UNIVERSITY OF SOUTHAMPTON

Faculty of Engineering, Science and Mathematics School of Electronics and Computer Science

Secure Semantic Web, Ontology Sharing By RAMAN PAL (rp5g09@ecs.soton.ac.uk) Completed on 18th January, 2011

A dissertation submitted in partial fulfilment of the degree of M.Sc. Web Technology By examination and dissertation

Supervisor: Dr. Kirk Martinez Examiner: Dr. Richard M Crowder

-1-

Abstract
This dissertation will present the developments in the field of Semantic Web and will talk about Secure Semantic Web. To satisfy the requirements of M.Sc. Dissertation, the author has also proposed an implementation model which will present the concept of Secured Sharing of Semantic Web Ontology. This model is devised for secured resource management for intelligent service framework, such as semantic web. This dissertation will talk about Semantic Web and Security. It will showcase, why factors like Trust and Proof are kept on top most layers of Semantic Web Stack. It will further demonstrate the use of encryptions to enhance the effect of factors like Trust & Proof. A study on various Encryption algorithms is also presented; Elliptic Curve Cryptography (ECC) being one of them. ECC is explained in detail and the description of its toolkit SECCURE is also provided. For the purpose of demonstrating the implementation of Secure Medium of Information Interchange for Semantic Web Ontology, author developed a website which will allow its users to securely share their semantic web ontology and suggested the use of Elliptic Curve Cryptography.

Keywords
Semantic Web, Security, Encryption, Cryptography, Trust, Proof, Elliptic Curve Cryptography, ECC, SECCURE, Semantic Web Stack, Secure Semantic Web, Web Ontology Language, Secure Information Interchange.

Acknowledgement
I would like to thank my project supervisor Dr. Kirk Martinez for his invaluable support and guidance throughout the project design and implementation. I would also like to thank my second examiner Dr. Richard M. Crowder, who took time from his busy schedule for evaluating my implementation work, and giving useful feedback. And, in the last I would like to thank my group monitor Mu Yang, she is the person who was always there to help me with all kind of difficulties in my project. Thank you all. -2-

Table of Contents
Keywords .............................................................................................................................. - 2 Acknowledgement ................................................................................................................ - 2 Chapter 1: Introduction ......................................................................................................... - 6 1.1 1.2 2 Introduction ............................................................................................................ - 6 Thesis Structure ...................................................................................................... - 7 -

Chapter 2: Semantic Web and Secure Semantic Web .................................................. - 8 2.1 Semantic Web ........................................................................................................ - 8 Proof and Trust Layer ..................................................................................... - 9 -

2.1.1 2.2 2.3

Secure Semantic Web........................................................................................... - 10 Examples of websites where security can be compromised ................................ - 12 http://www.marinetraffic.com/ais/ ................................................................ - 12 http://www.sig.ma ......................................................................................... - 13 www.swoogle.umbc.edu ............................................................................... - 15 -

2.3.1 2.3.2 2.3.3

2.4 Comparison Chart for security vulnerability testing of the above mentioned examples. ........................................................................................................................ - 16 3 Chapter 3: Cryptography............................................................................................. - 17 3.1 Cryptography in Semantic Web ........................................................................... - 17 DSA: Digital Signature Algorithm ............................................................... - 18 RSA: Rivest Shamir Adleman Algorithm..................................................... - 19 ECC: Elliptic Curve Cryptography ............................................................... - 20 -

3.1.1 3.1.2 3.1.3 3.2

How Elliptic Curve Cryptography is better than others?? ................................... - 21 Quick Wrap Up on Elliptic Curve Cryptography ......................................... - 24 -

3.2.1 4

Chapter 4: Secure Semantic Web, Ontology Sharing ................................................. - 25 4.1 SECCURE: ECC Toolkit ..................................................................................... - 25 Generate private-public key pair. .................................................................. - 26 Encrypt a piece of text message. ................................................................... - 26 Decrypt a piece of text message.................................................................... - 26 Encrypt a file. ................................................................................................ - 26 Decrypt a file................................................................................................. - 26 Verify the generated signature. ..................................................................... - 27 Share or exchange Public Keys with Deffie-Hellman Key Exchange. ......... - 27 -

4.1.1 4.1.2 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7 4.2

Requirement Analysis and Specifications ............................................................ - 28 Requirement Analysis ................................................................................... - 28 -3-

4.2.1

4.2.2 4.3

Specification of requirement ......................................................................... - 28 -

Site Structure and Design ..................................................................................... - 28 Use Case Diagram: ....................................................................................... - 28 Website Flow Control Diagram: ................................................................... - 29 -

4.3.1 4.3.2 4.4

Website Development .......................................................................................... - 31 Home Page .................................................................................................... - 31 Ontology Repository ..................................................................................... - 31 Tech-Support................................................................................................. - 32 About............................................................................................................. - 32 New User Registration Page ......................................................................... - 32 Users Page ................................................................................................... - 32 Download Request Form .............................................................................. - 33 Upload Request Form ................................................................................... - 33 -

4.4.1 4.4.2 4.4.3 4.4.4 4.4.5 4.4.6 4.4.7 4.4.8 4.5

Testing and Maintenance ..................................................................................... - 34 Testing........................................................................................................... - 34 Maintenance .................................................................................................. - 35 -

4.5.1 4.5.2 5

Chapter 5: Planning Management ............................................................................... - 35 5.1 5.2 5.3 5.4 5.5 5.6 Initial Project Scope ............................................................................................. - 35 Available Resources ............................................................................................. - 35 Project Tasks ........................................................................................................ - 35 Risk....................................................................................................................... - 36 Gantt chart ............................................................................................................ - 36 Management techniques ....................................................................................... - 38 -

Chapter 6: Conclusion and Suggestion for future work.............................................. - 38 6.1 6.2 Suggestion for future work ................................................................................... - 38 Conclusion............................................................................................................ - 38 -

Chapter 7: Appendices ................................................................................................ - 40 7.1 Appendix: Web Pages along with the some important bits of code..................... - 40 HOME PAGE ............................................................................................... - 40 ONTOLOGY REPOSITORY....................................................................... - 43 TECH-SUPPORT ......................................................................................... - 44 ABOUT ......................................................................................................... - 45 NEW USER REGISTRATION PAGE ......................................................... - 46 -4-

7.1.1 7.1.2 7.1.3 7.1.4 7.1.5

7.1.6 7.1.7 7.1.8 8

USERS PAGE ............................................................................................. - 49 DOWNLOAD REQUEST FORM ................................................................ - 53 UPLOAD REQUEST FORM ....................................................................... - 56 -

References ................................................................................................................... - 58 -

Table of Figures
FIGURE 1: SEMANTIC WEB STACK ........................................................................... - 9 FIGURE 2: SCREEN SHOT OF MARINE TRAFFIC WEBSITE, GIVING AWAY CRUCIAL INFORMATION. ...13 FIGURE 3: SCREEN SHOT OF SIG.MA GIVING AWAY CRUCIAL INFORMATION AND COMPROMISING SECURITY. ................................................................................................. - 14 FIGURE 4: SCREEN SHOT OF SWOOGLE: SEMANTIC WEB SEARCH ENGINE ALLOWING ITS USERS TO DOWNLOAD SEMANTIC WEB ONTOLOGY WITHOUT ANY SECURITY...................... - 15 FIGURE 5: SIGNATURE GENERATION AND VERIFICATION FOR DSA ................................ - 18 FIGURE 6: UNDERLYING MATHEMATICAL PROBLEM FOR DIFFERENT PUBLIC KEY SYSTEMS. . - 22 FIGURE 7: NIST GUIDELINES FOR PUBLIC KEY SIZES WITH EQUIVALENT SECURITY LEVELS. .. - 23 FIGURE 8: RUN TIMES FOR DIFFERENT PUBLIC KEY SCHEMES ....................................... - 24 FIGURE 9: USE CASE DIAGRAM ............................................................................ - 29 FIGURE 10: PAGE FLOW DIAGRAM ....................................................................... - 30 -

-5-

Chapter 1: Introduction
1.1 Introduction
The present World Wide Web is heading towards its third stage of evolution. Starting with a basic architecture and design of web pages, having just the static content to display information and hyperlinks to other web pages, which later evolved into a more user centred design with interactive information sharing, a collaborative World Wide Web. Latest research and developments are taking it to its third stage of evolution which is about to take place or rather be said is taking place in this virtual world of WWW, in which the information and content on the web will be understandable and processed by the machines [computers], intelligent agents and web services. The fact which is a matter of concern for all the users of World Wide Web is: Security, Trust and Proof in regard to the services that are offered online. Some of the issues are: 1) Are we 100% sure about the fact, that all our information which is available up there online is safe and secure? 2) Are we 100% sure that whatever we buy online will definitely reach us and we will not become victim to any scam? 3) Are we 100% sure about the facts that we read online on different forums are trustworthy enough to believe them? All the concerns mentioned above triggers another question that, have we achieved such a level of access control and security mechanism which is capable of supporting an entirely new and improved World Wide Web, where machines will be able to take control of every other thing which is available online? Author believes that for the growth and success of semantic web factors like trust, proof, security and encryptions are indispensible in semantic web stack. This dissertation will talk about importance of factors like trust and proof in the semantic web stack. Furthermore, it will present a prototype for secure information interchange for semantic web ontology sharing. To support the prototype presented, use of encryption algorithm is a must, thats why comparison between different available cryptosystems is shown and use of Elliptic curve cryptography is recommended.

-6-

1.2 Thesis Structure

This dissertation is divided in chapters; Second chapter of this dissertation will explain Semantic Web and Secure Semantic Web. It will present its finding for existence of a Secure Semantic Web, by secure the author means: which can be Trusted and there is Proof for every assertion made on it. The author will also talk about Semantic Web Stack and the importance of Trust and Proof layer. And in the third section, the author will present some of the instances from Semantic Web Sites where security has been compromised or can be compromised and will also present a comparison between existing systems and the proposed system. Third Chapter of this dissertation will talk about use of Encryptions and Signatures to make Semantic Web a Secure Semantic Web. Further, to this chapter the author will compare different Encryption Algorithms and will present its findings. In the second section of this chapter the author will talk about Elliptic Curve Cryptography, and will show how Elliptic Curve Cryptography is the best cryptography system available today. Fourth Chapter of this dissertation will present the project design and implementation of a Secure Semantic Web, Ontology Sharing System. The author will showcase its development and usage description. And will also throw light on how this system is better than the existing systems of Semantic Web Search Engines. Furthermore, the author will talk about Secure Semantic Web Information Interchange and use of Encryption to increase Trust and Proof for the end user. Fifth Chapter of this dissertation is on Planning & Management and will present the evidence of project, time and resource management. Sixth and Seventh Chapter of this dissertation will present the suggestions for future work, conclusion and further reading. Appendices will showcase all the coding, UI design with the screenshots of the application designed. Also, there is a CD with the complete code and implementation model. References to all the sources of the research and study can be found in Eighth Chapter.

-7-

2 Chapter 2: Semantic Web and Secure Semantic Web

2.1 Semantic Web
Past two decades have witnessed a technology which has outpaced every other technology on the scale of its popularity, usability, research and development. The same technology has outpaced every other technological revolution, which has ever taken place in the history of mankind. The name of this technology is Web Technology and it revolves around the World Wide Web which was invented by Sir Prof. Tim Berners-Lee when he was working in CERN, Geneva, Switzerland in the year 1990. His original vision was much more ambitious than the present syntactic World Wide Web. He said I have a dream for the Web [in which computers] become capable of analyzing all the data on the Web the content, links, and transactions between people and computers. A Semantic Web, which should make this possible, has yet to emerge, but when it does, the day-to-day mechanisms of trade, bureaucracy and our daily lives will be handled by machines talking to machines. The intelligent agents people have touted for ages will finally materialize. [26] Since, than he and many others are working towards the realisation of this vision and they named it as Semantic Web. In his paper Semantic Web Revisited he says: The Semantic Web is a Web of actionable informationinformation derived from data through a semantic theory for interpreting the symbols. The semantic theory provides an account of meaning in which the logical connection of terms establishes interoperability between systems. [13] The progress is consistent in the direction to achieve web semantics, Organisations like IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium) are putting in serious efforts in standardization of technologies, developing languages and standards for sharing the meaning. Languages and standards like XML, XML Schema, RDF, RDF Schema, OWL, SPARQL are organised in a Semantic Web Stack and they act as a foundation for semantic web. All of these tools and standards play a very important & crucial role in the making of Semantic Web. But, the researchers realised that for the success of semantic web, factors stated above are not enough and the factors like Trust and Security will play a crucial role in deciding the fate of any future technology. They realised that Trust and Proof should be kept on top most layer of Semantic Web Stack and Encryptions should be there across all layers of the stack.

-8-

Figure 1: Semantic Web Stack

http://www.w3.org/2000/Talks/1206-xml2k-tbl/slide10-0.html Source1 http://www.w3.org/2000/Talks/1206

Over the years of research and studies in the field of Semantic Web, all the major research studies and development organisations targeted their research to Web Ontology Language, RDF, XML, etc. Very less work has been done in the area to make Semantic Web Secure and Reliable. There is a lot of scope for research and development in Trust, Proof and scope Encryptions. That is the reason why author opted to work in this field. 2.1.1 Proof and Trust Layer Self-organizing knowledge exchange between users is one of the key motivations for the organizing research and development in Semantic Web Technology. Humans browsing the World Wide nt Web will soon be a history. In the near future with the advent of Semantic Web Technology personal digital agents and application would be able to browse World Wide Web automatically for its master, and would also be able to look for things and take decisions on ter, behalf of its master on the basis of their personal information stored somewhere online. Use

-9-

of Semantic Web Agents and Web Services will demand Proof to develop Trust between the collaborative agents and services. [5][10] But, if something happens which seems strange or unusual to its master, than the master should also be in a position where he can ask for an explanation from his personal digital agent. This is the point where Proof and Trust Layer of Semantic Web Stack comes into use. The decisions taken up by the personal digital agent will be based on the credibility/ user ratings/ reviews etc which will work as proof for the agent to trust the other party. So when the master asks for an explanation the digital agent can right away show all the facts supporting its decision. Let me give you a hypothetical scenario: John and Becky are siblings and have a busy work life in Southampton. Their mother lives with Becky and she is very old, and needs to visit a Doctor quite regularly for her old age health issues. Mother was supposed to have an eye surgery on Tuesday. But the doctors assistant sends an email to Becky and tells her that the doctor would not be able to do the surgery before Friday. But Becky has another problem, her personal digital assistant just told her that she had big official conference to attend on Friday and the only way she can sort this complicated scenario is by asking her brother John to take mother for the eye surgery on Friday. Beckys personal digital assistant sends an email to John with all the details. Johns personal digital assistant reads the mail to John and also tells him that he has not much work to do on Friday and he can take mother to the Doctor. But John queries the assistant about his appointments on Friday. The assistant tells him that, all the appointments are in the evening and are also not very high on his priority list. John asks his assistant to confirm his availability to Becky. Now in the above scenario the personal agents were able to understand all the commands from their masters, and were able to take decision based on the information stored in their personal calendars which are managed online and were also able to justify the assertion made by them. That explains the requirement of Proof and Trust Layer in the Semantic Web Stack.

2.2 Secure Semantic Web

Collection of technologies which enables machines to understand web pages is called Semantic Web. The core idea was to automate every process using intelligent agents on behalf of user. Everything which an actual user used to do will be done by agents like collaborating, invoking web services, understanding the web pages and carrying out activities

- 10 -

such as making reservation, designing vehicles, etc. Semantic web includes technologies such as mark-up languages like XML, semantic based languages such as RDF and ontology description languages like OWL. Contracts are negotiated and activities are carried out using above mentioned technologies. Policies on trust, privacy, integrity, confidentiality are must to ensure secure execution of each operation in the web of semantics. These policies will define the level and type of access permissions that agents have on web resources and will also determine the level of trust that can be put on other agents. Various inference systems have been developed and are in developing process to carry automated negotiations between intelligent agents. Inference system deals with all sorts of processes like deducing new information and posing queries. We also need to examine the inference problem for the semantic web. Inference is the process of posing queries and deducing new information. It becomes a problem when the deduced information is something the user is unauthorized to know. With the semantic web, and especially with data mining tools, one can make all kinds of inferences. Recently there has been some research on controlling unauthorized inferences on the semantic web. Security should not be an afterthought. We have often heard that one needs to insert security into the system right from the beginning. Similarly security cannot be an afterthought for the semantic web. However, we cannot also make the system inefficient if we must guarantee one hundred percent security at all times. What is needed is a flexible security policy. During some situations we may need one hundred percent security while during some other situations some security (e.g., 60%) may be sufficient. [21, 22, 23] Privacy is very closely related to security. The major challenge is sensitive information of individuals should must be protected at all times. Trust management and negotiation are some of the other challenges in front of semantic web research community. This includes determining trust value that one agent can place on other. One suggestion is to use reputation mechanisms for the agents. Maintaining integrity is another challenge. For example, when XML documents are published by third parties, we need to ensure that the documents are authentic and are of high quality. With consistent research initiatives in the field of Semantic Web Research, more and more progress is achieved and better standards for security, trust and proof can be developed to make Semantic Web a success. After securing XML and RDF, next thing on the agenda is to examine security for ontology and interoperation. That implies, security levels may have been attached to the ontology. - 11 -

Some parts of the ontology could be unclassified and certain parts could be secret. The challenge lies in the developing a method or an approach to use this ontology for secure information interchange. In the past, researchers have done some work in the field of secure interoperability of databases. Author suggests that we should revisit that research work and then conclude what else needs to be done, to ensure that the information on the World Wide Web can be managed, integrated and exchanged securely. Security and privacy are very closely related to each other. The issue of privacy control has received a lot of attention in the recent days partly because privacy is a very critical issue for the success of semantic web. For national security reasons privacy plays a very crucial role, certain portion of the document may be open for public access without any privacy and some section may have private information which cannot be open for public access and this issue gives the researchers a reason to find ways to develop a method or an approach which will enable the users to take maximum advantage of the semantic web and still maintain privacy and sometimes anonymity.

2.3 Examples of websites where security can be compromised

2.3.1 http://www.marinetraffic.com/ais/ This websites gives real-time information of all the ships that are in the sea or on the docks worldwide, and also provides all the information like: a) Ship Type b) Country Flag c) Status d) Speed/Course e) Length x Breadth f) Destination g) ETA h) Ship Photos i) Other Details The above mentioned points are very important piece of information, and this online system was developed to monitor and track all the ships online. But, this system is open to everyone and lacks security, thus vulnerable to sea pirates e.g. Somalian pirates can use this system to know about the ship and can hijack the passengers or can loot the ship.

- 12 -

Figure 2: Screen shot of Marine traffic website, giving away crucial information.

This marine traffic websites lacks any kind of security parameters. There is a greater risk of information being hacked or altered. And thus whole system is completely vulnerable to ation being attacked and there is no guarantee, that the information being displayed is correct and is from right source. This system lacks security, and a conventional HTTPS and Secure Socket Layer would not be Secure enough to take care of the system and its security needs, reason being HTTPS & SSL only provide the end to end security, there is a greater risk of information being hacked or altered in transit. Thus a better security mechanism such as Digital Signature and Encryption mechanism mechanism is required. 2.3.2 http://www.sig.ma http://Sig.ma is a tool to explore and exploit the Web of Linked Data. At any time, information in Sigma is likely to come from multiple, unrelated Web sites potentially any unrelated web site that embeds information in RDF, RDFa or Micro formats (standards for the Web of Data). Sig.ma can be used in 3 main ways: 1) As a Web of Data browser: start from any entity and then click to another from the As resulting page. Remember you are browsing a network of mashups, quite a unique ting thing. It might be noisy but you can spot gems, e.g. interesting description differences in different sources. - 13 -

2) As an embeddable/linkable widget: create a Sigma, refine it and when youre ready to paste it around in emails and twits or embed it on your blog. Sigmas are data live: if one of your selected sources updates its information, so will your Sigma be updated wherever it shows. 3) As a semantic API: retrieve entity descriptions and specific properties. For example picture, phone@Giovanni Tummarello, ready to consume, in JSON, in RDF. [17]

Figure 3: Screen Shot of Sig.ma giving away crucial information and compromising security.

This online system also lacks any kind of access control measures. When the user search for any strings of words on this Semantic Mash-up Search Engine, they get all the information from various secured and unsecured sources and that too without any type of access control on the flow of information. User being a black hat hacker can misuse the same information to carry out various other evil practices. It can be act as a good source of information on practically almost anything for doing Social Engineering for the black hat hackers. Identity theft, Information leak are some of the possible threat. Thirdly the source of information which is being mashed-up to the other sources, there is no guarantee of information being correct and accurate. The information is automatically collected by RDF tag linking. Thus, the information can be inaccurate or from a weak source which can be potential target of being hacked. Thus the end user cannot trust the information given on the www.sig.ma. - 14 -

2.3.3 www.swoogle.umbc.edu This is a Semantic Web Search Engine, it crawls the World Wide Web for special class of document written in RDF. Provides features like searching Semantic Web Ontology, Instance Data, Terms. However, no security is applied to system. It enables you to download ontology, but there is no guarantee that you will get what you asked for. The author means that when you click on an ontology file to download, there is no 100% surety that the file you have received is the one you requested. Moreover, the website also doesnt maintain any record of the user details of downloads.

Figure 4: Screen Shot of Swoogle: Semantic Web Search Engine allowing its users to download Semantic Web Ontology without any security.

- 15 -

2.4 Comparison Chart for security vulnerability testing of the above mentioned examples.
Security Vulnerability Tests Secure login Marine Traffic http://www.marinetraffic.com/ais/ Not available Swoogle http://swoogle.umbc.edu Yes to access more results basic login is provided. But is prone to Sql Injection Attacks. SSL Enabled. www.Sig.ma Secure semantic Web Ontology sharing Yes a secure login is provided. And is safe from Sql Injection Attacks. SSL doesnt provide end to end security that is why author recommended the use of Encryptions. Secure Login, Secure Encryption Tools and Admins Permission for every upload & download request plays a crucial role in making sure that none of the info or service could be misused.

Not available

SSL

Not Found

Not Found.

Identity Theft

Easy Access to Sensitive Information. Pirates can use the same system for hijacking ships and stealing from cargo shipments.

Easy access to a huge collection of Ontologies which could be used to steal sensitive information. These ontologies can be used extract very critical information from other sources of information.

Information Security

No Security, anyone can access it and take away sensitive information about ships, cargo, tankers etc. Anyone can post wrong information about the ships with a little tweaking with the system. The system is completely open for any kind of security compromise.

Basic security but Anyone can download or access Semantic web Ontologies, which could have sensitive information stored in them.

This system will allow its user to get all sort of information regarding any search keyword. It uses the technology of intelligent mash up but has no security. Hence can be used for any purpose. Can be misused by terrorists. No security, completely open mashup. Anyone can access lots of information about almost anything. Anyone can link fraud or wrong information using RDF tags, and thus no one can trust the information. Not Found

ECC & Secure Login provides a full proof mechanism & gives secure Access to the services. User can view the Ontology Collection and other pages but cannot download or upload any ontology until unless he signs in as Authentic User. Secure Sessions are used to make sure of URL Security and Page flow Security.

Secure Sessions

Not Found

Secure sessions are in use to provide page flow security & URL Security. But as the login is prone to SQL Injection attacks, thus sessions are of no use.

Table 1: Comparison Chart

- 16 -

3 Chapter 3: Cryptography
3.1 Cryptography in Semantic Web
World Wide Web is an open system, where people interact with services, application, web pages, look up for information, and social networking. Now, this giant gigantic web is taking up another giant leap to completely revolutionize the entire system of people centred web interaction. This new system is Semantic Web, which is a highly connected web of linked data where machines can understand and process the web content. But, with power comes the responsibility. Responsibility of making sure that everything on this super powerful web works perfectly, and to make sure of that none of responsibilities is neglected, key properties such as Cryptography, Trust and Proof will play a very crucial role. In the previous sections the author has talked about Trust, Proof and Security. Now, in this section the author will talk about Cryptography which plays a very important part in ensuring the security. Cryptography has been kept alongside of all the layers in semantic web stack, the researchers and developers knew its importance is all across the entire of infrastructure of Semantic web. These include XML, RDF, agents, the infrastructures as well as the information management and data management technologies. We also need to ensure that security is preserved when integrating the technologies. For example, one needs proper access to the XML documents. Furthermore, these documents need to be encrypted for some applications. The agents that carry out the processing have to communicate securely. Various security technologies for the web do exist at present. These technologies have to be evaluated for the semantic web. We also need to incorporate security semantics into semantic interoperability. The various logics being developed for the semantic web need to be examined and security properties have to be incorporated. [21] Public key cryptosystem has developed quickly since it was purposed by W.Diffie and M.Hellman in 1976. As we know, at the foundation of every cryptosystem is a hard mathematical problem that seems infeasible to solve. People have been suggesting the different complicated problems to establish the public key cryptosystem. The techniques of the public key cryptosystem are classified into three classes: (1)based on the integer

factorisation, such as the popular RSA(Rivest, Shamir, Adelman), (2)based on the discrete log, such as DSA ( Digital Signature Algorithm 1, DH ( Diffie-Hellman ) ,(3)based on the elliptic curve, such as ECDH ( Elliptic Curve Difie-Hellman. ). The security degrees of all the techniques are based on the hardness of mathematical problems. - 17 -

Now, to make sure that the best of level of security infrastructure for semantic web, the best of the best cryptosystem should be used. The author will now present a brief detail about all the cryptosystems and will also show a comparison chart. 3.1.1 DSA: Digital Signature Algorithm The Digital Signature Algorithm (DSA) is a standard by United Stated Federal Government (FIPS) for digital signature. NIST (National Institute of Standards and Technology) proposed it in Aug1991 for use in their Digital Signature Standard (DSS), and specified it in FIPS 186 and later adopted it in 1993. It was later revised in 1996 as FIPS 186-1. The same standard was later expanded and revised further in year 2000 as FIPS 186-2 and in 2009 as FIPS 1863. Electronics analogue of a written signature is a digital signature; to provide assurance that the claimed person (signatory) has signed the information using digital signature. It also enables us to detect that, whether or not information was modified after it was signed. To meet the requirements of the standard and to provide the services it is must for the digital signature to be implemented properly.

Figure 5: Signature Generation and Verification for DSA

A digital signature algorithm includes a signature generation process and a signature verification process. A signatory uses the generation process to generate a digital signature on data; a verifier uses the verification process to verify the authenticity of the signature. Each - 18 -

signatory has a public and private key and is the owner of that key pair. As shown in Figure 5, the private key is used in the signature generation process. The key pair owner is the only entity that is authorized to use the private key to generate digital signatures. In order to prevent other entities from claiming to be the key pair owner and using the private key to generate fraudulent signatures, the private key must remain secret. The public key is used in the signature verification process (see Figure 5). The public key need not be kept secret, but its integrity must be maintained. Anyone can verify a correctly signed message using the public key. For both the signature generation and verification processes, the message (i.e., the signed data) is converted to a fixed-length representation of the message by means of an approved hash function. Both the original message and the digital signature are made available to a verifier. [8] 3.1.2 RSA: Rivest Shamir Adleman Algorithm In cryptography, RSA was the first algorithm which gained large scaled popularity for being perfectly suitable for both encryption and signing, and was the first great advancement in the field of public key cryptography. It was developed by the trio of Rivest, Shamir and Adleman and named after their initials. It is used almost everywhere in e-commerce protocols, and it is believed that, if sufficiently long keys and up-to-date implementation methods are used than it is among one of the most secure and powerful Public Key Cryptosystem. The unique feature of RSA Cryptosystem which brought a change was that, even after publicly re-veiling an encryption key was no more considered a threat and will therefore does not reveal the corresponding decryption key. This had two very important consequences: 1. Other means of secure communication like couriers and postal mails were no longer required to transmit keys, because a message can now be enciphered using encryption keys which were revealed by the intended recipient. And, the best part is that only he can decrypt the message, since he is the only person who knows the corresponding decryption key. 2. A message can be signed using the decryption key held privately, and anyone who wants to verify the signature can do that using the corresponding encryption key which is publicly revealed to everyone. Signatures provided a full proof assurance as now they cant be forged and a signer cannot deny the validity of his signature. This new cryptosystem had very huge impact in e-mail and e-funds transfer systems.

- 19 -

A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e.d1 (mod (p-1).(q-1)). The security of the system rests in part on the difficulty of factoring the published divisor, n. [16, 18] 3.1.3 ECC: Elliptic Curve Cryptography There are many drawbacks in current encryption algorithms in respect of security, real-time performance and so on, and researchers are presenting various algorithms. Among them, the Elliptic Curve Cryptography (ECC) is evolving as an important cryptography, and shows a promise to be an alternative of RSA. Small size, high security and other features characterize ECC. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. [15, 11, 9, 1] Actually ECC is a kind of cryptography where an abelian group has been used to implement the Diffie-Hellman key passing scheme, and the ElGamal public key cryptosystem and signature schemes. The ECC relies upon the hardness of the Elliptic Curve Discrete Log Problem (ECDLP). [15] Consider the abelian group E of rational points. ECDLP is to determine the integer k, which can let k*P = Q(P,Q is the given points on E). More specifically, n*P=P+P+ ...+ P=8 (point at infinity) Where n is a prime. Obviously, k<n, and if k and P is given, Q can be found easily. On the other hand, it is difficult to get k even if P,Q are known. This is the hardness of ECDLP. It is believed that the usual discrete log problem (DLP) over the multiplicative group of a finite field and ECDLP are not equivalent problems, and that ECDLP is more difficult than DLP. Now an ECC process of the ElGamal public key cryptosystem is explained as a example: Firstly, a specific point P on the curve E is selected and published as a part of public key. Secondly, the user (denote: A) of private key will proceed the following operations: A private key K is selected as a random integer, k<n. The value Q = k*P is calculated, (E, P, n, Q) as the public key is published. Thirdly, the one who wants to send message m to A (denote: B) should: - 20 -

Get As public key. Embed m in E and denote it as Pm. A random integer d is selected, d<n. Search for the point (x2, y2) = d*Q until x2=0. The value d*P and Pm+d*Q is calculated, (d*P, Pm+d*Q) is sent as an encrypted message. Finally, when A receives the encrypted message, he will: Using private key k, calculate k*d*P=d*(k*P) = d*Q. Get the message by calculating Pm = (Pm+d*Q)-d*(k*P). [15]

The purpose of any public key cryptosystem is to maintain the security and integrity of the resources, avoid the attack of any people, any event, etc. while the anti-attack performance of the algorithm assures its security. In 6th International Cryptography Conferences in Jan.2000, ECC as well as RSA were the only two algorithms that were recommended. Actually in the term of security, ECC provides the highest strength per bit among all the cryptosystems.

3.2 How Elliptic Curve Cryptography is better than others??

ECC holds the key to next generation of cryptography as stated by Certicom Corporation and NIST, NSA. [8, 20, 27] These are few of the statics which make Elliptic Curve Cryptography the best choice for next generation of cryptography. All the figures stated below are from NIST: National Institute of Standards and Technology.

- 21 -

Figure 6: Underlying Mathematical problem for different Public Key Systems.

Figure 6 above tells us about the underlying mathematical problem for different public key systems. These are the industry standard for public key cryptosystems and are commercially viable, secure and efficient. They are based on different types of mathematical problems like RSA is the best example of Integer Factorization Systems, DSA is based on Discrete Log and ECC is based on the toughest of all problems i.e. Elliptic Curve.

- 22 -

Figure 7: NIST Guidelines for Public Key Sizes with Equivalent Security Levels.

Figure 7 showcases NIST Guidelines for Security levels with equivalent Public Key Sizes. Among all of them ECC i.e. Elliptic Curve Cryptography is a clear winner, it is able to offer highest amount of security bits at minimum public key size, DSA and RSA are on equal terms with each other. NIST has issued strict recommendations that 128-bit protection is necessary to achieve relatively lasting security (to the year 2036 and beyond). That means shifting to AES from 3DES. To avoid compromising the security of the system, National Institute of Standards and Technology FIPS 140-2 standard clearly states that security keys for symmetric ciphers like AES must match to the strength by public-key algorithms like RSA and ECC. As you can see in the table above, while ECC key sizes are scaling linearly, RSA key sizes do not. That resulting into the gap between systems and will grow as the key sizes increases. This is especially relevant when 512 bits of key size of ECC is compared to 15,360 bits of RSA key size to implement AES of 256-bit security. - 23 -

Figure 8: Run Times for different Public key Schemes

Two major benchmarks of comparing these cryptosystems are Security and Efficiency. The security of these systems depends on the level of hardness of the underlying mathematical problems. Above mentioned three different cryptosystems are based on three different underlying mathematical problems and can only solved by three unique methods. Fully exponential is the best way to solve ECC i.e. Elliptic Curve Discrete Log Problem. And thus, it is able to deliver the best security/bit of any Public Key Cryptosystem. 3.2.1 Quick Wrap Up on Elliptic Curve Cryptography As the author just showed how Elliptic Curve Cryptography is an extremely efficient compact algorithm, and how it makes very few processing demands on devices with resource constraints in comparison to RSA. Plus, it is a standardized cryptosystem, and it also ensures

- 24 -

interoperability between devices. And, it answers manufacturers' concerns about reliability as being a well-researched and proven system. In the end, benefits of ECC are many: linear scalability, a small software footprint, low hardware implementation costs, low bandwidth requirements, and high device performance. For the reasons above, ECC has gained a lot of support from a number of leading companies and also received a strong validation from National Security Agency. It is very clear that security is an essential component of World Wide Web and Semantic Web. As the points stated above has shown, ECC is a superior algorithm to all the other alternatives when it comes to enabling that security. And as it offers the highest strength-perbit of any other public-key cryptography system, there is no doubt that ECC is the best choice for cryptography layer in Semantic Web Stack.

4 Chapter 4: Secure Semantic Web, Ontology Sharing

This chapter will exhibit the work of the author in order to present a web based system which is capable of sharing Semantic Web Ontology but subsequently making sure of crucial factors like Trust, Proof and Cryptography. This system will exhibit the use of Elliptic Curve Cryptography to ensure that Trust and Proof in Semantic Web Ontology Sharing. Elliptic Curve Cryptography was implemented with the help of a very powerful and important toolkit SECCURE. It stands for Secure Elliptic Curve Crypto Utility for Reliable Encryption.

4.1 SECCURE: ECC Toolkit

SECCURE is free software published under the GNU General Public License (GPL). The SECCURE toolset implements a selection of asymmetric algorithms based on elliptic curve cryptography (ECC). In particular it offers public key encryption /

decryption, signature generation / verification and key establishment. To my best knowledge none of the implemented algorithms and crypto graphical schemes

(ECDH, ECIES, ECDSA, AES-CTR, SHA256, SHA512) is covered by software patents (see the Patent statement). All the named algorithms and all underlying elliptic curves (standardized by NIST and SECG) are considered cryptographically secure

nowadays. SECCURE received two security audits by the Debian auditing team in August 2006, none of them detecting a problem.[14] - 25 -

SECCURE Use Description [14]: SECCURE can also be found out at SECCURE Website i.e. http://www.point-atinfinity.org/seccure. SECCURE can be used to do following things: 4.1.1 Generate private-public key pair.

$ seccure-key

Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn

4.1.2 Encrypt a piece of text message.

$ seccure-encrypt -o private.msg '8W;>i^H0qi|J&$coR5MFpR*Vn' Assuming MAC length of 80 bits. Go ahead and type your message ... This is a very very secret message! ^D

4.1.3 Decrypt a piece of text message.

$ seccure-decrypt -i private.msg Assuming MAC length of 80 bits. Assuming curve p160. Enter private key: my private key This is a very very secret message! Integrity check successful, message unforged!

4.1.4 Encrypt a file.

$ seccure-key

Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn $ seccure-encrypt -i file.owl -o file.enc '2D*~@S|:iXX.8HHY;kYBy*E>n'

4.1.5 Decrypt a file.

$ seccure-key

- 26 -

Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn seccure-decrypt -o filename.enc Enter the Private Key: my private key

4.1.6 Verify the generated signature.

$ seccure-sign Assuming curve p160. Enter private key: my private key Go ahead and type your message ... This message will be signed ^D Signature: $HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq $ seccure-verify '8W;>i^H0qi|J&$coR5MFpR*Vn' '$HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq' Go ahead and type your message ... This message will be signed ^D Signature successfully verified!

4.1.7 Share or exchange Public Keys with Deffie-Hellman Key Exchange.

$ seccure-dh Assuming curve p160. Pass this key to your peer: 6cuC+ODUT5%uPnS<0HR*<F6X( Enter your peer's key: Ap]_BBbK>3hZjKr<#W+BX-z-7 Established key: $$b|qzU0~1y/f Verification key: %#R.Fc+q>a1]v $ seccure-dh Assuming curve p160. Pass this key to your peer: Ap]_BBbK>3hZjKr<#W+BX-z-7 Enter your peer's key: 6cuC+ODUT5%uPnS<0HR*<F6X( Established key: $$b|qzU0~1y/f Verification key: %#R.Fc+q>a1]v

Further to the project design, this project will follow the website development life cycle. In WDLC the steps are: Step 1: Requirement Analysis Step 2: Specification of Requirements Step 3: Site Structure and Design Step 4: Website Development - 27 -

Step 5: Testing and Maintenance

4.2 Requirement Analysis and Specifications

4.2.1 Requirement Analysis This web based system will be able to demonstrate the authors work on Secure Semantic Web-Ontology Sharing. The targeted users for this website are University Students, Researchers and Developers. The sole aim of this website will be to provide a web based system, where its users can share (upload and download) semantic web ontology, but the thing which makes it different from the other existing similar systems like www.swoogle.umbc.edu and www.dbpedia.org is that this website will make sure of the security and will ensure Trust of the user. This website will give necessary guidelines to its registered users on how to securely encrypt there ontology using the best crypto system i.e. Elliptic Curve Cryptography and use of a toolkit SECCURE: Secure Elliptic Curve Crypto Utility for Reliable Encryption. This website will further explain the method of downloading and decrypting the ontology. The website will have pages for new user registration, user login, ontology repository, ontology upload request and download request. The website will be developed using PHP and the backend will be on MySQL. 4.2.2 Specification of requirement Web Development Language: PHP 5.3.0 Web Design: CSS/HTML Back End: MySQL 5.1.36 Web Server: Apache Tomcat 2.2.11 Platform: Linux and Windows (SECCURE only on LINUX) Targeted User: Students, Researchers and Developers Services: New User Registration, User Login, Ontology Archives, Upload/Download Request, Encryption/Decryption Method, Use of SECCURE toolkit for Elliptic Curve Cryptography. Website Security: Use of Sessions, Secure User Login, SQL Injection and Cross Site Scripting proof.

4.3 Site Structure and Design

4.3.1 Use Case Diagram: Use Case diagrams are used to depict the real-time scenario, which will be witnessed every time a user uses the website. The actors or the players involved are USER and ADMIN. The system boundary defines the limits of the websites. Each and every bubble represents a webpage or its function. The cloud shows the process that is likely to take place on that page.

- 28 -

Some bubbles are linked to each other and they show a connected flow of pages for example Download Instruction page is connected to download request form.

System Boundary

HOME

Browsing Ontologies Technical Information

Updating the Ontology Files

Ontology Repository

Tech Support

Register New User

Login Guidelines for SECCURE Secure Login

Download Instructions

Download Request Form

SECCURE USER
Upload Instructions

Upload Request Form

ADMIN

Guidelines for SECCURE

Figure 9: Use Case Diagram 4.3.2 Website Flow Control Diagram: Website flow control diagram is used to present the flow and connection between the web pages. The connections between the web pages can be uni-directional and bi-directional. Here, in the diagram below all the web pages have been represented with blocks, and the connection among them are represented with a line.

- 29 -

Home Page

Ontology Collection

Tech-Support New User

About Me Login/Sign In

Use SECCURE to generate Public Key

Use SECCURE to Encrypt the Upload File

Download Instructions & Request Form

Upload Instructions & Request Form

Decrypt the file using Private Key

Logout/Signout

Figure 10: Page Flow Diagram

- 30 -

4.4 Website Development

The sole aim of the author for developing this website is just to demonstrate the Secure Semantic Web, Ontology Sharing System. The website will allow its users to visit the website at this address: http://www.raman.byethost13.com. The website has many pages, each with a specific function which is associated to the next and all of them have been described below along with a screen shot of each and every page. Use of SECCURE toolkit is also explained in the website, as that toolkit will be used to provide the best crypto system to ensure the security of the ontology exchange that will take place on this website. The major constraint is the toolkit can only be used in Linux Environment. So, the user has to be on Linux platform to use this toolkit for encryption or decryption. There is no other version of this software which could be used on Windows platform. There are lot of Linux O/S which are available free for download, to name a few Ubuntu 10.04 http://www.ubuntu.com/desktop/getubuntu/download and Backtrack 4 http://www.backtrack-linux.org/downloads/. 4.4.1 Home Page Home page will welcome all the users. Give a brief introduction to the purpose behind this website, and will present the authors view point on the need of Secure Semantic Web, Ontology Sharing. The home page will also allow its new users to register themselves, to get the privilege to share (upload and download) semantic web ontology. The users who have already registered themselves can login and use the other features which will be described later in the other sections. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, and c) Contact the Author. Kindly refer to appendix 7.1.1 for web page design and code. 4.4.2 Ontology Repository This webpage will showcase all the Semantic Web Ontology, which are presently stored in the Databases of this website. Along with the names of the semantic web ontology, a brief description about them and a link to the original source is also provided. If a user likes to download any of the Ontology Files, he first needs to register himself with the website, and all the other instructions to download will then be provided to him. If a user wants to contribute and share his ontology, the user will still need to register and login, to get further instruction on uploading the semantic web ontology. Ontology Repository page will be regularly updated by the admin, as and when new ontology is submitted by the users. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search - 31 -

Engines, c) Login, d) Register New User and e) Contact the Author. Kindly refer to appendix 7.1.2 for web page design. 4.4.3 Tech-Support The tech-support page will give the basic technical information about following things: a) Purpose of website, b) Security, c) How to download the Ontology file, d) How to upload an Ontology file, and e) Necessity of user being on Linux/Unix platform. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Login, d) Register New User and e) Contact the Author. Kindly refer to appendix 7.1.3 for web page design. 4.4.4 About About me page will give an insight into the authors profile, his interests and activities and contact information for feedback and suggestions. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Register New User and d) Contact the Author. Kindly refer to appendix 7.1.4 for web page design. 4.4.5 New User Registration Page If a user wants to register him/her self with the website, to benefit from all the features like downloading and uploading semantic web ontology, he can get to this page by clicking on New User tab on the top right corner of the page. The page consists of a really small form asking just for very basic information from the user like a) Username, b) Password, c) Full Name, d) Occupation and e) Country. Kindly refer to the appendix 7.1.5 for web page design and code. 4.4.6 Users Page If a registered user wants to share (Upload or Download) semantic web ontology, from or to this website, he/she will have to login with their unique user id and password. After login he/she can get to this Users page where detailed instructions are provided about the steps involved during Upload and Download of semantic web ontology file. A like to SECCURE toolkit is also provided and installation instructions are also given alongside. The user is asked to first download and install SECCURE toolkit from http://point-at-

infinity.org/seccure/. After that user is asked to generate its Private and public key pair and store it in a safe location. Links to the Download/ Upload Request Forms are also given on the same page. The Admins public key also shared with the user on the same page, so that in case of semantic web ontology upload the user can encrypt the his file with the Admins public key. So, that only admin can see ontology file. This webpage also allows its user to a) - 32 -

Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to appendix 7.1.6 for web page design and code. 4.4.7 Download Request Form Download request form allows the registered user to request the admin for the download link to selected semantic web ontology file of users choice. But to make sure of security and enhance users trust in the download process involved. A small form is presented in which the user needs to fill in following details: a) Username, b) Email Add, c) Public Key, d) Ontology Name and e) Purpose. On press of submit button the request of the user is added to admins task list. Admin than consider the download request and Encrypts the requested ontology file with users public key. Later a unique and secure FTP download link is emailed to the user on the provided email address. This process is given a buffer time of 24Hours, because each and every time a new file will be encrypted for all the requests received at the admins end. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to appendix 7.1.7 for web page design and code. 4.4.8 Upload Request Form If a registered user is willing to make a contribution to the archives of this website with his semantic web ontology file, he is very much welcomed and thus an upload request form is also included in this website. On this page the user is presented with a small form to fill in few details and upload the encrypted semantic web ontology file. But the user can only upload an exclusively encrypted semantic web ontology file and is encrypted with the admins public key which is given on the Users main page. In the small form provided the user is asked to fill in some very simple details which are as follows: a) Ontology Name, b) Ontology Description, c) User name, d) Email add, e) File Browse/ Upload. The user is asked to browse to the encrypted semantic web ontology file from his system and upload it using the submit button. On submit the request to upload will be added to the admins task list. The admin will then decrypt the file and then the admin will check the semantic web ontology file and if everything is fine it will uploaded and added to the website ontology archives. An acknowledgement mail will the sent to the user on the email id provided. This webpage also allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to appendix 7.1.8 for web page design and code.

- 33 -

4.5 Testing and Maintenance

4.5.1 Testing Testing is very crucial in terms of making sure the adequate functioning of the proposed system. Testing should be an approach to find maximum errors in a system, thus resulting in finding out all the scopes of improvement in the system. This website has been thoroughly and rigorously tested to ensure the smooth functioning of the website. The security of the website is also tested and all the best web development practices have been used in developing this website. Use of secure sessions, unique login-id credentials and strong emphasis is given to make the website safe from Sql Injection Attacks and Cross Site Scripting Attacks. All the forms and functions have been thoroughly tested by the author. The new user registration form, login form, download and upload request form all of them have been tested rigorously both offline and online. Users are allowed to upload the file with .enc extensions only and no other file type is supported by the upload form. If any glitch or bug is found, kindly report it to the admin on ramandgr88@gmail.com. Following tests were conducted, to ensure adequate functioning of the proposed system:
TESTS Functionality Testing 1) 2) 3) 4) Usability Testing 1) 2) 3) Interface Testing 1) 2) Compatibility Testing 1) 2) 3) TEST CASES Checking All The Links In Web Pages Database Connections Testing Forms Cookies Testing Navigation Testing Content Checking User Information Application Server Interface Database Server Interface Browser Compatibility O/S Compatibility Mobile Browsing RESULTS Successfully Tested: Perfect Successfully Tested: Perfect Successfully Tested: Perfect Successfully Tested: Perfect Successfully Tested: Perfect As per W3C & WCAG Standard As per W3C & WCAG Standard Byethost Control Panel: Good Byethost Control Panel: Good Chrome/Mozzila/IE: Perfect Linux Only Web Browsing : Yes SECCURE is only on Linux Security Testing 1) 2) 3) 4) Testing Internal URL without Login SQL Injections Web Directory Invalid Inputs Secured Using Sessions Secured (special characters not allowed) Secured (secure sessions) Secured (not allowed)

Table 2: Testing Results

- 34 -

4.5.2 Maintenance Maintenance is a continuous and never ending process, and it goes on till the system is in use. This website was developed and will be maintained solely by the author, who is also the admin of the website. With time the website is expected to grow. The user database, ontology archives will grow with time, and thus a continuous maintenance will go on.

5 Chapter 5: Planning Management

5.1 Initial Project Scope
Initially the project was aimed to use some kind of encryption methodology to secure the semantic web ontology and then to store it into RDF Triple Store. However, later on the author realised that encrypted ontology cant be stored into a RDF Triple Store, as the internal format of ontology get completely converted into cipher text and hence cant be recognised by the RDF Triple Store. Than after careful consideration of all the aspects associated with the project and discussion with group monitor the project was aimed to deliver a Secure Semantic Web, Ontology Sharing System.

5.2 Available Resources

At the start of the project, the available resources to guide the author were just the few lecture notes from Prof. Nigel Shadbolts Lecture, Some literature in form of books and papers on Cryptography, Semantic Web and Secure Semantic Web and some papers written by the author himself in the previous semesters in the field of Secure Semantic Web and Secure World Wide Web.

5.3 Project Tasks

This M.Sc. dissertation project presented lots of tough challenges to the author. The very first challenge was to do extensive reading and literature review on as much literature that can be found on the topic. As this topic is relatively new to the other aspects of semantic web, which made it lot harder for the author to find relevant work. The second challenge came in form of learning and understanding cryptography, luckily the author was able to find some books on cryptography and some online literature which helped him to opt for Elliptic Curve Cryptography. But the real challenge starts here, Elliptic Curve Cryptography deals with the toughest mathematical problem i.e. Elliptic Curve Discrete

- 35 -

Logarithm Problem. It took a fair amount of time for the author to understand Elliptic Curve Cryptography. The third challenge was to implement Elliptic Curve Cryptography onto the Semantic Web Ontology Files. This task can be further sub-divided in learning and understanding ECC toolkit. Elliptic Curve Cryptography toolkit used is SECCURE. But using this toolkit presented another challenge to author i.e. the toolkit can only be used on Linux Platform, which further lead the author to learn UBUNTU 10.04. Fourth challenge was to store the encrypted ontology into the RDF Triple Store, which later became a hurdle as the semantic web ontology file cant be recognised by the triple store after encryption as everything in that file has been converted into cipher text (as mentioned earlier). This hurdle was later sorted out with the help and guidance of the group monitor, who suggested the author to use an ontology sharing website to present the securely encrypted ontology files. Fifth and final challenge was the biggest problem which came after a month of final submission. But it also gave an opportunity to the author to improvise his previous work and present the work with more sophisticated results, comparison charts and improved website. Before making this final submission author make sure that all the short coming have been taken care adswhich were there in the previous submission.

5.4 Risk
During the middle of the project authors bad health was a major threat, as substantial amount of time was wasted in recovering. To compensate for the time loss, author devoted extra time on the project in the weeks after recovery. The second risk was posed when the author found out that the encrypted files cannot be stored into RDF triple store. Later on after discussion with the group monitor, a way out was found.

5.5 Gantt chart

Initially at the time of starting the project Gantt chart was planned and designed while keeping all the tasks and activities in mind. The difficult tasks and activities like literature review, studying access control mechanism and encryption mechanisms were given more time.

- 36 -

But, later on some tasks took more time than expected like learning Linux environment, RDF Triple Store Problem and health issues affected the planned schedule. However, author made every possible effort to meet the deadlines and to attend all the scheduled meetings with the monitor and supervisor. After the submitting the dissertation officially for the first time, the author was advised to do some more work, to further improve the proposed system and present it in a better way to the examiners. Which added another 7 weeks to the project schedule, thus the final Gantt Chart of the project plan as follow:

- 37 -

5.6 Management techniques

MSc IS system was of great help in managing the project. It helped in keeping the author aware of his peers; managing meetings with monitor and supervisor; milestones and tasks were set to meet the deadlines on time. Author also used his Personal Digital Assistant in managing the scheduled tasks. A log book was also maintained by the author to keep minutes from the monitor and supervisor meeting.

6 Chapter 6: Conclusion and Suggestion for future work

6.1 Suggestion for future work
This website is just the first step towards the making of Secure Semantic Web, a lot more can be done but due to time constraint of three months, only this much was feasible. For future work the author would recommend its readers the following things: a) Work on integration of Elliptic Curve Cryptography into Semantic Web Stack. b) Work on SECCURE Toolkit to be available for Windows platform. c) Work on integration of SECCURE toolkit into Semantic Web Ontology IDEs like Protg 4.1. d) A secure encryption mechanism or access control mechanism can be developed exclusively for RDF triple store.

6.2 Conclusion
In this M.Sc. Dissertation Project Report the author presented a successful demonstration of Secure Semantic Web, Ontology Sharing System. In this project the author emphasised on the importance of Security in Semantic Web. The author also talks about importance of factors like Trust, Proof and Cryptography in Semantic Web Stack. Author also presented his findings on different crypto systems like RSA: Rivest Shamir Adleman, DSA: Digital Signature Algorithm and ECC: Elliptic Curve Cryptography. Author finds out that Elliptic Curve Cryptography is the best crypto system available today and should be exploited in the benefit of a Secure World Wide Web and a Secure Semantic Web. The use of SECCURE toolkit was definitely an advantage towards the successful completion of project on time. SECCURE introduced the easiest possible way to deal with the strongest crypto system which is based on the most difficult mathematical problem i.e. Elliptic Curve

- 38 -

Discrete Logarithm Problem. All the commands were easy to understand, learn and implement. Overall the MSc Dissertation project was delivered on time, with all the results & successful demonstration. This project has greatly enhanced the authors understanding, about Semantic Web and Importance of Layers like Trust, Proof and Cryptography in Semantic Web Stack. It also gave an opportunity to the author to investigate web design packages such as Adobe Dreamweaver CS3, WAMP 2.0, Elliptic Curve Cryptography Toolkit: SECCURE and Linux based Operating System: UBUNTU 10.04.

- 39 -

7 Chapter 7: Appendices
7.1 Appendix: Web Pages along with the some important bits of code
7.1.1 HOME PAGE

CODE for the Home Page: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Homepage</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <div id="wrap"> - 40 -

<div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p> </div> </div> <div id="menu"> <ul> <li id="current"><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Login</h1> <form action="download_upload.php" method="post"> <p> <label>Username</label> <input name="username" value="Your UserName" type="text" size="20" id="username"/> <label>Password</label> <input name="password" value="Your Password" type="password" size="20" id="password"/> <br /> <br /> <input class="button" type="submit" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> - 41 -

<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Secure Semantic Web </h1> <p><strong>Semantic Web</strong><strong>"</strong>is a group of methods and technologies to allow machines to understand the meaning - or "semantics" - of information on the World Wide Web. The term was coined by <strong>World Wide Web Consortium (W3C)</strong> director <strong>Tim Berners-Lee</strong>. According to the original vision, the availability of machine-readable metadata would enable automated agents and other software to access the Web more intelligently.<br /><br /> The agents would be able to perform tasks automatically and locate related information on behalf of the user. While the term "Semantic Web" is mainly to be used to describe the model and technologies proposed by the W3C. These technologies include the <strong>Resource Description Framework (RDF)</strong>, a variety of data interchange formats (e.g. RDF/XML, N3, Turtle, N-Triples), and notations such as <strong>RDF Schema (RDFS)</strong> and the <strong>Web Ontology Language (OWL)</strong>, all of which are intended to provide a formal description of concepts, terms, and relationships within a given knowledge domain.Many of the technologies proposed by the W3C already exist and are used in various projects.<strong>"<a href=http://en.wikipedia.org/wiki/Semantic_Web> [1] </a></strong><br /><br /> <strong>Security</strong> has always been considered as a key concern, by all the research scientists who are working in the field of <strong>Semantic Web</strong>. That is why factors associated with the Security of Semantic Web like Trust, Proof, Encryption, Signatures has been kept on top most layer of <a href="http://en.wikipedia.org/wiki/Semantic_Web_Stack#Overview">Semantic Web Stack</a>. This website demonstrate a step towards the making of a <strong>Secure Semantic Web</strong>.</p> <p>Semantic Web revolves around the <strong>Ontologies</strong> and <strong>RDF Triples</strong>, and there are lots of web forums and communities which provides ready to use Ontologies. Which means that you are free to use and modify it for any purpose.</p> <p class="post-footer align-right"> <a href="http://en.wikipedia.org/wiki/Semantic_Web" class="readmore">Read more</a></p> </div> </div> <div id="footer"> <p> &copy; 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a - 42 -

href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="index.php">Home</a>&nbsp;|&nbsp; </p> </div> </div> </body> </html> 7.1.2 ONTOLOGY REPOSITORY

- 43 -

7.1.3 TECH-SUPPORT

- 44 -

7.1.4 ABOUT

- 45 -

7.1.5 NEW USER REGISTRATION PAGE

CODE for NEW USER REGISTRATION PAGE: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>New User Registration</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p> </div> </div> <div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> - 46 -

<li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>New User Registration </h1> <p> <form action="congrats.php" method="post"> <p>Enter Username: <input type="text" name="username" value="" size=50/><br /> Enter Password&nbsp;: <input type="password" name="password" value="" size=50/><br /> Full Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;: <input type="text" name="name" value="" size=50/><br /> Email&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp ;&nbsp;&nbsp;&nbsp;&nbsp;: <input type="text" name="email_id" value="" size=50/><br /> Occupation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;: <input type="text" name="occupation" value="" size="50"/><br /> Country&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;: <input type="text" name="country" value="" size="50"/></p> <p align="center"> Submit Details: <input type ="submit" name="submit" value="Submit"/></p> </form> </div> </div> <div id="footer"> - 47 -

<p> &copy; 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="index.php">Home</a>&nbsp;|&nbsp; </p> </div></div></body></html>

- 48 -

7.1.6 USERS PAGE

- 49 -

CODE for USERs PAGE <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Download and Upload Instructions</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <?php $username_1 = $_POST['username']; $password_1 = $_POST['password']; $db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143') OR die("disconnected<br>"); $db = mysql_select_db('b13_6284740_project') OR die("unable to select database"); $dbquery_1 = "select * from users where username='$username_1' and password='$password_1'" OR die ("unable to execute query"); $dbresult_1 = mysql_query($dbquery_1,$db_connect) OR die("unable 2 give result"); ?>

<div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p> </div> </div> <div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li><a href="download_request.php">Download Request</a></li> <li><a href="upload_request.php">Upload Request</a></li> <li class="last"><a href="about.php">About</a></li> </ul> - 50 -

</div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Instructions for Downloading Semantic Web Ontology !!</h1> <ul> <li>For Downloading any Semantic Web Ontology, you need to fill in some details into the form below:</li> <li>First download <strong>SECCURE: Secure Elliptic Curve Cryptography Utility for Reliable Encryption</strong>. You can download its Tar.gz File or Debian Package from <a href="http://point-at-infinity.org/seccure/">Seccure</a>.</li> <li>After installing this very important toolkit in your machine. You should generate <strong>PUBLIC KEY & PRIVATE KEY PAIR</strong>, using the following set of commands in your terminal window:<br /> <strong>$ seccure-key<br /> Assuming curve p160.<br /> Enter private key: my private key<br /> The public key is: 8W;>i^H0qi|J&$coR5MFpR*V </strong></li> <li>User Should must provide this <strong>PUBLIC KEY</strong> in the form below, and keep the <strong>PRIVATE KEY</strong> safe with you.</li> <li>The website Admin needs your PUBLIC KEY to encrypt the file exclusively for you. </li> <li>The Download link for the requested ontology will be made available to you in 24Hours.</li> - 51 -

<li>After downloading the file on your machine, Simply browse to the directory of the file. Use the following set of commands to Decrypt the File.<br /> <strong>seccure-decrypt -o filename.enc <br /> Enter the Private Key: my private key<br /> File Open</strong></li> </li> </ul> <p align="center"><a href="download_request.php"><strong>Download Request Form</strong></a></p> <h1>Instructions for Uploading Semantic Web Ontology!!</h1> <ul> <li>For Uploading any Semantic Web Ontology to this website, the user needs to fill in some details into the form below, and upload the file using the file upload tool.</li> <li>First Download and Install <strong>SECCURE: Secure Elliptic Curve Cryptography Utility for Reliable Encryption</strong>. You can download its Tar.gz File or Debian Package from <a href="http://point-at-infinity.org/seccure/">Seccure</a>.</li> <li>After installing this very important toolkit in your machine. Use this PUBLIC KEY::<strong>2D*~@S|:iXX.8HHY;kYBy*E>n</strong>, to encrypt the Ontology file, using the commands below:<br /> <strong>$ seccure-encrypt -i file.owl -o file.enc '2D*~@S|:iXX.8HHY;kYBy*E>n'<br /> Encryption Succesful</strong></li> <li>User Should than, UPLOAD the encrypted version of the file, using the File_Upload option below:</li> <li>The website Admin will check the file, and if the decryption is successful on Admin's end, It will be uploaded in our Archives in 24Hours of time span.</li> <li>Kindly fill in all the details related to the Semantic web Ontology you are about to upload.</li> </li> </ul> <p align="center"><a href="upload_request.php"><strong>Upload Request Form</strong></a></p> </div> </div> <div id="footer"> <p> &copy; 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> - 52 -

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="index.php">Home</a>&nbsp;|&nbsp; </p> </div> </div> </body> </html>

7.1.7 DOWNLOAD REQUEST FORM

CODE for DOWNLOAD REQUEST FORM: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Download and Upload Instructions</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> <div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p> - 53 -

</div> </div> <div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li id="current"><a href="download_request.php">Download Request</a></li> <li><a href="upload_request.php">Upload Request</a></li> <li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Request form for Downloading Semantic Web Ontology !!</h1> <form action="download_request.php" method="post"><br /> Username:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="" name="usrname" /><br /><br /> Email Add:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="" name="email" /><br /><br /> PUBLIC KEY:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="" name="pubkey" /><br /><br /> - 54 -

Ontology Name:&nbsp;&nbsp;<input type="text" value="" name="owlname" /><br /><br /> Purpose: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<inp ut type="text" value="" name="purpose" /><br /><br /> <input type="submit" value"Send Download Request" name="dndrequest" /> </form> <?php $usrname = $_POST['usrname']; $mail = $_POST['email']; $pubkey = $_POST['pubkey']; $owlname = $_POST['owlname']; $purpose = $_POST['purpose']; $db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143'); if ($db_connect == false) { die ("Unable to Connect to MySql Database<br>"); } $db = mysql_select_db('b13_6284740_project'); if ($db == false) { die ("Unable to Select MySql Databse<br>"); } $dbquery = "INSERT INTO download (usrname, mail, publickey, owlname, purpose) VALUES ('$usrname','$mail','$pubkey','$owlname','$purpose')"; $dbresult = mysql_query ($dbquery, $db_connect); if ($dbresult == false) { die("Unable to add record <br>"); } ?> </div> </div> <div id="footer"> <p> &copy; 2010 <strong>MSc Dissertation Project</strong> | Design by: <strong>Raman Pal</strong> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="index.php">Home</a>&nbsp;|&nbsp;</p> - 55 -

</div> </div> </body> </html> 7.1.8 UPLOAD REQUEST FORM

CODE for UPLOAD REQUET FORM: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Download and Upload Instructions</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="images/Envision.css" type="text/css" /> </head> <body> Strict//EN"

<div id="wrap"> <div id="header"> <h1 id="logo-text">Secure Semantic Web</h1> <h2 id="slogan"><b>Web Ontology Sharing....</b></h2> <div id="header-links"> <p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p> </div> </div> - 56 -

<div id="menu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="archives.php">Archives</a></li> <li><a href="support.php">Tech-Support</a></li> <li><a href="download_request.php">Download Request</a></li> <li id="current"><a href="upload_request.php">Upload Request</a></li> <li class="last"><a href="about.php">About</a></li> </ul> </div> <div id="content-wrap"> <div id="sidebar"> <h1>Search Box</h1> <form method="get" action="http://www.google.com/search"> <p> <input type="text" name="q" size="20" maxlength="255" value="" /> <input type="submit" value="Search" /> </p> </form> <h1>Links to Semantic Websites</h1> <ul class="sidemenu"> <li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li> <li><a href="http://swoogle.umbc.edu/">Swoogle</a></li> <li><a href="http://data.gov.uk/">Data Gov UK</a></li> <li><a href="http://sig.ma/">SIG.MA</a></li> <li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li> </ul> </div> <div id="main"> <h1>Request form for Uploading Semantic Web Ontology!!</h1> <form enctype="multipart/form-data" action="upload_request.php" method="POST"><br /> Ontology Name::&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <input type="text" name="ontologyname" value="" /><br /><br /> Ontology Description:: <input type="text" name"description" value="" size="50" /><br /><br /> Username::&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; <input type="text" name="username" value="" /><br /><br /> Email::&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="email" value="" /><br /><br /> - 57 -

<input type="hidden" name="MAX_FILE_SIZE" value="100000" /> Choose a file to upload: <input name="uploadedfile" type="file" />&nbsp;&nbsp; <input type="submit" value="Submit" /><br /><br /> </form> <?php $target_path = "upload/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else { echo "There was an error uploading the file, please try again!"; } ?>

</div> </div> <div id="footer"> <p> &copy; 2010 <strong>MSc Dissertation Project</strong> | <strong>Raman Pal</strong> | Valid href="http://validator.w3.org/check?uri=referer">XHTML</a> | href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; href="index.php">Home</a>&nbsp;|&nbsp;</p> </div> </div> </body> </html>

Design

by: <a <a <a

8 References
[1] Ali, R. (2008). Elliptic Curve Cryptography A new way for Encryption. Karachi: IEEE. [2] Amit Jain, Csilla Farkas. (2006). Secure Resource Description Framework: an Access Control Model. SACMAT'06. ACM. [3] Azadeh Nematzadeh, Layla Pournajaf . (2008). Privacy Concerns of Semantic Web . Fifth International Conference on Information Technology: New Generations. Tehran: IEEE Computer Society. - 58 -

[4] Bertino, E. (2002). Access Control for XML Documents, Data and Knowledge Engineering. [5] Bhavani Thuraisingham, Pranav Parikh . (2008). Trustworthy Semantic Web Technologies for Secure Knowledge Management . 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing . IEEE Computer Society. [6] Elena Ferrari, Bhavani Thuraisingham. (2000). Secure Database System. In Advances in Database Management. Artech House. [7] Farkas, C. (2003). Inference Problem for Semantic Web. Proceeding of the IFIP conference on Data and Application Security. Colorado. [8] Gaithersburg, M. (2009, June). Digital Signature Standards, FIPS PUB 186-3. Retrieved from Federal Information Processing Standards Publications FIPS PUBS: http://www.itl.nist.gov/fipspubs/by-num.htm [9] Ian F. Blake, Gadiel seroussi, Nigel P. Smart. (2005). Advances in Elliptic Curve Cryptography. Cambridge: Cambridge University Press. [10] Jir Dokulil, Jakub Yaghob, Jana Katreniakova. (2008). Everything You Ever Wanted to Learn from the Semantic Web but Were Unable to Ask. The Second International Conference on Advanced Engineering Computing and Applications in Sciences. IEEE Computer Society. [11] Koblitz, N. (1987). Elliptic Curve Cryptosystems. Math. Comp. [12] Maryam Tahajod, Azadeh Iranmehr, Nasim khozooyi. (2009). Trust Management for Semantic Web . 2009 Second International Conference on Computer and Electrical Engineering. IEEE Computer Society. [13] Nigel Shadbolt, Wendy Hall, Tim Berners-Lee. (2006). Semantic Web Revisted. Web and Semantic Web Research Information. IEEE Computer Society. [14] Poettering, B. (2009, april 9). SECCURE. Retrieved from Point At Infinity: http://www.point-at-infinity.org/seccure/ [15] Qizhi Qiu, Qianxing Xiong . (2003). Research on Elliptic Curve Cryptography. The 8th International Conference on Computer Supported Cooperative Work in Design Proceedings. IEEE. [16] R. L. Rivest, A. Shamir, L. Adleman. (1978). A method for obtaining digital signatures and public key cryptosystem. Communication of the ACM. ACM. [17] Semantic Information Mash-Up. (n.d.). Retrieved from Sig.MA: http://www.sig.ma [18] Shuhua Wu, Yuefei Zhu. (2006). A Resource Efficient Architecture for RSA and Elliptic Curve Cryptosystems. IEEE.

- 59 -

[19] Sizov, S. (2007). What Makes You Think That? The Semantic Webs Proof Layer. IEEE Computer Society. [20] The Case For Elliptic Curve Cryptography. (2009, January 15). Retrieved from National Security Agency, Central Security Service: http://www.nsa.gov/business/programs/elliptic_curve.shtml [21] Thuraisingham, B. (2002). Builing Secure Survivable Semantic Web. 14th IEEE International Conference on Tools with Artificial Intelligence (ICTAI02). [22] Thuraisingham, B. (2007). CONFIDENTIALITY, PRIVACY AND TRUST POLICY ENFORCEMENT FOR THE SEMANTIC WEB. Eight IEEE International Workshop on Policies for Distributed System and Networks (POLICY'07). Dallas: IEEE Computer Society. [23] Thuraisingham, B. (2003). Security Issues for the Semantic Web . 27th Annual International Computer Software and Applications Conference (COMPSAC03). [24] Thuraisingham, B. (2002). XML Databases and the Semantci Web. CRC. [25] Thuraisingham, D. B. (2009). Building Trustworthy Semantic Webs . IEEE IRI 2009. [26] Tim Berners-Lee, Mark Fischetti. (1999). Weaving The Web. San Francisco: Harper. [27] Vanstone, S. (2004, March 18). ECC holds key to Next-Gen Cryptography. Retrieved from EE Times News and Analysis: http://www.commsdesign.com/showArticle.jhtml?articleID=18400497 [28] Yu Zhang, Huajun Chen, Zhaohui Wu, Xiaoqing Zheng. (2006). Develop a computational trust prototype for the Semantic Web. Proceedings of the 22nd International Conference on Data Engineering Workshops (ICDEW'06).

- 60 -