Authentication layer for real-time business process analysis

Abstract

Authentication Layer for Real-Time Business Process Analysis. Master of Science byResearch in the Department of Electrical and Computer Engineering, Khalifa Universityof Science, Technology, and Research, Abu Dhabi, United Arab Emirates, 23 February2013.The massive demand for accurate up to date data and better services has caused an in-creasing interest in real time monitoring applications. These types of services have proveduseful in many fields ranging from medical applications to environmental monitoring. Oneof the fields which has been enhanced by real-time data is Business Process Monitoringwhich has become a vital part of numerous enterprises. These systems have improved tothe point where aspects of the enterprise can be monitored with great accuracy. This canbe maintained for very long durations of time without interruption. Simultaneously itmay provide real-time data and updates asynchronously to the users of the system. Froma security perspective, this presents a range of challenges in the methodology of keepingthe client authenticated for such long durations without interruption. Furthermore thecommunication channels must also retain strong secrecy guarantees against various threatsand attacks.This thesis explores security in real-time Business Process Monitoring and the neces-sary services required in it that will be discussed throughout this thesis. Concurrentlythe unique challenges related to real-time monitoring which try to provide mutual au-thentication over a long period of time. This has to be done without interrupting thecommunication for key re-negotiation, as well as maintaining strong secrecy guaranteesover that duration without hindering performance. Throughout this thesis I will discussa two-phased security layer which provides the necessary security services and easy accesscontrol integration. The first providing authentication, integrity and confidentiality bymeans of an authentication server. It contains an enhanced version of Kerberos in combi-nation with public key certificates which are presented in such a way that allows for easyand inexpensive maintenance of secure long sessions. The second phase uses a time basedKey Derivation Function that does not relay on synchronised timers. This later approachallows for better performance in comparison with other sequential key derivation functionswhen applied to real-time monitoring applications.The two phased security layer was then applied as a case study onto a real-time Busi-ness Process Monitor called Zeus. This is to provide a plan for the deployment andintegration procedure of such a security layer. This involved understanding Zeus and itsmethod of operation as well as Web Service Security; then designing and integrating thesecurity layer into it, which meant integrating the security layer into a web services envi-ronment. Additionally, we conducted elaborate verication tests to assure that the systemoffers the aforementioned security services. In similar fashion the performance tests re-vealed significant performance gains in using the proposed KDF over the conventional oneused in web services.

Date of Award	2014
Original language	American English
Supervisor	Chan Yeun (Supervisor)