China
Africa
Explore chapters and articles related to this topic
Linking Factory Floor and the Internet
Published in Richard Zurawski, Industrial Communication Technology Handbook, 2017
The Lightweight Directory Access Protocol (LDAP) is the lightweight counterpart to X.500 directory services. It is oriented toward directories that are organized in a tree, the directory information tree (DIT). The DIT is a hierarchically structured organization of data items, the directory entries. Every entry consists of a collection of attributes. Every attribute has an attribute name, an attribute type, and a value associated with it. One special attribute that is mandatory for every tree entry determines the position of the entry in the tree—the distinguished name (DN), which is used as a unique address for the entry. It specifies the path by listing all parent entries up to the root entry. The directories contain mostly (but not necessarily) small pieces of data, which are mainly read and searched for. Writing of data is intended to occur only rarely, as well as changes in the tree structure.
A novel machine learning approach for database exploitation detection and privilege control
Published in Journal of Information and Telecommunication, 2019
All the existing database security monitoring systems only perform post-activity reporting and monitoring, while the IT administrator covers the responsibility of overseeing the user account control and rectify problems whenever they are discovered. This challenge gets harder in proportion to the number of databases that they must oversee (Bertino & Sandhu, 2005). The databases do have their own security features for users and privileges against the schemas and objects, whereas central authentication systems can consolidate the security into a single point of control such as Lightweight Directory Access Protocol (LDAP) or Microsoft’s Active Directory are used (Lampson, 2004). Even when these security features are deployed, there is a tiny chance that they can be compromised as there are unconventional techniques such as security database exploits that have been documented to hack through or bypass them (Pritchett & De Smet, 2013), (Gaetjen, 2015). Databases such as PostgreSQL, Oracle, MySQL or Firebird have their own internal security systems which are difficult to manage individually by the IT administrators in the absence of central authentication or access control mechanisms (Bertino & Sandhu, 2005).
Data access control in data exchanging supporting big data arena
Published in Journal of Management Analytics, 2018
Haoyang Jia, Yimin Sheng, Weili Han, X. Sean Wang
Figure 3 only shows HIVE in storage layer for persistent data, and ignores the underlying Hadoop structure, because the lowest level of data manipulation in BDA occurs in HIVE. Kafka is used to store and supply streaming data. MySQL can provide effective access control itself, and is more suitable for storing relational data with low capacity; on the other hand, HIVE and Kafka support data in terabyte, or even petabyte scale. Therefore, metadata and access control policies are stored in MySQL, while the actual content of the data is stored in HIVE and Kafka (Duan & Xiong, 2015). The LDAP (Lightweight Directory Access Protocol) is responsible for assisting HIVE in managing its authorities (Wikipedia Contributors, 2018), while Kafka has its own authentication mechanism. This will be discussed later in detail in Section 3.4.
MAKA: Multi-Factor Authentication and Key Agreement Scheme for LoRa-Based Smart Grid Communication Services
Published in IETE Journal of Research, 2023
Prarthana J. Mehta, Balu L. Parne, Sankita J. Patel
A novel authentication protocol suggested by Tsai and Lo is claimed as an efficient scheme for the SG technology [3]. Their system generates both the secret identities of SMs and SPs using the identity-based encryption technique. Tsai-Lo's technique simplifies the distribution of the public keys to every service provider. Furthermore, their scheme achieves smart meter anonymity and mutual authentication between the SM and SP without involving the TA. However, under the widely-accepted CK-adversary paradigm, their solution is unable to achieve secrecy of the session key and credentials confidentiality of the smart meter. If an opponent obtains the session-specific temporary credentials through session exposure attacks, he or she succeeds to recover the related smart meter user credentials and spoofs that SM. Moreover, to offer secure sharing of the data between service providers and smart meter Kumar et al. [5] has suggested to use hybrid cryptography techniques. Their scheme provides bidirectional authentication. However, the scheme is susceptible to forgery attacks. A novel key sharing scheme for the SG technology is proposed by Xia and Wang [9]. In this scheme, a trusted third party uses “Lightweight Directory Access Protocol (LDAP)” for the distribution of the keys. The computation cost is optimal compared to the previous proposed approaches. Further, it is noted that the unknown key-sharing and impersonation attacks are possible in their solution [16]. Furthermore, their system is not able to protect anonymity of the SMs and perfect forward secrecy of SMs and SPs is not achieved. In addition, Wang and Barreto have introduced multiple identity-based authentication systems [17,18]. These protocols succeed to carry out the mutual authentication and secure sharing of a session key. However, these techniques are not suitable for SG technology due to the resources-constraint devices involved in it. Moreover, their scheme failed to assure the smart meter anonymity.