Академический Документы
Профессиональный Документы
Культура Документы
Faculty of Engineering, Science and Mathematics School of Electronics and Computer Science
Secure Semantic Web, Ontology Sharing By RAMAN PAL (rp5g09@ecs.soton.ac.uk) Completed on 18th January, 2011
A dissertation submitted in partial fulfilment of the degree of M.Sc. Web Technology By examination and dissertation
-1-
Abstract
This dissertation will present the developments in the field of Semantic Web and will talk about Secure Semantic Web. To satisfy the requirements of M.Sc. Dissertation, the author has also proposed an implementation model which will present the concept of Secured Sharing of Semantic Web Ontology. This model is devised for secured resource management for intelligent service framework, such as semantic web. This dissertation will talk about Semantic Web and Security. It will showcase, why factors like Trust and Proof are kept on top most layers of Semantic Web Stack. It will further demonstrate the use of encryptions to enhance the effect of factors like Trust & Proof. A study on various Encryption algorithms is also presented; Elliptic Curve Cryptography (ECC) being one of them. ECC is explained in detail and the description of its toolkit SECCURE is also provided. For the purpose of demonstrating the implementation of Secure Medium of Information Interchange for Semantic Web Ontology, author developed a website which will allow its users to securely share their semantic web ontology and suggested the use of Elliptic Curve Cryptography.
Keywords
Semantic Web, Security, Encryption, Cryptography, Trust, Proof, Elliptic Curve Cryptography, ECC, SECCURE, Semantic Web Stack, Secure Semantic Web, Web Ontology Language, Secure Information Interchange.
Acknowledgement
I would like to thank my project supervisor Dr. Kirk Martinez for his invaluable support and guidance throughout the project design and implementation. I would also like to thank my second examiner Dr. Richard M. Crowder, who took time from his busy schedule for evaluating my implementation work, and giving useful feedback. And, in the last I would like to thank my group monitor Mu Yang, she is the person who was always there to help me with all kind of difficulties in my project. Thank you all. -2-
Table of Contents
Keywords .............................................................................................................................. - 2 Acknowledgement ................................................................................................................ - 2 Chapter 1: Introduction ......................................................................................................... - 6 1.1 1.2 2 Introduction ............................................................................................................ - 6 Thesis Structure ...................................................................................................... - 7 -
Chapter 2: Semantic Web and Secure Semantic Web .................................................. - 8 2.1 Semantic Web ........................................................................................................ - 8 Proof and Trust Layer ..................................................................................... - 9 -
Secure Semantic Web........................................................................................... - 10 Examples of websites where security can be compromised ................................ - 12 http://www.marinetraffic.com/ais/ ................................................................ - 12 http://www.sig.ma ......................................................................................... - 13 www.swoogle.umbc.edu ............................................................................... - 15 -
2.4 Comparison Chart for security vulnerability testing of the above mentioned examples. ........................................................................................................................ - 16 3 Chapter 3: Cryptography............................................................................................. - 17 3.1 Cryptography in Semantic Web ........................................................................... - 17 DSA: Digital Signature Algorithm ............................................................... - 18 RSA: Rivest Shamir Adleman Algorithm..................................................... - 19 ECC: Elliptic Curve Cryptography ............................................................... - 20 -
How Elliptic Curve Cryptography is better than others?? ................................... - 21 Quick Wrap Up on Elliptic Curve Cryptography ......................................... - 24 -
3.2.1 4
Chapter 4: Secure Semantic Web, Ontology Sharing ................................................. - 25 4.1 SECCURE: ECC Toolkit ..................................................................................... - 25 Generate private-public key pair. .................................................................. - 26 Encrypt a piece of text message. ................................................................... - 26 Decrypt a piece of text message.................................................................... - 26 Encrypt a file. ................................................................................................ - 26 Decrypt a file................................................................................................. - 26 Verify the generated signature. ..................................................................... - 27 Share or exchange Public Keys with Deffie-Hellman Key Exchange. ......... - 27 -
4.2.1
4.2.2 4.3
Site Structure and Design ..................................................................................... - 28 Use Case Diagram: ....................................................................................... - 28 Website Flow Control Diagram: ................................................................... - 29 -
Website Development .......................................................................................... - 31 Home Page .................................................................................................... - 31 Ontology Repository ..................................................................................... - 31 Tech-Support................................................................................................. - 32 About............................................................................................................. - 32 New User Registration Page ......................................................................... - 32 Users Page ................................................................................................... - 32 Download Request Form .............................................................................. - 33 Upload Request Form ................................................................................... - 33 -
4.5.1 4.5.2 5
Chapter 5: Planning Management ............................................................................... - 35 5.1 5.2 5.3 5.4 5.5 5.6 Initial Project Scope ............................................................................................. - 35 Available Resources ............................................................................................. - 35 Project Tasks ........................................................................................................ - 35 Risk....................................................................................................................... - 36 Gantt chart ............................................................................................................ - 36 Management techniques ....................................................................................... - 38 -
Chapter 6: Conclusion and Suggestion for future work.............................................. - 38 6.1 6.2 Suggestion for future work ................................................................................... - 38 Conclusion............................................................................................................ - 38 -
Chapter 7: Appendices ................................................................................................ - 40 7.1 Appendix: Web Pages along with the some important bits of code..................... - 40 HOME PAGE ............................................................................................... - 40 ONTOLOGY REPOSITORY....................................................................... - 43 TECH-SUPPORT ......................................................................................... - 44 ABOUT ......................................................................................................... - 45 NEW USER REGISTRATION PAGE ......................................................... - 46 -4-
USERS PAGE ............................................................................................. - 49 DOWNLOAD REQUEST FORM ................................................................ - 53 UPLOAD REQUEST FORM ....................................................................... - 56 -
References ................................................................................................................... - 58 -
Table of Figures
FIGURE 1: SEMANTIC WEB STACK ........................................................................... - 9 FIGURE 2: SCREEN SHOT OF MARINE TRAFFIC WEBSITE, GIVING AWAY CRUCIAL INFORMATION. ...13 FIGURE 3: SCREEN SHOT OF SIG.MA GIVING AWAY CRUCIAL INFORMATION AND COMPROMISING SECURITY. ................................................................................................. - 14 FIGURE 4: SCREEN SHOT OF SWOOGLE: SEMANTIC WEB SEARCH ENGINE ALLOWING ITS USERS TO DOWNLOAD SEMANTIC WEB ONTOLOGY WITHOUT ANY SECURITY...................... - 15 FIGURE 5: SIGNATURE GENERATION AND VERIFICATION FOR DSA ................................ - 18 FIGURE 6: UNDERLYING MATHEMATICAL PROBLEM FOR DIFFERENT PUBLIC KEY SYSTEMS. . - 22 FIGURE 7: NIST GUIDELINES FOR PUBLIC KEY SIZES WITH EQUIVALENT SECURITY LEVELS. .. - 23 FIGURE 8: RUN TIMES FOR DIFFERENT PUBLIC KEY SCHEMES ....................................... - 24 FIGURE 9: USE CASE DIAGRAM ............................................................................ - 29 FIGURE 10: PAGE FLOW DIAGRAM ....................................................................... - 30 -
-5-
Chapter 1: Introduction
1.1 Introduction
The present World Wide Web is heading towards its third stage of evolution. Starting with a basic architecture and design of web pages, having just the static content to display information and hyperlinks to other web pages, which later evolved into a more user centred design with interactive information sharing, a collaborative World Wide Web. Latest research and developments are taking it to its third stage of evolution which is about to take place or rather be said is taking place in this virtual world of WWW, in which the information and content on the web will be understandable and processed by the machines [computers], intelligent agents and web services. The fact which is a matter of concern for all the users of World Wide Web is: Security, Trust and Proof in regard to the services that are offered online. Some of the issues are: 1) Are we 100% sure about the fact, that all our information which is available up there online is safe and secure? 2) Are we 100% sure that whatever we buy online will definitely reach us and we will not become victim to any scam? 3) Are we 100% sure about the facts that we read online on different forums are trustworthy enough to believe them? All the concerns mentioned above triggers another question that, have we achieved such a level of access control and security mechanism which is capable of supporting an entirely new and improved World Wide Web, where machines will be able to take control of every other thing which is available online? Author believes that for the growth and success of semantic web factors like trust, proof, security and encryptions are indispensible in semantic web stack. This dissertation will talk about importance of factors like trust and proof in the semantic web stack. Furthermore, it will present a prototype for secure information interchange for semantic web ontology sharing. To support the prototype presented, use of encryption algorithm is a must, thats why comparison between different available cryptosystems is shown and use of Elliptic curve cryptography is recommended.
-6-
-7-
-8-
Over the years of research and studies in the field of Semantic Web, all the major research studies and development organisations targeted their research to Web Ontology Language, RDF, XML, etc. Very less work has been done in the area to make Semantic Web Secure and Reliable. There is a lot of scope for research and development in Trust, Proof and scope Encryptions. That is the reason why author opted to work in this field. 2.1.1 Proof and Trust Layer Self-organizing knowledge exchange between users is one of the key motivations for the organizing research and development in Semantic Web Technology. Humans browsing the World Wide nt Web will soon be a history. In the near future with the advent of Semantic Web Technology personal digital agents and application would be able to browse World Wide Web automatically for its master, and would also be able to look for things and take decisions on ter, behalf of its master on the basis of their personal information stored somewhere online. Use
-9-
of Semantic Web Agents and Web Services will demand Proof to develop Trust between the collaborative agents and services. [5][10] But, if something happens which seems strange or unusual to its master, than the master should also be in a position where he can ask for an explanation from his personal digital agent. This is the point where Proof and Trust Layer of Semantic Web Stack comes into use. The decisions taken up by the personal digital agent will be based on the credibility/ user ratings/ reviews etc which will work as proof for the agent to trust the other party. So when the master asks for an explanation the digital agent can right away show all the facts supporting its decision. Let me give you a hypothetical scenario: John and Becky are siblings and have a busy work life in Southampton. Their mother lives with Becky and she is very old, and needs to visit a Doctor quite regularly for her old age health issues. Mother was supposed to have an eye surgery on Tuesday. But the doctors assistant sends an email to Becky and tells her that the doctor would not be able to do the surgery before Friday. But Becky has another problem, her personal digital assistant just told her that she had big official conference to attend on Friday and the only way she can sort this complicated scenario is by asking her brother John to take mother for the eye surgery on Friday. Beckys personal digital assistant sends an email to John with all the details. Johns personal digital assistant reads the mail to John and also tells him that he has not much work to do on Friday and he can take mother to the Doctor. But John queries the assistant about his appointments on Friday. The assistant tells him that, all the appointments are in the evening and are also not very high on his priority list. John asks his assistant to confirm his availability to Becky. Now in the above scenario the personal agents were able to understand all the commands from their masters, and were able to take decision based on the information stored in their personal calendars which are managed online and were also able to justify the assertion made by them. That explains the requirement of Proof and Trust Layer in the Semantic Web Stack.
- 10 -
such as making reservation, designing vehicles, etc. Semantic web includes technologies such as mark-up languages like XML, semantic based languages such as RDF and ontology description languages like OWL. Contracts are negotiated and activities are carried out using above mentioned technologies. Policies on trust, privacy, integrity, confidentiality are must to ensure secure execution of each operation in the web of semantics. These policies will define the level and type of access permissions that agents have on web resources and will also determine the level of trust that can be put on other agents. Various inference systems have been developed and are in developing process to carry automated negotiations between intelligent agents. Inference system deals with all sorts of processes like deducing new information and posing queries. We also need to examine the inference problem for the semantic web. Inference is the process of posing queries and deducing new information. It becomes a problem when the deduced information is something the user is unauthorized to know. With the semantic web, and especially with data mining tools, one can make all kinds of inferences. Recently there has been some research on controlling unauthorized inferences on the semantic web. Security should not be an afterthought. We have often heard that one needs to insert security into the system right from the beginning. Similarly security cannot be an afterthought for the semantic web. However, we cannot also make the system inefficient if we must guarantee one hundred percent security at all times. What is needed is a flexible security policy. During some situations we may need one hundred percent security while during some other situations some security (e.g., 60%) may be sufficient. [21, 22, 23] Privacy is very closely related to security. The major challenge is sensitive information of individuals should must be protected at all times. Trust management and negotiation are some of the other challenges in front of semantic web research community. This includes determining trust value that one agent can place on other. One suggestion is to use reputation mechanisms for the agents. Maintaining integrity is another challenge. For example, when XML documents are published by third parties, we need to ensure that the documents are authentic and are of high quality. With consistent research initiatives in the field of Semantic Web Research, more and more progress is achieved and better standards for security, trust and proof can be developed to make Semantic Web a success. After securing XML and RDF, next thing on the agenda is to examine security for ontology and interoperation. That implies, security levels may have been attached to the ontology. - 11 -
Some parts of the ontology could be unclassified and certain parts could be secret. The challenge lies in the developing a method or an approach to use this ontology for secure information interchange. In the past, researchers have done some work in the field of secure interoperability of databases. Author suggests that we should revisit that research work and then conclude what else needs to be done, to ensure that the information on the World Wide Web can be managed, integrated and exchanged securely. Security and privacy are very closely related to each other. The issue of privacy control has received a lot of attention in the recent days partly because privacy is a very critical issue for the success of semantic web. For national security reasons privacy plays a very crucial role, certain portion of the document may be open for public access without any privacy and some section may have private information which cannot be open for public access and this issue gives the researchers a reason to find ways to develop a method or an approach which will enable the users to take maximum advantage of the semantic web and still maintain privacy and sometimes anonymity.
- 12 -
Figure 2: Screen shot of Marine traffic website, giving away crucial information.
This marine traffic websites lacks any kind of security parameters. There is a greater risk of information being hacked or altered. And thus whole system is completely vulnerable to ation being attacked and there is no guarantee, that the information being displayed is correct and is from right source. This system lacks security, and a conventional HTTPS and Secure Socket Layer would not be Secure enough to take care of the system and its security needs, reason being HTTPS & SSL only provide the end to end security, there is a greater risk of information being hacked or altered in transit. Thus a better security mechanism such as Digital Signature and Encryption mechanism mechanism is required. 2.3.2 http://www.sig.ma http://Sig.ma is a tool to explore and exploit the Web of Linked Data. At any time, information in Sigma is likely to come from multiple, unrelated Web sites potentially any unrelated web site that embeds information in RDF, RDFa or Micro formats (standards for the Web of Data). Sig.ma can be used in 3 main ways: 1) As a Web of Data browser: start from any entity and then click to another from the As resulting page. Remember you are browsing a network of mashups, quite a unique ting thing. It might be noisy but you can spot gems, e.g. interesting description differences in different sources. - 13 -
2) As an embeddable/linkable widget: create a Sigma, refine it and when youre ready to paste it around in emails and twits or embed it on your blog. Sigmas are data live: if one of your selected sources updates its information, so will your Sigma be updated wherever it shows. 3) As a semantic API: retrieve entity descriptions and specific properties. For example picture, phone@Giovanni Tummarello, ready to consume, in JSON, in RDF. [17]
Figure 3: Screen Shot of Sig.ma giving away crucial information and compromising security.
This online system also lacks any kind of access control measures. When the user search for any strings of words on this Semantic Mash-up Search Engine, they get all the information from various secured and unsecured sources and that too without any type of access control on the flow of information. User being a black hat hacker can misuse the same information to carry out various other evil practices. It can be act as a good source of information on practically almost anything for doing Social Engineering for the black hat hackers. Identity theft, Information leak are some of the possible threat. Thirdly the source of information which is being mashed-up to the other sources, there is no guarantee of information being correct and accurate. The information is automatically collected by RDF tag linking. Thus, the information can be inaccurate or from a weak source which can be potential target of being hacked. Thus the end user cannot trust the information given on the www.sig.ma. - 14 -
2.3.3 www.swoogle.umbc.edu This is a Semantic Web Search Engine, it crawls the World Wide Web for special class of document written in RDF. Provides features like searching Semantic Web Ontology, Instance Data, Terms. However, no security is applied to system. It enables you to download ontology, but there is no guarantee that you will get what you asked for. The author means that when you click on an ontology file to download, there is no 100% surety that the file you have received is the one you requested. Moreover, the website also doesnt maintain any record of the user details of downloads.
Figure 4: Screen Shot of Swoogle: Semantic Web Search Engine allowing its users to download Semantic Web Ontology without any security.
- 15 -
2.4 Comparison Chart for security vulnerability testing of the above mentioned examples.
Security Vulnerability Tests Secure login Marine Traffic http://www.marinetraffic.com/ais/ Not available Swoogle http://swoogle.umbc.edu Yes to access more results basic login is provided. But is prone to Sql Injection Attacks. SSL Enabled. www.Sig.ma Secure semantic Web Ontology sharing Yes a secure login is provided. And is safe from Sql Injection Attacks. SSL doesnt provide end to end security that is why author recommended the use of Encryptions. Secure Login, Secure Encryption Tools and Admins Permission for every upload & download request plays a crucial role in making sure that none of the info or service could be misused.
Not available
SSL
Not Found
Not Found.
Identity Theft
Easy Access to Sensitive Information. Pirates can use the same system for hijacking ships and stealing from cargo shipments.
Easy access to a huge collection of Ontologies which could be used to steal sensitive information. These ontologies can be used extract very critical information from other sources of information.
Information Security
No Security, anyone can access it and take away sensitive information about ships, cargo, tankers etc. Anyone can post wrong information about the ships with a little tweaking with the system. The system is completely open for any kind of security compromise.
Basic security but Anyone can download or access Semantic web Ontologies, which could have sensitive information stored in them.
This system will allow its user to get all sort of information regarding any search keyword. It uses the technology of intelligent mash up but has no security. Hence can be used for any purpose. Can be misused by terrorists. No security, completely open mashup. Anyone can access lots of information about almost anything. Anyone can link fraud or wrong information using RDF tags, and thus no one can trust the information. Not Found
ECC & Secure Login provides a full proof mechanism & gives secure Access to the services. User can view the Ontology Collection and other pages but cannot download or upload any ontology until unless he signs in as Authentic User. Secure Sessions are used to make sure of URL Security and Page flow Security.
Secure Sessions
Not Found
Secure sessions are in use to provide page flow security & URL Security. But as the login is prone to SQL Injection attacks, thus sessions are of no use.
- 16 -
3 Chapter 3: Cryptography
3.1 Cryptography in Semantic Web
World Wide Web is an open system, where people interact with services, application, web pages, look up for information, and social networking. Now, this giant gigantic web is taking up another giant leap to completely revolutionize the entire system of people centred web interaction. This new system is Semantic Web, which is a highly connected web of linked data where machines can understand and process the web content. But, with power comes the responsibility. Responsibility of making sure that everything on this super powerful web works perfectly, and to make sure of that none of responsibilities is neglected, key properties such as Cryptography, Trust and Proof will play a very crucial role. In the previous sections the author has talked about Trust, Proof and Security. Now, in this section the author will talk about Cryptography which plays a very important part in ensuring the security. Cryptography has been kept alongside of all the layers in semantic web stack, the researchers and developers knew its importance is all across the entire of infrastructure of Semantic web. These include XML, RDF, agents, the infrastructures as well as the information management and data management technologies. We also need to ensure that security is preserved when integrating the technologies. For example, one needs proper access to the XML documents. Furthermore, these documents need to be encrypted for some applications. The agents that carry out the processing have to communicate securely. Various security technologies for the web do exist at present. These technologies have to be evaluated for the semantic web. We also need to incorporate security semantics into semantic interoperability. The various logics being developed for the semantic web need to be examined and security properties have to be incorporated. [21] Public key cryptosystem has developed quickly since it was purposed by W.Diffie and M.Hellman in 1976. As we know, at the foundation of every cryptosystem is a hard mathematical problem that seems infeasible to solve. People have been suggesting the different complicated problems to establish the public key cryptosystem. The techniques of the public key cryptosystem are classified into three classes: (1)based on the integer
factorisation, such as the popular RSA(Rivest, Shamir, Adelman), (2)based on the discrete log, such as DSA ( Digital Signature Algorithm 1, DH ( Diffie-Hellman ) ,(3)based on the elliptic curve, such as ECDH ( Elliptic Curve Difie-Hellman. ). The security degrees of all the techniques are based on the hardness of mathematical problems. - 17 -
Now, to make sure that the best of level of security infrastructure for semantic web, the best of the best cryptosystem should be used. The author will now present a brief detail about all the cryptosystems and will also show a comparison chart. 3.1.1 DSA: Digital Signature Algorithm The Digital Signature Algorithm (DSA) is a standard by United Stated Federal Government (FIPS) for digital signature. NIST (National Institute of Standards and Technology) proposed it in Aug1991 for use in their Digital Signature Standard (DSS), and specified it in FIPS 186 and later adopted it in 1993. It was later revised in 1996 as FIPS 186-1. The same standard was later expanded and revised further in year 2000 as FIPS 186-2 and in 2009 as FIPS 1863. Electronics analogue of a written signature is a digital signature; to provide assurance that the claimed person (signatory) has signed the information using digital signature. It also enables us to detect that, whether or not information was modified after it was signed. To meet the requirements of the standard and to provide the services it is must for the digital signature to be implemented properly.
A digital signature algorithm includes a signature generation process and a signature verification process. A signatory uses the generation process to generate a digital signature on data; a verifier uses the verification process to verify the authenticity of the signature. Each - 18 -
signatory has a public and private key and is the owner of that key pair. As shown in Figure 5, the private key is used in the signature generation process. The key pair owner is the only entity that is authorized to use the private key to generate digital signatures. In order to prevent other entities from claiming to be the key pair owner and using the private key to generate fraudulent signatures, the private key must remain secret. The public key is used in the signature verification process (see Figure 5). The public key need not be kept secret, but its integrity must be maintained. Anyone can verify a correctly signed message using the public key. For both the signature generation and verification processes, the message (i.e., the signed data) is converted to a fixed-length representation of the message by means of an approved hash function. Both the original message and the digital signature are made available to a verifier. [8] 3.1.2 RSA: Rivest Shamir Adleman Algorithm In cryptography, RSA was the first algorithm which gained large scaled popularity for being perfectly suitable for both encryption and signing, and was the first great advancement in the field of public key cryptography. It was developed by the trio of Rivest, Shamir and Adleman and named after their initials. It is used almost everywhere in e-commerce protocols, and it is believed that, if sufficiently long keys and up-to-date implementation methods are used than it is among one of the most secure and powerful Public Key Cryptosystem. The unique feature of RSA Cryptosystem which brought a change was that, even after publicly re-veiling an encryption key was no more considered a threat and will therefore does not reveal the corresponding decryption key. This had two very important consequences: 1. Other means of secure communication like couriers and postal mails were no longer required to transmit keys, because a message can now be enciphered using encryption keys which were revealed by the intended recipient. And, the best part is that only he can decrypt the message, since he is the only person who knows the corresponding decryption key. 2. A message can be signed using the decryption key held privately, and anyone who wants to verify the signature can do that using the corresponding encryption key which is publicly revealed to everyone. Signatures provided a full proof assurance as now they cant be forged and a signer cannot deny the validity of his signature. This new cryptosystem had very huge impact in e-mail and e-funds transfer systems.
- 19 -
A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e.d1 (mod (p-1).(q-1)). The security of the system rests in part on the difficulty of factoring the published divisor, n. [16, 18] 3.1.3 ECC: Elliptic Curve Cryptography There are many drawbacks in current encryption algorithms in respect of security, real-time performance and so on, and researchers are presenting various algorithms. Among them, the Elliptic Curve Cryptography (ECC) is evolving as an important cryptography, and shows a promise to be an alternative of RSA. Small size, high security and other features characterize ECC. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. [15, 11, 9, 1] Actually ECC is a kind of cryptography where an abelian group has been used to implement the Diffie-Hellman key passing scheme, and the ElGamal public key cryptosystem and signature schemes. The ECC relies upon the hardness of the Elliptic Curve Discrete Log Problem (ECDLP). [15] Consider the abelian group E of rational points. ECDLP is to determine the integer k, which can let k*P = Q(P,Q is the given points on E). More specifically, n*P=P+P+ ...+ P=8 (point at infinity) Where n is a prime. Obviously, k<n, and if k and P is given, Q can be found easily. On the other hand, it is difficult to get k even if P,Q are known. This is the hardness of ECDLP. It is believed that the usual discrete log problem (DLP) over the multiplicative group of a finite field and ECDLP are not equivalent problems, and that ECDLP is more difficult than DLP. Now an ECC process of the ElGamal public key cryptosystem is explained as a example: Firstly, a specific point P on the curve E is selected and published as a part of public key. Secondly, the user (denote: A) of private key will proceed the following operations: A private key K is selected as a random integer, k<n. The value Q = k*P is calculated, (E, P, n, Q) as the public key is published. Thirdly, the one who wants to send message m to A (denote: B) should: - 20 -
Get As public key. Embed m in E and denote it as Pm. A random integer d is selected, d<n. Search for the point (x2, y2) = d*Q until x2=0. The value d*P and Pm+d*Q is calculated, (d*P, Pm+d*Q) is sent as an encrypted message. Finally, when A receives the encrypted message, he will: Using private key k, calculate k*d*P=d*(k*P) = d*Q. Get the message by calculating Pm = (Pm+d*Q)-d*(k*P). [15]
The purpose of any public key cryptosystem is to maintain the security and integrity of the resources, avoid the attack of any people, any event, etc. while the anti-attack performance of the algorithm assures its security. In 6th International Cryptography Conferences in Jan.2000, ECC as well as RSA were the only two algorithms that were recommended. Actually in the term of security, ECC provides the highest strength per bit among all the cryptosystems.
- 21 -
Figure 6 above tells us about the underlying mathematical problem for different public key systems. These are the industry standard for public key cryptosystems and are commercially viable, secure and efficient. They are based on different types of mathematical problems like RSA is the best example of Integer Factorization Systems, DSA is based on Discrete Log and ECC is based on the toughest of all problems i.e. Elliptic Curve.
- 22 -
Figure 7: NIST Guidelines for Public Key Sizes with Equivalent Security Levels.
Figure 7 showcases NIST Guidelines for Security levels with equivalent Public Key Sizes. Among all of them ECC i.e. Elliptic Curve Cryptography is a clear winner, it is able to offer highest amount of security bits at minimum public key size, DSA and RSA are on equal terms with each other. NIST has issued strict recommendations that 128-bit protection is necessary to achieve relatively lasting security (to the year 2036 and beyond). That means shifting to AES from 3DES. To avoid compromising the security of the system, National Institute of Standards and Technology FIPS 140-2 standard clearly states that security keys for symmetric ciphers like AES must match to the strength by public-key algorithms like RSA and ECC. As you can see in the table above, while ECC key sizes are scaling linearly, RSA key sizes do not. That resulting into the gap between systems and will grow as the key sizes increases. This is especially relevant when 512 bits of key size of ECC is compared to 15,360 bits of RSA key size to implement AES of 256-bit security. - 23 -
Two major benchmarks of comparing these cryptosystems are Security and Efficiency. The security of these systems depends on the level of hardness of the underlying mathematical problems. Above mentioned three different cryptosystems are based on three different underlying mathematical problems and can only solved by three unique methods. Fully exponential is the best way to solve ECC i.e. Elliptic Curve Discrete Log Problem. And thus, it is able to deliver the best security/bit of any Public Key Cryptosystem. 3.2.1 Quick Wrap Up on Elliptic Curve Cryptography As the author just showed how Elliptic Curve Cryptography is an extremely efficient compact algorithm, and how it makes very few processing demands on devices with resource constraints in comparison to RSA. Plus, it is a standardized cryptosystem, and it also ensures
- 24 -
interoperability between devices. And, it answers manufacturers' concerns about reliability as being a well-researched and proven system. In the end, benefits of ECC are many: linear scalability, a small software footprint, low hardware implementation costs, low bandwidth requirements, and high device performance. For the reasons above, ECC has gained a lot of support from a number of leading companies and also received a strong validation from National Security Agency. It is very clear that security is an essential component of World Wide Web and Semantic Web. As the points stated above has shown, ECC is a superior algorithm to all the other alternatives when it comes to enabling that security. And as it offers the highest strength-perbit of any other public-key cryptography system, there is no doubt that ECC is the best choice for cryptography layer in Semantic Web Stack.
decryption, signature generation / verification and key establishment. To my best knowledge none of the implemented algorithms and crypto graphical schemes
(ECDH, ECIES, ECDSA, AES-CTR, SHA256, SHA512) is covered by software patents (see the Patent statement). All the named algorithms and all underlying elliptic curves (standardized by NIST and SECG) are considered cryptographically secure
nowadays. SECCURE received two security audits by the Debian auditing team in August 2006, none of them detecting a problem.[14] - 25 -
SECCURE Use Description [14]: SECCURE can also be found out at SECCURE Website i.e. http://www.point-atinfinity.org/seccure. SECCURE can be used to do following things: 4.1.1 Generate private-public key pair.
$ seccure-key
Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn
$ seccure-key
Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn $ seccure-encrypt -i file.owl -o file.enc '2D*~@S|:iXX.8HHY;kYBy*E>n'
$ seccure-key
- 26 -
Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn seccure-decrypt -o filename.enc Enter the Private Key: my private key
Further to the project design, this project will follow the website development life cycle. In WDLC the steps are: Step 1: Requirement Analysis Step 2: Specification of Requirements Step 3: Site Structure and Design Step 4: Website Development - 27 -
- 28 -
Some bubbles are linked to each other and they show a connected flow of pages for example Download Instruction page is connected to download request form.
System Boundary
HOME
Ontology Repository
Tech Support
Download Instructions
SECCURE USER
Upload Instructions
ADMIN
Figure 9: Use Case Diagram 4.3.2 Website Flow Control Diagram: Website flow control diagram is used to present the flow and connection between the web pages. The connections between the web pages can be uni-directional and bi-directional. Here, in the diagram below all the web pages have been represented with blocks, and the connection among them are represented with a line.
- 29 -
Home Page
Ontology Collection
About Me Login/Sign In
Logout/Signout
- 30 -
Engines, c) Login, d) Register New User and e) Contact the Author. Kindly refer to appendix 7.1.2 for web page design. 4.4.3 Tech-Support The tech-support page will give the basic technical information about following things: a) Purpose of website, b) Security, c) How to download the Ontology file, d) How to upload an Ontology file, and e) Necessity of user being on Linux/Unix platform. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Login, d) Register New User and e) Contact the Author. Kindly refer to appendix 7.1.3 for web page design. 4.4.4 About About me page will give an insight into the authors profile, his interests and activities and contact information for feedback and suggestions. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Register New User and d) Contact the Author. Kindly refer to appendix 7.1.4 for web page design. 4.4.5 New User Registration Page If a user wants to register him/her self with the website, to benefit from all the features like downloading and uploading semantic web ontology, he can get to this page by clicking on New User tab on the top right corner of the page. The page consists of a really small form asking just for very basic information from the user like a) Username, b) Password, c) Full Name, d) Occupation and e) Country. Kindly refer to the appendix 7.1.5 for web page design and code. 4.4.6 Users Page If a registered user wants to share (Upload or Download) semantic web ontology, from or to this website, he/she will have to login with their unique user id and password. After login he/she can get to this Users page where detailed instructions are provided about the steps involved during Upload and Download of semantic web ontology file. A like to SECCURE toolkit is also provided and installation instructions are also given alongside. The user is asked to first download and install SECCURE toolkit from http://point-at-
infinity.org/seccure/. After that user is asked to generate its Private and public key pair and store it in a safe location. Links to the Download/ Upload Request Forms are also given on the same page. The Admins public key also shared with the user on the same page, so that in case of semantic web ontology upload the user can encrypt the his file with the Admins public key. So, that only admin can see ontology file. This webpage also allows its user to a) - 32 -
Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to appendix 7.1.6 for web page design and code. 4.4.7 Download Request Form Download request form allows the registered user to request the admin for the download link to selected semantic web ontology file of users choice. But to make sure of security and enhance users trust in the download process involved. A small form is presented in which the user needs to fill in following details: a) Username, b) Email Add, c) Public Key, d) Ontology Name and e) Purpose. On press of submit button the request of the user is added to admins task list. Admin than consider the download request and Encrypts the requested ontology file with users public key. Later a unique and secure FTP download link is emailed to the user on the provided email address. This process is given a buffer time of 24Hours, because each and every time a new file will be encrypted for all the requests received at the admins end. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to appendix 7.1.7 for web page design and code. 4.4.8 Upload Request Form If a registered user is willing to make a contribution to the archives of this website with his semantic web ontology file, he is very much welcomed and thus an upload request form is also included in this website. On this page the user is presented with a small form to fill in few details and upload the encrypted semantic web ontology file. But the user can only upload an exclusively encrypted semantic web ontology file and is encrypted with the admins public key which is given on the Users main page. In the small form provided the user is asked to fill in some very simple details which are as follows: a) Ontology Name, b) Ontology Description, c) User name, d) Email add, e) File Browse/ Upload. The user is asked to browse to the encrypted semantic web ontology file from his system and upload it using the submit button. On submit the request to upload will be added to the admins task list. The admin will then decrypt the file and then the admin will check the semantic web ontology file and if everything is fine it will uploaded and added to the website ontology archives. An acknowledgement mail will the sent to the user on the email id provided. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to appendix 7.1.8 for web page design and code.
- 33 -
- 34 -
4.5.2 Maintenance Maintenance is a continuous and never ending process, and it goes on till the system is in use. This website was developed and will be maintained solely by the author, who is also the admin of the website. With time the website is expected to grow. The user database, ontology archives will grow with time, and thus a continuous maintenance will go on.
- 35 -
Logarithm Problem. It took a fair amount of time for the author to understand Elliptic Curve Cryptography. The third challenge was to implement Elliptic Curve Cryptography onto the Semantic Web Ontology Files. This task can be further sub-divided in learning and understanding ECC toolkit. Elliptic Curve Cryptography toolkit used is SECCURE. But using this toolkit presented another challenge to author i.e. the toolkit can only be used on Linux Platform, which further lead the author to learn UBUNTU 10.04. Fourth challenge was to store the encrypted ontology into the RDF Triple Store, which later became a hurdle as the semantic web ontology file cant be recognised by the triple store after encryption as everything in that file has been converted into cipher text (as mentioned earlier). This hurdle was later sorted out with the help and guidance of the group monitor, who suggested the author to use an ontology sharing website to present the securely encrypted ontology files. Fifth and final challenge was the biggest problem which came after a month of final submission. But it also gave an opportunity to the author to improvise his previous work and present the work with more sophisticated results, comparison charts and improved website. Before making this final submission author make sure that all the short coming have been taken care adswhich were there in the previous submission.
5.4 Risk
During the middle of the project authors bad health was a major threat, as substantial amount of time was wasted in recovering. To compensate for the time loss, author devoted extra time on the project in the weeks after recovery. The second risk was posed when the author found out that the encrypted files cannot be stored into RDF triple store. Later on after discussion with the group monitor, a way out was found.
- 36 -
But, later on some tasks took more time than expected like learning Linux environment, RDF Triple Store Problem and health issues affected the planned schedule. However, author made every possible effort to meet the deadlines and to attend all the scheduled meetings with the monitor and supervisor. After the submitting the dissertation officially for the first time, the author was advised to do some more work, to further improve the proposed system and present it in a better way to the examiners. Which added another 7 weeks to the project schedule, thus the final Gantt Chart of the project plan as follow:
- 37 -
6.2 Conclusion
In this M.Sc. Dissertation Project Report the author presented a successful demonstration of Secure Semantic Web, Ontology Sharing System. In this project the author emphasised on the importance of Security in Semantic Web. The author also talks about importance of factors like Trust, Proof and Cryptography in Semantic Web Stack. Author also presented his findings on different crypto systems like RSA: Rivest Shamir Adleman, DSA: Digital Signature Algorithm and ECC: Elliptic Curve Cryptography. Author finds out that Elliptic Curve Cryptography is the best crypto system available today and should be exploited in the benefit of a Secure World Wide Web and a Secure Semantic Web. The use of SECCURE toolkit was definitely an advantage towards the successful completion of project on time. SECCURE introduced the easiest possible way to deal with the strongest crypto system which is based on the most difficult mathematical problem i.e. Elliptic Curve
- 38 -
Discrete Logarithm Problem. All the commands were easy to understand, learn and implement. Overall the MSc Dissertation project was delivered on time, with all the results & successful demonstration. This project has greatly enhanced the authors understanding, about Semantic Web and Importance of Layers like Trust, Proof and Cryptography in Semantic Web Stack. It also gave an opportunity to the author to investigate web design packages such as Adobe Dreamweaver CS3, WAMP 2.0, Elliptic Curve Cryptography Toolkit: SECCURE and Linux based Operating System: UBUNTU 10.04.
- 39 -
7 Chapter 7: Appendices
7.1 Appendix: Web Pages along with the some important bits of code
7.1.1 HOME PAGE
CODE for the Home Page: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Homepage</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <div id="wrap"> - 40 -
<div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p> </div> </div> <div id="menu"> <ul> <li id="current"><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Login</h1> <form action="download_upload.php" method="post"> <p> <label>Username</label> <input name="username" value="Your UserName" type="text" size="20" id="username"/> <label>Password</label> <input name="password" value="Your Password" type="password" size="20" id="password"/> <br /> <br /> <input class="button" type="submit" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> - 41 -
<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Secure Semantic Web </h1> <p><strong>Semantic Web</strong><strong>"</strong>is a group of methods and technologies to allow machines to understand the meaning - or "semantics" - of information on the World Wide Web. The term was coined by <strong>World Wide Web Consortium (W3C)</strong> director <strong>Tim Berners-Lee</strong>. According to the original vision, the availability of machine-readable metadata would enable automated agents and other software to access the Web more intelligently.<br /><br /> The agents would be able to perform tasks automatically and locate related information on behalf of the user. While the term "Semantic Web" is mainly to be used to describe the model and technologies proposed by the W3C. These technologies include the <strong>Resource Description Framework (RDF)</strong>, a variety of data interchange formats (e.g. RDF/XML, N3, Turtle, N-Triples), and notations such as <strong>RDF Schema (RDFS)</strong> and the <strong>Web Ontology Language (OWL)</strong>, all of which are intended to provide a formal description of concepts, terms, and relationships within a given knowledge domain.Many of the technologies proposed by the W3C already exist and are used in various projects.<strong>"<a href=http://en.wikipedia.org/wiki/Semantic_Web> [1] </a></strong><br /><br /> <strong>Security</strong> has always been considered as a key concern, by all the research scientists who are working in the field of <strong>Semantic Web</strong>. That is why factors associated with the Security of Semantic Web like Trust, Proof, Encryption, Signatures has been kept on top most layer of <a href="http://en.wikipedia.org/wiki/Semantic_Web_Stack#Overview">Semantic Web Stack</a>. This website demonstrate a step towards the making of a <strong>Secure Semantic Web</strong>.</p> <p>Semantic Web revolves around the <strong>Ontologies</strong> and <strong>RDF Triples</strong>, and there are lots of web forums and communities which provides ready to use Ontologies. Which means that you are free to use and modify it for any purpose.</p> <p class="post-footer align-right"> <a href="http://en.wikipedia.org/wiki/Semantic_Web" class="readmore">Read more</a></p> </div> </div> <div id="footer"> <p> © 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a - 42 -
href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> <a href="index.php">Home</a> | </p> </div> </div> </body> </html> 7.1.2 ONTOLOGY REPOSITORY
- 43 -
7.1.3 TECH-SUPPORT
- 44 -
7.1.4 ABOUT
- 45 -
CODE for NEW USER REGISTRATION PAGE: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>New User Registration</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p> </div> </div> <div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> - 46 -
<li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>New User Registration </h1> <p> <form action="congrats.php" method="post"> <p>Enter Username: <input type="text" name="username" value="" size=50/><br /> Enter Password : <input type="password" name="password" value="" size=50/><br /> Full Name : <input type="text" name="name" value="" size=50/><br /> Email   ; : <input type="text" name="email_id" value="" size=50/><br /> Occupation : <input type="text" name="occupation" value="" size="50"/><br /> Country : <input type="text" name="country" value="" size="50"/></p> <p align="center"> Submit Details: <input type ="submit" name="submit" value="Submit"/></p> </form> </div> </div> <div id="footer"> - 47 -
<p> © 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> <a href="index.php">Home</a> | </p> </div></div></body></html>
- 48 -
- 49 -
CODE for USERs PAGE <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Download and Upload Instructions</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <?php $username_1 = $_POST['username']; $password_1 = $_POST['password']; $db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143') OR die("disconnected<br>"); $db = mysql_select_db('b13_6284740_project') OR die("unable to select database"); $dbquery_1 = "select * from users where username='$username_1' and password='$password_1'" OR die ("unable to execute query"); $dbresult_1 = mysql_query($dbquery_1,$db_connect) OR die("unable 2 give result"); ?>
<div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p> </div> </div> <div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li><a href="download_request.php">Download Request</a></li> <li><a href="upload_request.php">Upload Request</a></li> <li class="last"><a href="about.php">About</a></li> </ul> - 50 -
</div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Instructions for Downloading Semantic Web Ontology !!</h1> <ul> <li>For Downloading any Semantic Web Ontology, you need to fill in some details into the form below:</li> <li>First download <strong>SECCURE: Secure Elliptic Curve Cryptography Utility for Reliable Encryption</strong>. You can download its Tar.gz File or Debian Package from <a href="http://point-at-infinity.org/seccure/">Seccure</a>.</li> <li>After installing this very important toolkit in your machine. You should generate <strong>PUBLIC KEY & PRIVATE KEY PAIR</strong>, using the following set of commands in your terminal window:<br /> <strong>$ seccure-key<br /> Assuming curve p160.<br /> Enter private key: my private key<br /> The public key is: 8W;>i^H0qi|J&$coR5MFpR*V </strong></li> <li>User Should must provide this <strong>PUBLIC KEY</strong> in the form below, and keep the <strong>PRIVATE KEY</strong> safe with you.</li> <li>The website Admin needs your PUBLIC KEY to encrypt the file exclusively for you. </li> <li>The Download link for the requested ontology will be made available to you in 24Hours.</li> - 51 -
<li>After downloading the file on your machine, Simply browse to the directory of the file. Use the following set of commands to Decrypt the File.<br /> <strong>seccure-decrypt -o filename.enc <br /> Enter the Private Key: my private key<br /> File Open</strong></li> </li> </ul> <p align="center"><a href="download_request.php"><strong>Download Request Form</strong></a></p> <h1>Instructions for Uploading Semantic Web Ontology!!</h1> <ul> <li>For Uploading any Semantic Web Ontology to this website, the user needs to fill in some details into the form below, and upload the file using the file upload tool.</li> <li>First Download and Install <strong>SECCURE: Secure Elliptic Curve Cryptography Utility for Reliable Encryption</strong>. You can download its Tar.gz File or Debian Package from <a href="http://point-at-infinity.org/seccure/">Seccure</a>.</li> <li>After installing this very important toolkit in your machine. Use this PUBLIC KEY::<strong>2D*~@S|:iXX.8HHY;kYBy*E>n</strong>, to encrypt the Ontology file, using the commands below:<br /> <strong>$ seccure-encrypt -i file.owl -o file.enc '2D*~@S|:iXX.8HHY;kYBy*E>n'<br /> Encryption Succesful</strong></li> <li>User Should than, UPLOAD the encrypted version of the file, using the File_Upload option below:</li> <li>The website Admin will check the file, and if the decryption is successful on Admin's end, It will be uploaded in our Archives in 24Hours of time span.</li> <li>Kindly fill in all the details related to the Semantic web Ontology you are about to upload.</li> </li> </ul> <p align="center"><a href="upload_request.php"><strong>Upload Request Form</strong></a></p> </div> </div> <div id="footer"> <p> © 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> - 52 -
CODE for DOWNLOAD REQUEST FORM: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Download and Upload Instructions</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p> - 53 -
</div> </div> <div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li id="current"><a href="download_request.php">Download Request</a></li> <li><a href="upload_request.php">Upload Request</a></li> <li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Request form for Downloading Semantic Web Ontology !!</h1> <form action="download_request.php" method="post"><br /> Username: <input type="text" value="" name="usrname" /><br /><br /> Email Add: <input type="text" value="" name="email" /><br /><br /> PUBLIC KEY: <input type="text" value="" name="pubkey" /><br /><br /> - 54 -
Ontology Name: <input type="text" value="" name="owlname" /><br /><br /> Purpose: <inp ut type="text" value="" name="purpose" /><br /><br /> <input type="submit" value"Send Download Request" name="dndrequest" /> </form> <?php $usrname = $_POST['usrname']; $mail = $_POST['email']; $pubkey = $_POST['pubkey']; $owlname = $_POST['owlname']; $purpose = $_POST['purpose']; $db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143'); if ($db_connect == false) { die ("Unable to Connect to MySql Database<br>"); } $db = mysql_select_db('b13_6284740_project'); if ($db == false) { die ("Unable to Select MySql Databse<br>"); } $dbquery = "INSERT INTO download (usrname, mail, publickey, owlname, purpose) VALUES ('$usrname','$mail','$pubkey','$owlname','$purpose')"; $dbresult = mysql_query ($dbquery, $db_connect); if ($dbresult == false) { die("Unable to add record <br>"); } ?> </div> </div> <div id="footer"> <p> © 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> <a href="index.php">Home</a> | </p> - 55 -
CODE for UPLOAD REQUET FORM: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Download and Upload Instructions</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> Strict//EN"
<div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p> </div> </div> - 56 -
<div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li><a href="download_request.php">Download Request</a></li> <li id="current"><a href="upload_request.php">Upload Request</a></li> <li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Request form for Uploading Semantic Web Ontology!!</h1> <form enctype="multipart/form-data" action="upload_request.php" method="POST"><br /> Ontology Name:: <input type="text" name="ontologyname" value="" /><br /><br /> Ontology Description:: <input type="text" name"description" value="" size="50" /><br /><br /> Username:: <input type="text" name="username" value="" /><br /><br /> Email:: &nbs p; <input type="text" name="email" value="" /><br /><br /> - 57 -
<input type="hidden" name="MAX_FILE_SIZE" value="100000" /> Choose a file to upload: <input name="uploadedfile" type="file" /> <input type="submit" value="Submit" /><br /><br /> </form> <?php $target_path = "upload/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else { echo "There was an error uploading the file, please try again!"; } ?>
</div> </div> <div id="footer"> <p> © 2010 <strong>MSc Dissertation Project</strong> | <strong>Raman Pal</strong> | Valid href="http://validator.w3.org/check?uri=referer">XHTML</a> | href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> href="index.php">Home</a> | </p> </div> </div> </body> </html>
Design
8 References
[1] Ali, R. (2008). Elliptic Curve Cryptography A new way for Encryption. Karachi: IEEE. [2] Amit Jain, Csilla Farkas. (2006). Secure Resource Description Framework: an Access Control Model. SACMAT'06. ACM. [3] Azadeh Nematzadeh, Layla Pournajaf . (2008). Privacy Concerns of Semantic Web . Fifth International Conference on Information Technology: New Generations. Tehran: IEEE Computer Society. - 58 -
[4] Bertino, E. (2002). Access Control for XML Documents, Data and Knowledge Engineering. [5] Bhavani Thuraisingham, Pranav Parikh . (2008). Trustworthy Semantic Web Technologies for Secure Knowledge Management . 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing . IEEE Computer Society. [6] Elena Ferrari, Bhavani Thuraisingham. (2000). Secure Database System. In Advances in Database Management. Artech House. [7] Farkas, C. (2003). Inference Problem for Semantic Web. Proceeding of the IFIP conference on Data and Application Security. Colorado. [8] Gaithersburg, M. (2009, June). Digital Signature Standards, FIPS PUB 186-3. Retrieved from Federal Information Processing Standards Publications FIPS PUBS: http://www.itl.nist.gov/fipspubs/by-num.htm [9] Ian F. Blake, Gadiel seroussi, Nigel P. Smart. (2005). Advances in Elliptic Curve Cryptography. Cambridge: Cambridge University Press. [10] Jir Dokulil, Jakub Yaghob, Jana Katreniakova. (2008). Everything You Ever Wanted to Learn from the Semantic Web but Were Unable to Ask. The Second International Conference on Advanced Engineering Computing and Applications in Sciences. IEEE Computer Society. [11] Koblitz, N. (1987). Elliptic Curve Cryptosystems. Math. Comp. [12] Maryam Tahajod, Azadeh Iranmehr, Nasim khozooyi. (2009). Trust Management for Semantic Web . 2009 Second International Conference on Computer and Electrical Engineering. IEEE Computer Society. [13] Nigel Shadbolt, Wendy Hall, Tim Berners-Lee. (2006). Semantic Web Revisted. Web and Semantic Web Research Information. IEEE Computer Society. [14] Poettering, B. (2009, april 9). SECCURE. Retrieved from Point At Infinity: http://www.point-at-infinity.org/seccure/ [15] Qizhi Qiu, Qianxing Xiong . (2003). Research on Elliptic Curve Cryptography. The 8th International Conference on Computer Supported Cooperative Work in Design Proceedings. IEEE. [16] R. L. Rivest, A. Shamir, L. Adleman. (1978). A method for obtaining digital signatures and public key cryptosystem. Communication of the ACM. ACM. [17] Semantic Information Mash-Up. (n.d.). Retrieved from Sig.MA: http://www.sig.ma [18] Shuhua Wu, Yuefei Zhu. (2006). A Resource Efficient Architecture for RSA and Elliptic Curve Cryptosystems. IEEE.
- 59 -
[19] Sizov, S. (2007). What Makes You Think That? The Semantic Webs Proof Layer. IEEE Computer Society. [20] The Case For Elliptic Curve Cryptography. (2009, January 15). Retrieved from National Security Agency, Central Security Service: http://www.nsa.gov/business/programs/elliptic_curve.shtml [21] Thuraisingham, B. (2002). Builing Secure Survivable Semantic Web. 14th IEEE International Conference on Tools with Artificial Intelligence (ICTAI02). [22] Thuraisingham, B. (2007). CONFIDENTIALITY, PRIVACY AND TRUST POLICY ENFORCEMENT FOR THE SEMANTIC WEB. Eight IEEE International Workshop on Policies for Distributed System and Networks (POLICY'07). Dallas: IEEE Computer Society. [23] Thuraisingham, B. (2003). Security Issues for the Semantic Web . 27th Annual International Computer Software and Applications Conference (COMPSAC03). [24] Thuraisingham, B. (2002). XML Databases and the Semantci Web. CRC. [25] Thuraisingham, D. B. (2009). Building Trustworthy Semantic Webs . IEEE IRI 2009. [26] Tim Berners-Lee, Mark Fischetti. (1999). Weaving The Web. San Francisco: Harper. [27] Vanstone, S. (2004, March 18). ECC holds key to Next-Gen Cryptography. Retrieved from EE Times News and Analysis: http://www.commsdesign.com/showArticle.jhtml?articleID=18400497 [28] Yu Zhang, Huajun Chen, Zhaohui Wu, Xiaoqing Zheng. (2006). Develop a computational trust prototype for the Semantic Web. Proceedings of the 22nd International Conference on Data Engineering Workshops (ICDEW'06).
- 60 -