.

[8]P. Morrissey, N. P. Smart, and B. Warinschi, “The TLS handshake protocol: A modular analysis,” J. Cryptol., vol. 23, no. 2, pp. 187–223, 2010, doi: 10.1007/s00145-009-9052-3.

[9]J. L. Hernandez-Ardieta, “Enhancing the reliability of digital signatures as non-repudiation evidence under a holistic threat model,” no. February, pp. 1–380, 2011.

[10]M. Elkhodr, S. Shahrestani, and K. Kourouche, “A proposal to improve the security of mobile banking applications,” Int. Conf. ICT Knowl. Eng., no. November 2012, pp. 260–265, 2012, doi: 10.1109/ICTKE.2012.6408565.

[11]C. Cremers, M. Horvat, J. Hoyland, S. Scott, and T. Van Der Merwe, “A comprehensive symbolic analysis of TLS 1.3,” Proc. ACM Conf. Comput. Commun. Secur., pp. 1773–1788, 2017, doi: 10.1145/3133956.3134063.

[12]S. Kimbi and I. Zlotnikova, “A Secure Model for Remote Electronic Voting : A Case of Tanzania,” Int. J., vol. 3, no. 4, pp. 95–106, 2014.

[13]A. Kukec, S. Groš, and V. Glavinić, “Implementation of certificate based authentication in IKEv2 protocol,” Proc. Int. Conf. Inf. Technol. Interfaces, ITI, no. July 2007, pp. 697–702, 2007, doi: 10.1109/ITI.2007.4283856.

[14]B. Nyamtiga, A. Sam, and L. Laizer, “Enhanced Security Model for mobile Banking systems in Tanzania,” Intl. Jour. Tech. Enhanc. Emerg. Eng. Res., vol. 1, no. 4, pp. 4–20, 2013.

[15]R. K. A. Ahmed, “Overview of Security Metrics,” Softw. Eng., vol. 4, no. 4, pp. 59–64, 2016, doi: 10.11648/j.se.20160404.11.

[16]A. Satapathy and J. Livingston, “A Comprehensive Survey on SSL/ TLS and their Vulnerabilities,” Int. J. Comput. Appl., vol. 153, no. 5, pp. 31–38, 2016, doi: 10.5120/ijca2016912063.

[17]S. Misra, S. Goswami, C. Taneja, A. Mukherjee, and M. S. Obaidat, “A PKI adapted model for secure information dissemination in industrial control and automation 6LoWPANs,” IEEE Access, vol. 3, pp. 875–889, 2015, doi: 10.1109/ACCESS.2015.2445817.

[18]S. Rwiza, M. Kissaka, and K. Kapis, “A Methodology for Evaluating Security in MNO Financial Service Model,” in IST-Africa 2020 Conference Proceedings, 2020, pp. 1–10.

[19]A. Ju, A. Wang, M. Xia, and F. Zhang, “Metrics for Information Security Vulnerabilities,” J. Appl. Globable Res., vol. 1, no. 1, pp. 48–58, 2008.

[20]D. R. Thomas, A. R. Beresford, and A. Rice, “Security metrics for the android ecosystem,” SPSM 2015 - Proc. 5th Annu. ACM CCS Work. Secur. Priv. Smartphones Mob. Devices, co-located with CCS 2015, pp. 87–98, 2015, doi: 10.1145/2808117.2808118. 

[21]J. A. Wang, H. Wang, M. Guo, and M. Xia, “Security metrics for software systems,” Proc. 47th Annu. Southeast Reg. Conf. ACM-SE 47, 2009, doi: 10.1145/1566445.1566509.

[22]K. Petersen and N. Bin Ali, “Operationalizing the requirements selection process with study selection procedures from systematic literature reviews,” CEUR Workshop Proc., vol. 1342, pp. 102–113, 2015.

[23]H. Jo, S. Kim, and D. Won, “Advanced information security management evaluation system,” KSII Trans. Internet Inf. Syst., vol. 5, no. 6, pp. 1192–1213, 2011, doi: 10.3837/tiis.2011.06.006.

[24]J. Breier, “Security Evaluation Model based on the Score of Security Mechanisms,” ACM Slov14.