China
Africa
Explore chapters and articles related to this topic
Linking Factory Floor and the Internet
Published in Richard Zurawski, Industrial Communication Technology Handbook, 2017
A general difficulty of LDAP is that its original application idea does not exactly fit the purpose of fieldbus gateway access. The main application of LDAP is the access to data that are related to humans, for example, telephone numbers, employee data, or classical white pages services. The client support reflects this field of application, and although clients exist, they are not widely used and very different in their performance with respect to network load. A second point is that the access to white pages directories is typically read-only. Therefore, the powerful search command can provide a convenient means to retrieve fieldbus data [37]. Writing, on the other hand, is more difficult and likely becomes a bottleneck. Hence, LDAP is not so well suited for control tasks where intensive write access is required. Another problem is the lack of an asynchronous notification mechanism, so workarounds (like e-mails or the like) have to be used.
A novel machine learning approach for database exploitation detection and privilege control
Published in Journal of Information and Telecommunication, 2019
All the existing database security monitoring systems only perform post-activity reporting and monitoring, while the IT administrator covers the responsibility of overseeing the user account control and rectify problems whenever they are discovered. This challenge gets harder in proportion to the number of databases that they must oversee (Bertino & Sandhu, 2005). The databases do have their own security features for users and privileges against the schemas and objects, whereas central authentication systems can consolidate the security into a single point of control such as Lightweight Directory Access Protocol (LDAP) or Microsoft’s Active Directory are used (Lampson, 2004). Even when these security features are deployed, there is a tiny chance that they can be compromised as there are unconventional techniques such as security database exploits that have been documented to hack through or bypass them (Pritchett & De Smet, 2013), (Gaetjen, 2015). Databases such as PostgreSQL, Oracle, MySQL or Firebird have their own internal security systems which are difficult to manage individually by the IT administrators in the absence of central authentication or access control mechanisms (Bertino & Sandhu, 2005).
Data access control in data exchanging supporting big data arena
Published in Journal of Management Analytics, 2018
Haoyang Jia, Yimin Sheng, Weili Han, X. Sean Wang
Figure 3 only shows HIVE in storage layer for persistent data, and ignores the underlying Hadoop structure, because the lowest level of data manipulation in BDA occurs in HIVE. Kafka is used to store and supply streaming data. MySQL can provide effective access control itself, and is more suitable for storing relational data with low capacity; on the other hand, HIVE and Kafka support data in terabyte, or even petabyte scale. Therefore, metadata and access control policies are stored in MySQL, while the actual content of the data is stored in HIVE and Kafka (Duan & Xiong, 2015). The LDAP (Lightweight Directory Access Protocol) is responsible for assisting HIVE in managing its authorities (Wikipedia Contributors, 2018), while Kafka has its own authentication mechanism. This will be discussed later in detail in Section 3.4.
MAKA: Multi-Factor Authentication and Key Agreement Scheme for LoRa-Based Smart Grid Communication Services
Published in IETE Journal of Research, 2023
Prarthana J. Mehta, Balu L. Parne, Sankita J. Patel
A novel authentication protocol suggested by Tsai and Lo is claimed as an efficient scheme for the SG technology [3]. Their system generates both the secret identities of SMs and SPs using the identity-based encryption technique. Tsai-Lo's technique simplifies the distribution of the public keys to every service provider. Furthermore, their scheme achieves smart meter anonymity and mutual authentication between the SM and SP without involving the TA. However, under the widely-accepted CK-adversary paradigm, their solution is unable to achieve secrecy of the session key and credentials confidentiality of the smart meter. If an opponent obtains the session-specific temporary credentials through session exposure attacks, he or she succeeds to recover the related smart meter user credentials and spoofs that SM. Moreover, to offer secure sharing of the data between service providers and smart meter Kumar et al. [5] has suggested to use hybrid cryptography techniques. Their scheme provides bidirectional authentication. However, the scheme is susceptible to forgery attacks. A novel key sharing scheme for the SG technology is proposed by Xia and Wang [9]. In this scheme, a trusted third party uses “Lightweight Directory Access Protocol (LDAP)” for the distribution of the keys. The computation cost is optimal compared to the previous proposed approaches. Further, it is noted that the unknown key-sharing and impersonation attacks are possible in their solution [16]. Furthermore, their system is not able to protect anonymity of the SMs and perfect forward secrecy of SMs and SPs is not achieved. In addition, Wang and Barreto have introduced multiple identity-based authentication systems [17,18]. These protocols succeed to carry out the mutual authentication and secure sharing of a session key. However, these techniques are not suitable for SG technology due to the resources-constraint devices involved in it. Moreover, their scheme failed to assure the smart meter anonymity.