secure semantic web (ontology sharing)

- 1 -

UNIVERSITY OF SOUTHAMPTON

Faculty of Engineering, Science and Mathematics

School of Electronics and Computer Science

Secure Semantic Web, Ontology Sharing

By

RAMAN PAL

([email protected])

Completed on 18th

January, 2011

A dissertation submitted in partial fulfilment of the degree of

M.Sc. Web Technology

By examination and dissertation

Supervisor: Dr. Kirk Martinez

Examiner: Dr. Richard M Crowder

- 2 -

Abstract

This dissertation will present the developments in the field of Semantic Web and will talk

about Secure Semantic Web. To satisfy the requirements of M.Sc. Dissertation, the author

has also proposed an implementation model which will present the concept of Secured

Sharing of Semantic Web Ontology. This model is devised for secured resource management

for intelligent service framework, such as semantic web.

This dissertation will talk about Semantic Web and Security. It will showcase, why factors

like Trust and Proof are kept on top most layers of Semantic Web Stack. It will further

demonstrate the use of encryptions to enhance the effect of factors like Trust & Proof. A

study on various Encryption algorithms is also presented; Elliptic Curve Cryptography (ECC)

being one of them. ECC is explained in detail and the description of its toolkit “SECCURE”

is also provided.

For the purpose of demonstrating the implementation of Secure Medium of Information

Interchange for Semantic Web Ontology, author developed a website which will allow its

users to securely share their semantic web ontology and suggested the use of Elliptic Curve

Cryptography.

Keywords Semantic Web, Security, Encryption, Cryptography, Trust, Proof, Elliptic Curve

Cryptography, ECC, SECCURE, Semantic Web Stack, Secure Semantic Web, Web Ontology

Language, Secure Information Interchange.

Acknowledgement I would like to thank my project supervisor Dr. Kirk Martinez for his invaluable support and

guidance throughout the project design and implementation.

I would also like to thank my second examiner Dr. Richard M. Crowder, who took time from

his busy schedule for evaluating my implementation work, and giving useful feedback.

And, in the last I would like to thank my group monitor Mu Yang, she is the person who was

always there to help me with all kind of difficulties in my project.

Thank you all.

- 3 -

Table of Contents

Keywords .............................................................................................................................. - 2 -

Acknowledgement ................................................................................................................ - 2 -

Chapter 1: Introduction ......................................................................................................... - 6 -

1.1 Introduction ............................................................................................................ - 6 -

1.2 Thesis Structure ...................................................................................................... - 7 -

2 Chapter 2: Semantic Web and Secure Semantic Web .................................................. - 8 -

2.1 Semantic Web ........................................................................................................ - 8 -

2.1.1 Proof and Trust Layer ..................................................................................... - 9 -

2.2 Secure Semantic Web........................................................................................... - 10 -

2.3 Examples of websites where security can be compromised ................................ - 12 -

2.3.1 http://www.marinetraffic.com/ais/ ................................................................ - 12 -

2.3.2 http://www.sig.ma ......................................................................................... - 13 -

2.3.3 www.swoogle.umbc.edu ............................................................................... - 15 -

2.4 Comparison Chart for security vulnerability testing of the above mentioned

examples. ........................................................................................................................ - 16 -

3 Chapter 3: Cryptography............................................................................................. - 17 -

3.1 Cryptography in Semantic Web ........................................................................... - 17 -

3.1.1 DSA: Digital Signature Algorithm ............................................................... - 18 -

3.1.2 RSA: Rivest Shamir Adleman Algorithm..................................................... - 19 -

3.1.3 ECC: Elliptic Curve Cryptography ............................................................... - 20 -

3.2 How Elliptic Curve Cryptography is better than others?? ................................... - 21 -

3.2.1 Quick Wrap Up on Elliptic Curve Cryptography ......................................... - 24 -

4 Chapter 4: Secure Semantic Web, Ontology Sharing ................................................. - 25 -

4.1 SECCURE: ECC Toolkit ..................................................................................... - 25 -

4.1.1 Generate private-public key pair. .................................................................. - 26 -

4.1.2 Encrypt a piece of text message. ................................................................... - 26 -

4.1.3 Decrypt a piece of text message.................................................................... - 26 -

4.1.4 Encrypt a file. ................................................................................................ - 26 -

4.1.5 Decrypt a file................................................................................................. - 26 -

4.1.6 Verify the generated signature. ..................................................................... - 27 -

4.1.7 Share or exchange Public Keys with Deffie-Hellman Key Exchange. ......... - 27 -

4.2 Requirement Analysis and Specifications ............................................................ - 28 -

4.2.1 Requirement Analysis ................................................................................... - 28 -

- 4 -

4.2.2 Specification of requirement ......................................................................... - 28 -

4.3 Site Structure and Design ..................................................................................... - 28 -

4.3.1 Use Case Diagram: ....................................................................................... - 28 -

4.3.2 Website Flow Control Diagram: ................................................................... - 29 -

4.4 Website Development .......................................................................................... - 31 -

4.4.1 Home Page .................................................................................................... - 31 -

4.4.2 Ontology Repository ..................................................................................... - 31 -

4.4.3 Tech-Support................................................................................................. - 32 -

4.4.4 About............................................................................................................. - 32 -

4.4.5 New User Registration Page ......................................................................... - 32 -

4.4.6 User’s Page ................................................................................................... - 32 -

4.4.7 Download Request Form .............................................................................. - 33 -

4.4.8 Upload Request Form ................................................................................... - 33 -

4.5 Testing and Maintenance ..................................................................................... - 34 -

4.5.1 Testing........................................................................................................... - 34 -

4.5.2 Maintenance .................................................................................................. - 35 -

5 Chapter 5: Planning Management ............................................................................... - 35 -

5.1 Initial Project Scope ............................................................................................. - 35 -

5.2 Available Resources ............................................................................................. - 35 -

5.3 Project Tasks ........................................................................................................ - 35 -

5.4 Risk....................................................................................................................... - 36 -

5.5 Gantt chart ............................................................................................................ - 36 -

5.6 Management techniques ....................................................................................... - 38 -

6 Chapter 6: Conclusion and Suggestion for future work .............................................. - 38 -

6.1 Suggestion for future work ................................................................................... - 38 -

6.2 Conclusion ............................................................................................................ - 38 -

7 Chapter 7: Appendices ................................................................................................ - 40 -

7.1 Appendix: Web Pages along with the some important bits of code..................... - 40 -

7.1.1 HOME PAGE ............................................................................................... - 40 -

7.1.2 ONTOLOGY REPOSITORY ....................................................................... - 43 -

7.1.3 TECH-SUPPORT ......................................................................................... - 44 -

7.1.4 ABOUT ......................................................................................................... - 45 -

7.1.5 NEW USER REGISTRATION PAGE ......................................................... - 46 -

- 5 -

7.1.6 USER’S PAGE ............................................................................................. - 49 -

7.1.7 DOWNLOAD REQUEST FORM ................................................................ - 53 -

7.1.8 UPLOAD REQUEST FORM ....................................................................... - 56 -

8 References ................................................................................................................... - 58 -

Table of Figures

FIGURE 1: SEMANTIC WEB STACK ........................................................................... - 9 -

FIGURE 2: SCREEN SHOT OF MARINE TRAFFIC WEBSITE, GIVING AWAY CRUCIAL INFORMATION. ... -

13 -

FIGURE 3: SCREEN SHOT OF SIG.MA GIVING AWAY CRUCIAL INFORMATION AND COMPROMISING

SECURITY. ................................................................................................. - 14 -

FIGURE 4: SCREEN SHOT OF SWOOGLE: SEMANTIC WEB SEARCH ENGINE ALLOWING ITS USERS

TO DOWNLOAD SEMANTIC WEB ONTOLOGY WITHOUT ANY SECURITY. ..................... - 15 -

FIGURE 5: SIGNATURE GENERATION AND VERIFICATION FOR DSA ................................ - 18 -

FIGURE 6: UNDERLYING MATHEMATICAL PROBLEM FOR DIFFERENT PUBLIC KEY SYSTEMS. . - 22 -

FIGURE 7: NIST GUIDELINES FOR PUBLIC KEY SIZES WITH EQUIVALENT SECURITY LEVELS. .. - 23 -

FIGURE 8: RUN TIMES FOR DIFFERENT PUBLIC KEY SCHEMES ....................................... - 24 -

FIGURE 9: USE CASE DIAGRAM ............................................................................ - 29 -

FIGURE 10: PAGE FLOW DIAGRAM ....................................................................... - 30 -

- 6 -

Chapter 1: Introduction

1.1 Introduction

The present World Wide Web is heading towards its third stage of evolution. Starting with a

basic architecture and design of web pages, having just the static content to display

information and hyperlinks to other web pages, which later evolved into a more user centred

design with interactive information sharing, a collaborative World Wide Web. Latest research

and developments are taking it to its third stage of evolution which is about to take place or

rather be said is taking place in this virtual world of WWW, in which the information and

content on the web will be understandable and processed by the machines [computers],

intelligent agents and web services.

The fact which is a matter of concern for all the users of World Wide Web is: Security, Trust

and Proof in regard to the services that are offered online. Some of the issues are:

1) Are we 100% sure about the fact, that all our information which is available up there

online is safe and secure?

2) Are we 100% sure that whatever we buy online will definitely reach us and we will

not become victim to any scam?

3) Are we 100% sure about the facts that we read online on different forums are

trustworthy enough to believe them?

All the concerns mentioned above triggers another question that, have we achieved such a

level of access control and security mechanism which is capable of supporting an entirely

new and improved World Wide Web, where machines will be able to take control of every

other thing which is available online?

Author believes that for the growth and success of semantic web factors like trust, proof,

security and encryptions are indispensible in semantic web stack.

This dissertation will talk about importance of factors like trust and proof in the semantic web

stack. Furthermore, it will present a prototype for secure information interchange for

semantic web ontology sharing. To support the prototype presented, use of encryption

algorithm is a must, that’s why comparison between different available cryptosystems is

shown and use of Elliptic curve cryptography is recommended.

- 7 -

1.2 Thesis Structure

This dissertation is divided in chapters; Second chapter of this dissertation will explain

Semantic Web and Secure Semantic Web. It will present its finding for existence of a Secure

Semantic Web, by secure the author means: which can be Trusted and there is Proof for every

assertion made on it. The author will also talk about Semantic Web Stack and the importance

of Trust and Proof layer. And in the third section, the author will present some of the

instances from Semantic Web Sites where security has been compromised or can be

compromised and will also present a comparison between existing systems and the proposed

system.

Third Chapter of this dissertation will talk about use of Encryptions and Signatures to make

Semantic Web a Secure Semantic Web. Further, to this chapter the author will compare

different Encryption Algorithms and will present its findings. In the second section of this

chapter the author will talk about Elliptic Curve Cryptography, and will show how Elliptic

Curve Cryptography is the best cryptography system available today.

Fourth Chapter of this dissertation will present the project design and implementation of a

Secure Semantic Web, Ontology Sharing System. The author will showcase its development

and usage description. And will also throw light on how this system is better than the existing

systems of Semantic Web Search Engines. Furthermore, the author will talk about Secure

Semantic Web Information Interchange and use of Encryption to increase Trust and Proof for

the end user.

Fifth Chapter of this dissertation is on Planning & Management and will present the evidence

of project, time and resource management.

Sixth and Seventh Chapter of this dissertation will present the suggestions for future work,

conclusion and further reading. Appendices will showcase all the coding, UI design with the

screenshots of the application designed. Also, there is a CD with the complete code and

implementation model. References to all the sources of the research and study can be found

in Eighth Chapter.

- 8 -

2 Chapter 2: Semantic Web and Secure Semantic Web

2.1 Semantic Web

Past two decades have witnessed a technology which has outpaced every other technology on

the scale of its popularity, usability, research and development. The same technology has

outpaced every other technological revolution, which has ever taken place in the history of

mankind. The name of this technology is Web Technology and it revolves around the World

Wide Web which was invented by Sir Prof. Tim Berners-Lee when he was working in

CERN, Geneva, Switzerland in the year 1990. His original vision was much more ambitious

than the present syntactic World Wide Web. He said “I have a dream for the Web [in which

computers] become capable of analyzing all the data on the Web – the content, links, and

transactions between people and computers. A ‘Semantic Web’, which should make this

possible, has yet to emerge, but when it does, the day-to-day mechanisms of trade,

bureaucracy and our daily lives will be handled by machines talking to machines. The

‘intelligent agents’ people have touted for ages will finally materialize.” [26]

Since, than he and many others are working towards the realisation of this vision and they

named it as Semantic Web. In his paper “Semantic Web Revisited” he says: “The Semantic

Web is a Web of actionable information—information derived from data through a semantic

theory for interpreting the symbols. The semantic theory provides an account of “meaning”

in which the logical connection of terms establishes interoperability between systems.” [13]

The progress is consistent in the direction to achieve web semantics, Organisations like IETF

(Internet Engineering Task Force) and W3C (World Wide Web Consortium) are putting in

serious efforts in standardization of technologies, developing languages and standards for

sharing the meaning. Languages and standards like XML, XML Schema, RDF, RDF Schema,

OWL, SPARQL are organised in a Semantic Web Stack and they act as a foundation for

semantic web.

All of these tools and standards play a very important & crucial role in the making of

Semantic Web. But, the researchers realised that for the success of semantic web, factors

stated above are not enough and the factors like Trust and Security will play a crucial role in

deciding the fate of any future technology. They realised that Trust and Proof should be kept

on top most layer of Semantic Web Stack and Encryptions should be there across all layers of

the stack.

Source1 http://www.w3.org/2000/Talks/1206

Over the years of research and stu

and development organisations targeted their research to Web Ontology Language, RDF,

XML, etc. Very less work has been done in the area to make Semantic Web Secure and

Reliable. There is a lot of sc

Encryptions. That is the reason why author opted to work in this field.

2.1.1 Proof and Trust Layer

Self-organizing knowledge exchange between users is one of the key motivations for the

research and development in Semantic Web Technology. Humans browsing the World Wide

Web will soon be a history. In the near future with the advent of Semantic Web Technology

personal digital agents and application would be able to browse World Wide Web

automatically for its master, and would also be able to look for things and take decisions on

behalf of its master on the basis of their personal information stored somewhere online. Use

- 9 -

Figure 1: Semantic Web Stack

http://www.w3.org/2000/Talks/1206-xml2k-tbl/slide10-0.html

Over the years of research and studies in the field of Semantic Web, all the major research



Reliable. There is a lot of scope for research and development in Trust, Proof and

Encryptions. That is the reason why author opted to work in this field.

Proof and Trust Layer

organizing knowledge exchange between users is one of the key motivations for the

nt in Semantic Web Technology. Humans browsing the World Wide



ter, and would also be able to look for things and take decisions on


dies in the field of Semantic Web, all the major research



ope for research and development in Trust, Proof and

organizing knowledge exchange between users is one of the key motivations for the

nt in Semantic Web Technology. Humans browsing the World Wide



ter, and would also be able to look for things and take decisions on


- 10 -

of Semantic Web Agents and Web Services will demand Proof to develop Trust between the

collaborative agents and services. [5][10]

But, if something happens which seems strange or unusual to its master, than the master

should also be in a position where he can ask for an explanation from his personal digital

agent. This is the point where Proof and Trust Layer of Semantic Web Stack comes into use.

The decisions taken up by the personal digital agent will be based on the credibility/ user

ratings/ reviews etc which will work as proof for the agent to trust the other party. So when

the master asks for an explanation the digital agent can right away show all the facts

supporting its decision.

Let me give you a hypothetical scenario: John and Becky are siblings and have a busy work

life in Southampton. Their mother lives with Becky and she is very old, and needs to visit a

Doctor quite regularly for her old age health issues. Mother was supposed to have an eye

surgery on Tuesday. But the doctor’s assistant sends an email to Becky and tells her that the

doctor would not be able to do the surgery before Friday. But Becky has another problem, her

personal digital assistant just told her that she had big official conference to attend on Friday

and the only way she can sort this complicated scenario is by asking her brother John to take

mother for the eye surgery on Friday. Becky’s personal digital assistant sends an email to

John with all the details. John’s personal digital assistant reads the mail to John and also tells

him that he has not much work to do on Friday and he can take mother to the Doctor. But

John queries the assistant about his appointments on Friday. The assistant tells him that, all

the appointments are in the evening and are also not very high on his priority list. John asks

his assistant to confirm his availability to Becky.

Now in the above scenario the personal agents were able to understand all the commands

from their masters, and were able to take decision based on the information stored in their

personal calendars which are managed online and were also able to justify the assertion made

by them. That explains the requirement of Proof and Trust Layer in the Semantic Web Stack.

2.2 Secure Semantic Web

Collection of technologies which enables machines to understand web pages is called

Semantic Web. The core idea was to automate every process using intelligent agents on

behalf of user. Everything which an actual user used to do will be done by agents like

collaborating, invoking web services, understanding the web pages and carrying out activities

- 11 -

such as making reservation, designing vehicles, etc. Semantic web includes technologies such

as mark-up languages like XML, semantic based languages such as RDF and ontology

description languages like OWL. Contracts are negotiated and activities are carried out using

above mentioned technologies. Policies on trust, privacy, integrity, confidentiality are must to

ensure secure execution of each operation in the web of semantics. These policies will define

the level and type of access permissions that agents have on web resources and will also

determine the level of trust that can be put on other agents.

Various inference systems have been developed and are in developing process to carry

automated negotiations between intelligent agents. Inference system deals with all sorts of

processes like deducing new information and posing queries.

“We also need to examine the inference problem for the semantic web. Inference is the

process of posing queries and deducing new information. It becomes a problem when the

deduced information is something the user is unauthorized to know. With the semantic web,

and especially with data mining tools, one can make all kinds of inferences. Recently there

has been some research on controlling unauthorized inferences on the semantic web. Security

should not be an afterthought. We have often heard that one needs to insert security into the

system right from the beginning. Similarly security cannot be an afterthought for the semantic

web. However, we cannot also make the system inefficient if we must guarantee one hundred

percent security at all times. What is needed is a flexible security policy. During some

situations we may need one hundred percent security while during some other situations

some security (e.g., 60%) may be sufficient. [21, 22, 23]

Privacy is very closely related to security. The major challenge is sensitive information of

individuals should must be protected at all times. Trust management and negotiation are some

of the other challenges in front of semantic web research community. This includes

determining trust value that one agent can place on other. One suggestion is to use reputation

mechanisms for the agents. Maintaining integrity is another challenge. For example, when

XML documents are published by third parties, we need to ensure that the documents are

authentic and are of high quality. With consistent research initiatives in the field of Semantic

Web Research, more and more progress is achieved and better standards for security, trust

and proof can be developed to make Semantic Web a success.

After securing XML and RDF, next thing on the agenda is to examine security for ontology

and interoperation. That implies, security levels may have been attached to the ontology.

- 12 -

Some parts of the ontology could be unclassified and certain parts could be secret. The

challenge lies in the developing a method or an approach to use this ontology for secure

information interchange. In the past, researchers have done some work in the field of secure

interoperability of databases. Author suggests that we should revisit that research work and

then conclude what else needs to be done, to ensure that the information on the World Wide

Web can be managed, integrated and exchanged securely.

Security and privacy are very closely related to each other. The issue of privacy control has

received a lot of attention in the recent days partly because privacy is a very critical issue for

the success of semantic web. For national security reasons privacy plays a very crucial role,

certain portion of the document may be open for public access without any privacy and some

section may have private information which cannot be open for public access and this issue

gives the researchers a reason to find ways to develop a method or an approach which will

enable the users to take maximum advantage of the semantic web and still maintain privacy

and sometimes anonymity.

2.3 Examples of websites where security can be compromised

2.3.1 http://www.marinetraffic.com/ais/

This websites gives real-time information of all the ships that are in the sea or on the docks

worldwide, and also provides all the information like:

a) Ship Type

b) Country Flag

c) Status

d) Speed/Course

e) Length x Breadth

f) Destination

g) ETA

h) Ship Photos

i) Other Details

The above mentioned points are very important piece of information, and this online system was developed to monitor and track all the ships online. But, this system is open to everyone and lacks security, thus vulnerable to sea pirates e.g. Somalian pirates can use this system to know about the ship and can hijack the passengers or can loot the ship.

Figure 2: Screen shot of Marine traffic website, giving away crucial information.

This marine traffic websites lacks any kind of security parameters. There is a greater risk of information being hacked or altered. And thus whole system is completely vulnerable to being attacked and there is no guarantee, that the information being displayed is correct and is from right source.

This system lacks security, and a conventional HTTPS and S

enough to take care of the system and its security needs, reason being HTTPS & SSL only

provide the end to end security, there is a greater risk of information being hacked or altered

in transit. Thus a better security mecha

mechanism is required.

2.3.2 http://www.sig.ma

http://Sig.ma is a tool to explore

information in Sigma is likely to come from multiple, un

web site that embeds information in RDF, RDFa or Micro formats (standards for the Web of

Data).

Sig.ma can be used in 3 main ways:

1) “As a Web of Data browser: start from any entity and then click to another from the

resulting page. Remember you are browsing a “network of mashups”, quite a unique

thing. It might be noisy but you can spot gems, e.g. interesting description differences

in different sources.

- 13 -

Screen shot of Marine traffic website, giving away crucial information.

This marine traffic websites lacks any kind of security parameters. There is a greater risk of ation being hacked or altered. And thus whole system is completely vulnerable to

being attacked and there is no guarantee, that the information being displayed is correct and is

This system lacks security, and a conventional HTTPS and Secure Socket Layer would not be



in transit. Thus a better security mechanism such as Digital Signature and Encryption

is a tool to explore and exploit the Web of Linked Data. At any time,

information in Sigma is likely to come from multiple, unrelated Web sites


Sig.ma can be used in 3 main ways:

As a Web of Data browser: start from any entity and then click to another from the

ting page. Remember you are browsing a “network of mashups”, quite a unique


Screen shot of Marine traffic website, giving away crucial information.

This marine traffic websites lacks any kind of security parameters. There is a greater risk of ation being hacked or altered. And thus whole system is completely vulnerable to

being attacked and there is no guarantee, that the information being displayed is correct and is

ecure Socket Layer would not be



nism such as Digital Signature and Encryption

Data. At any time,

related Web sites – potentially any


As a Web of Data browser: start from any entity and then click to another from the

ting page. Remember you are browsing a “network of mashups”, quite a unique


- 14 -

2) As an embeddable/linkable widget: create a Sigma, refine it and when you’re ready to

paste it around in emails and twits or embed it on your blog. Sigmas are “data live”:

if one of your selected sources updates its information, so will your Sigma be updated

wherever it shows.

3) As a semantic API: retrieve entity descriptions and specific properties. For example

picture, phone@Giovanni Tummarello, ready to consume, in JSON, in RDF.” [17]

Figure 3: Screen Shot of Sig.ma giving away crucial information and compromising security.

This online system also lacks any kind of access control measures. When the user search for

any strings of words on this Semantic Mash-up Search Engine, they get all the information

from various secured and unsecured sources and that too without any type of access control

on the flow of information.

User being a black hat hacker can misuse the same information to carry out various other evil

practices. It can be act as a good source of information on practically almost anything for

doing Social Engineering for the black hat hackers. Identity theft, Information leak are some

of the possible threat.

Thirdly the source of information which is being mashed-up to the other sources, there is no

guarantee of information being correct and accurate. The information is automatically

collected by RDF tag linking. Thus, the information can be inaccurate or from a weak source

which can be potential target of being hacked. Thus the end user cannot trust the information

given on the www.sig.ma.

- 15 -

2.3.3 www.swoogle.umbc.edu

This is a Semantic Web Search Engine, it crawls the World Wide Web for special class of

document written in RDF. Provides features like searching Semantic Web Ontology, Instance

Data, Terms. However, no security is applied to system. It enables you to download ontology,

but there is no guarantee that you will get what you asked for. The author means that when

you click on an ontology file to download, there is no 100% surety that the file you have

received is the one you requested. Moreover, the website also doesn’t maintain any record of

the user details of downloads.

Figure 4: Screen Shot of Swoogle: Semantic Web Search Engine allowing its users to download Semantic Web

Ontology without any security.

- 16 -

2.4 Comparison Chart for security vulnerability testing of the above

mentioned examples.

Security

Vulnerability

Tests

Marine Traffic

http://www.marinetraffic.com/ais/

Swoogle

http://swoogle.umbc.edu

www.Sig.ma

Secure semantic

Web Ontology

sharing

Secure login Not available Yes’ to access more results basic login is provided. But is prone to Sql Injection Attacks.

Not available Yes’ a secure login is provided. And is safe from Sql Injection Attacks.

SSL Not Found SSL Enabled. Not Found. SSL doesn’t provide end to end security that is why author recommended the use of Encryptions.

Identity Theft Easy Access to Sensitive Information. Pirates can use the same system for hijacking ships and stealing from cargo shipments.

Easy access to a huge collection of Ontologies which could be used to steal sensitive information. These ontologies can be used extract very critical information from other sources of information.

This system will allow it’s user to get all sort of information regarding any search keyword. It uses the technology of intelligent mash up but has no security. Hence can be used for any purpose. Can be misused by terrorists.

Secure Login, Secure Encryption Tools and Admin’s Permission for every upload & download request plays a crucial role in making sure that none of the info or service could be misused.

Information

Security

No Security, anyone can access it and take away sensitive information about ships, cargo, tankers etc. Anyone can post wrong information about the ships with a little tweaking with the system. The system is completely open for any kind of security compromise.

Basic security but Anyone can download or access Semantic web Ontologies, which could have sensitive information stored in them.

No security, completely open mashup. Anyone can access lots of information about almost anything. Anyone can link fraud or wrong information using RDF tags, and thus no one can trust the information.

ECC & Secure Login provides a full proof mechanism & gives secure Access to the services. User can view the Ontology Collection and other pages but cannot download or upload any ontology until unless he signs in as Authentic User.

Secure Sessions Not Found Secure sessions are in use to provide page flow security & URL Security. But as the login is prone to SQL Injection attacks, thus sessions are of no use.

Not Found Secure Sessions are used to make sure of URL Security and Page flow Security.

Table 1: Comparison Chart

- 17 -

3 Chapter 3: Cryptography

3.1 Cryptography in Semantic Web

World Wide Web is an open system, where people interact with services, application, web

pages, look up for information, and social networking. Now, this giant gigantic web is taking

up another giant leap to completely revolutionize the entire system of people centred web

interaction. This new system is Semantic Web, which is a highly connected web of linked

data where machines can understand and process the web content. But, with power comes the

responsibility. Responsibility of making sure that everything on this super powerful web

works perfectly, and to make sure of that none of responsibilities is neglected, key properties

such as Cryptography, Trust and Proof will play a very crucial role. In the previous sections

the author has talked about Trust, Proof and Security. Now, in this section the author will talk

about Cryptography which plays a very important part in ensuring the security.

Cryptography has been kept alongside of all the layers in semantic web stack, the researchers

and developers knew its importance is all across the entire of infrastructure of Semantic web.

“These include XML, RDF, agents, the infrastructures as well as the information

management and data management technologies. We also need to ensure that security is

preserved when integrating the technologies. For example, one needs proper access to the

XML documents. Furthermore, these documents need to be encrypted for some applications.

The agents that carry out the processing have to communicate securely. Various security

technologies for the web do exist at present. These technologies have to be evaluated for the

semantic web. We also need to incorporate security semantics into semantic interoperability.

The various logics being developed for the semantic web need to be examined and security

properties have to be incorporated. ” [21]

Public key cryptosystem has developed quickly since it was purposed by W.Diffie and

M.Hellman in 1976. As we know, at the foundation of every cryptosystem is a hard

mathematical problem that seems infeasible to solve. People have been suggesting the

different complicated problems to establish the public key cryptosystem. The techniques of

the public key cryptosystem are classified into three classes: (1)based on the integer

factorisation, such as the popular RSA(Rivest, Shamir, Adelman), (2)based on the discrete

log, such as DSA ( Digital Signature Algorithm 1, DH ( Diffie-Hellman ) ,(3)based on

the elliptic curve, such as ECDH ( Elliptic Curve Difie-Hellman. ). The security degrees

of all the techniques are based on the hardness of mathematical problems.

- 18 -

Now, to make sure that the best of level of security infrastructure for semantic web, the best

of the best cryptosystem should be used. The author will now present a brief detail about all

the cryptosystems and will also show a comparison chart.

3.1.1 DSA: Digital Signature Algorithm

The Digital Signature Algorithm (DSA) is a standard by United Stated Federal Government

(FIPS) for digital signature. NIST (National Institute of Standards and Technology) proposed

it in Aug’1991 for use in their Digital Signature Standard (DSS), and specified it in FIPS 186

and later adopted it in 1993. It was later revised in 1996 as FIPS 186-1. The same standard

was later expanded and revised further in year 2000 as FIPS 186-2 and in 2009 as FIPS 186-

3.

Electronics analogue of a written signature is a digital signature; to provide assurance that the

claimed person (signatory) has signed the information using digital signature. It also enables

us to detect that, whether or not information was modified after it was signed. To meet the

requirements of the standard and to provide the services it is must for the digital signature to

be implemented properly.

Figure 5: Signature Generation and Verification for DSA

A digital signature algorithm includes a signature generation process and a signature

verification process. A signatory uses the generation process to generate a digital signature on

data; a verifier uses the verification process to verify the authenticity of the signature. Each

- 19 -

signatory has a public and private key and is the owner of that key pair. As shown in Figure

5, the private key is used in the signature generation process. The key pair owner is the only

entity that is authorized to use the private key to generate digital signatures. In order to

prevent other entities from claiming to be the key pair owner and using the private key to

generate fraudulent signatures, the private key must remain secret. The public key is used in

the signature verification process (see Figure 5). The public key need not be kept secret, but

its integrity must be maintained. Anyone can verify a correctly signed message using the

public key. For both the signature generation and verification processes, the message (i.e., the

signed data) is converted to a fixed-length representation of the message by means of an

approved hash function. Both the original message and the digital signature are made

available to a verifier. [8]

3.1.2 RSA: Rivest Shamir Adleman Algorithm

In cryptography, RSA was the first algorithm which gained large scaled popularity for being

perfectly suitable for both encryption and signing, and was the first great advancement in the

field of public key cryptography. It was developed by the trio of Rivest, Shamir and Adleman

and named after their initials. It is used almost everywhere in e-commerce protocols, and it is

believed that, if sufficiently long keys and up-to-date implementation methods are used than

it is among one of the most secure and powerful Public Key Cryptosystem. The unique

feature of RSA Cryptosystem which brought a change was that, even after publicly re-veiling

an encryption key was no more considered a threat and will therefore does not reveal the

corresponding decryption key.

This had two very important consequences:

1. Other means of secure communication like couriers and postal mails were no longer

required to transmit keys, because a message can now be enciphered using encryption keys

which were revealed by the intended recipient. And, the best part is that only he can decrypt

the message, since he is the only person who knows the corresponding decryption key.

2. A message can be signed using the decryption key held privately, and anyone who wants to

verify the signature can do that using the corresponding encryption key which is publicly

revealed to everyone. Signatures provided a full proof assurance as now they can’t be forged

and a signer cannot deny the validity of his signature. This new cryptosystem had very huge

impact in e-mail and e-funds transfer systems.

- 20 -

“A message is encrypted by representing it as a number M, raising M to a publicly specified

power e, and then taking the remainder when the result is divided by the publicly specified

product, n, of two large secret prime numbers p and q. Decryption is similar; only a different,

secret, power d is used, where e.d≡1 (mod (p-1).(q-1)). The security of the system rests in

part on the difficulty of factoring the published divisor, n.” [16, 18]

3.1.3 ECC: Elliptic Curve Cryptography

There are many drawbacks in current encryption algorithms in respect of security, real-time

performance and so on, and researchers are presenting various algorithms. Among them, the

Elliptic Curve Cryptography (ECC) is evolving as an important cryptography, and shows a

promise to be an alternative of RSA. Small size, high security and other features characterize

ECC.

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the

algebraic structure of elliptic curves over finite fields. The use of elliptic curves in

cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. [15,

11, 9, 1]

“Actually ECC is a kind of cryptography where an abelian group has been used to

implement the Diffie-Hellman key passing scheme, and the ElGamal public key

cryptosystem and signature schemes. The ECC relies upon the hardness of the Elliptic

Curve Discrete Log Problem (ECDLP). [15]

Consider the abelian group E of rational points. ECDLP is to determine the integer k, which

can let k*P = Q(P,Q is the given points on E).

More specifically, n*P=P+P+ ...+ P=8 (point at infinity)

Where n is a prime. Obviously, k<n, and if k and P is given, Q can be found easily. On the

other hand, it is difficult to get k even if P,Q are known. This is the hardness of ECDLP.

It is believed that the usual discrete log problem (DLP) over the multiplicative group of a

finite field and ECDLP are not equivalent problems, and that ECDLP is more difficult than

DLP. Now an ECC process of the ElGamal public key cryptosystem is explained as a

example:

Firstly, a specific point P on the curve E is selected and published as a part of public key.

Secondly, the user (denote: A) of private key will proceed the following operations:

� A private key K is selected as a random integer, k<n.

� The value Q = k*P is calculated, (E, P, n, Q) as the public key is published.

Thirdly, the one who wants to send message m to A (denote: B) should:

- 21 -

� Get A’s public key.

� Embed m in E and denote it as Pm.

� A random integer d is selected, d<n.

� Search for the point (x2, y2) = d*Q until x2=0.

� The value d*P and Pm+d*Q is calculated, (d*P, Pm+d*Q) is sent as an encrypted

message.

Finally, when A receives the encrypted message, he will:

� Using private key k, calculate k*d*P=d*(k*P) = d*Q.

Get the message by calculating Pm = (Pm+d*Q)-d*(k*P).” [15]

The purpose of any public key cryptosystem is to maintain the security and integrity of

the resources, avoid the attack of any people, any event, etc. while the anti-attack

performance of the algorithm assures its security. In 6th International Cryptography

Conferences in Jan.2000, ECC as well as RSA were the only two algorithms that were

recommended. Actually in the term of security, ECC provides the highest strength per bit

among all the cryptosystems.

3.2 How Elliptic Curve Cryptography is better than others??

ECC holds the key to next generation of cryptography as stated by Certicom Corporation and

NIST, NSA. [8, 20, 27]

These are few of the statics which make Elliptic Curve Cryptography the best choice for next

generation of cryptography. All the figures stated below are from NIST: National Institute of

Standards and Technology.

- 22 -

Figure 6: Underlying Mathematical problem for different Public Key Systems.

Figure 6 above tells us about the underlying mathematical problem for different public key

systems. These are the industry standard for public key cryptosystems and are commercially

viable, secure and efficient. They are based on different types of mathematical problems like

RSA is the best example of Integer Factorization Systems, DSA is based on Discrete Log and

ECC is based on the toughest of all problems i.e. Elliptic Curve.

- 23 -

Figure 7: NIST Guidelines for Public Key Sizes with Equivalent Security Levels.

Figure 7 showcases NIST Guidelines for Security levels with equivalent Public Key Sizes.

Among all of them ECC i.e. Elliptic Curve Cryptography is a clear winner, it is able to offer

highest amount of security bits at minimum public key size, DSA and RSA are on equal

terms with each other.

NIST has issued strict recommendations that 128-bit protection is necessary to achieve

relatively lasting security (to the year 2036 and beyond). That means shifting to AES from

3DES. To avoid compromising the security of the system, National Institute of Standards and

Technology FIPS 140-2 standard clearly states that security keys for symmetric ciphers like

AES must match to the strength by public-key algorithms like RSA and ECC. As you can see

in the table above, while ECC key sizes are scaling linearly, RSA key sizes do not. That

resulting into the gap between systems and will grow as the key sizes increases. This is

especially relevant when 512 bits of key size of ECC is compared to 15,360 bits of RSA key

size to implement AES of 256-bit security.

- 24 -

Figure 8: Run Times for different Public key Schemes

Two major benchmarks of comparing these cryptosystems are Security and Efficiency. The

security of these systems depends on the level of hardness of the underlying mathematical

problems. Above mentioned three different cryptosystems are based on three different

underlying mathematical problems and can only solved by three unique methods. Fully

exponential is the best way to solve ECC i.e. Elliptic Curve Discrete Log Problem. And thus,

it is able to deliver the best security/bit of any Public Key Cryptosystem.

3.2.1 Quick Wrap Up on Elliptic Curve Cryptography

As the author just showed how Elliptic Curve Cryptography is an extremely efficient

compact algorithm, and how it makes very few processing demands on devices with resource

constraints in comparison to RSA. Plus, it is a standardized cryptosystem, and it also ensures

- 25 -

interoperability between devices. And, it answers manufacturers' concerns about reliability as

being a well-researched and proven system.

In the end, benefits of ECC are many: linear scalability, a small software footprint, low

hardware implementation costs, low bandwidth requirements, and high device performance.

For the reasons above, ECC has gained a lot of support from a number of leading companies

and also received a strong validation from National Security Agency.

It is very clear that security is an essential component of World Wide Web and Semantic

Web. As the points stated above has shown, ECC is a superior algorithm to all the other

alternatives when it comes to enabling that security. And as it offers the highest strength-per-

bit of any other public-key cryptography system, there is no doubt that ECC is the best choice

for cryptography layer in Semantic Web Stack.

4 Chapter 4: Secure Semantic Web, Ontology Sharing

This chapter will exhibit the work of the author in order to present a web based system which

is capable of sharing Semantic Web Ontology but subsequently making sure of crucial factors

like Trust, Proof and Cryptography.

This system will exhibit the use of Elliptic Curve Cryptography to ensure that Trust and

Proof in Semantic Web Ontology Sharing. Elliptic Curve Cryptography was implemented

with the help of a very powerful and important toolkit “SECCURE”. It stands for Secure

Elliptic Curve Crypto Utility for Reliable Encryption.

4.1 SECCURE: ECC Toolkit

“SECCURE is free software published under the GNU General Public License (GPL).

The SECCURE toolset implements a selection of asymmetric algorithms based on elliptic

curve cryptography (ECC). In particular it offers public key encryption /

decryption, signature generation / verification and key establishment. To my best knowledge

none of the implemented algorithms and crypto graphical schemes

(ECDH, ECIES, ECDSA, AES-CTR, SHA256, SHA512) is covered by software patents (see

the Patent statement). All the named algorithms and all underlying elliptic curves

(standardized by NIST and SECG) are considered cryptographically secure

nowadays. SECCURE received two security audits by the Debian auditing team in August

2006, none of them detecting a problem.”[14]

- 26 -

SECCURE Use Description [14]:

SECCURE can also be found out at SECCURE Website i.e. http://www.point-at-

infinity.org/seccure.

SECCURE can be used to do following things:

4.1.1 Generate private-public key pair.

$ seccure-key

Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn

4.1.2 Encrypt a piece of text message.

$ seccure-encrypt -o private.msg '8W;>i^H0qi|J&$coR5MFpR*Vn' Assuming MAC length of 80 bits. Go ahead and type your message ... This is a very very secret message! ^D

4.1.3 Decrypt a piece of text message.

$ seccure-decrypt -i private.msg Assuming MAC length of 80 bits. Assuming curve p160. Enter private key: my private key This is a very very secret message! Integrity check successful, message unforged!

4.1.4 Encrypt a file.

$ seccure-key

Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn $ seccure-encrypt -i file.owl -o file.enc

'2D*~@S|:iXX.8HHY;kYBy*E>n'

4.1.5 Decrypt a file.

$ seccure-key

- 27 -

Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn seccure-decrypt -o filename.enc

Enter the Private Key: my private key

4.1.6 Verify the generated signature.

$ seccure-sign Assuming curve p160. Enter private key: my private key Go ahead and type your message ... This message will be signed ^D Signature: $HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq $ seccure-verify '8W;>i^H0qi|J&$coR5MFpR*Vn' '$HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq' Go ahead and type your message ... This message will be signed ^D Signature successfully verified!

4.1.7 Share or exchange Public Keys with Deffie-Hellman Key Exchange.

$ seccure-dh Assuming curve p160. Pass this key to your peer: 6cuC+ODUT5%uPnS<0HR*<F6X( Enter your peer's key: Ap]_BBbK>3hZjKr<#W+BX-z-7 Established key: $$b|qzU0~1y/f Verification key: %#R.Fc+q>a1]v $ seccure-dh Assuming curve p160. Pass this key to your peer: Ap]_BBbK>3hZjKr<#W+BX-z-7 Enter your peer's key: 6cuC+ODUT5%uPnS<0HR*<F6X( Established key: $$b|qzU0~1y/f Verification key: %#R.Fc+q>a1]v

Further to the project design, this project will follow the website development life cycle.

In WDLC the steps are:

Step 1: Requirement Analysis

Step 2: Specification of Requirements

Step 3: Site Structure and Design

Step 4: Website Development

- 28 -

Step 5: Testing and Maintenance

4.2 Requirement Analysis and Specifications

4.2.1 Requirement Analysis

This web based system will be able to demonstrate the authors work on Secure Semantic

Web-Ontology Sharing. The targeted users for this website are University Student’s,

Researchers and Developers. The sole aim of this website will be to provide a web based

system, where its users can share (upload and download) semantic web ontology, but the

thing which makes it different from the other existing similar systems like

www.swoogle.umbc.edu and www.dbpedia.org is that this website will make sure of the

security and will ensure Trust of the user. This website will give necessary guidelines to its

registered users on how to securely encrypt there ontology using the best crypto system i.e.

Elliptic Curve Cryptography and use of a toolkit SECCURE: Secure Elliptic Curve Crypto

Utility for Reliable Encryption. This website will further explain the method of downloading

and decrypting the ontology. The website will have pages for new user registration, user

login, ontology repository, ontology upload request and download request. The website will

be developed using PHP and the backend will be on MySQL.

4.2.2 Specification of requirement

Web Development Language: PHP 5.3.0 Web Design: CSS/HTML Back End: MySQL 5.1.36 Web Server: Apache Tomcat 2.2.11 Platform: Linux and Windows (SECCURE only on LINUX) Targeted User: Students, Researchers and Developers Services: New User Registration, User Login, Ontology Archives, Upload/Download Request, Encryption/Decryption Method, Use of SECCURE toolkit for Elliptic Curve Cryptography. Website Security: Use of Sessions, Secure User Login, SQL Injection and Cross Site Scripting proof.

4.3 Site Structure and Design

4.3.1 Use Case Diagram:

Use Case diagrams are used to depict the real-time scenario, which will be witnessed every

time a user uses the website. The actors or the players involved are USER and ADMIN. The

system boundary defines the limits of the websites. Each and every bubble represents a

webpage or its function. The cloud shows the process that is likely to take place on that page.

- 29 -

Some bubbles are linked to each other and they show a connected flow of pages for example

Download Instruction page is connected to download request form.

4.3.2 Website Flow Control Diagram:

Website flow control diagram is used to present the flow and connection between the web

pages. The connections between the web pages can be uni-directional and bi-directional.

Here, in the diagram below all the web pages have been represented with blocks, and the

connection among them are represented with a line.

HOME

Ontology Repository

Tech Support

Register New User

Login

Download

Instructions

Download

Request Form

Upload

Instructions Upload Request

Form

System Boundary

USER ADMIN

Browsing

Ontologies

Updating the Ontology Files

Technical Information

Secure Login Guidelines for SECCURE

Guidelines for SECCURE

SECCURE

Figure 9: Use Case Diagram

- 30 -

Home Page

Ontology

Collection

Tech-Support

New User

About Me

Upload Instructions

&

Request Form

Login/Sign In

Download Instructions

&

Request Form

Use SECCURE to generate Public

Key

Decrypt the file using Private Key

Use SECCURE to Encrypt the

Upload File

Logout/Signout

Figure 10: Page Flow Diagram

- 31 -

4.4 Website Development

The sole aim of the author for developing this website is just to demonstrate the Secure

Semantic Web, Ontology Sharing System. The website will allow its users to visit the website

at this address: http://www.raman.byethost13.com. The website has many pages, each with a

specific function which is associated to the next and all of them have been described below

along with a screen shot of each and every page. Use of SECCURE toolkit is also explained

in the website, as that toolkit will be used to provide the best crypto system to ensure the

security of the ontology exchange that will take place on this website. The major constraint is

the toolkit can only be used in Linux Environment. So, the user has to be on Linux platform

to use this toolkit for encryption or decryption. There is no other version of this software

which could be used on Windows platform. There are lot of Linux O/S which are available

free for download, to name a few Ubuntu 10.04 http://www.ubuntu.com/desktop/get-

ubuntu/download and Backtrack 4 http://www.backtrack-linux.org/downloads/.

4.4.1 Home Page

Home page will welcome all the users. Give a brief introduction to the purpose behind this

website, and will present the author’s view point on the need of Secure Semantic Web,

Ontology Sharing. The home page will also allow its new user’s to register themselves, to get

the privilege to share (upload and download) semantic web ontology. The users who have

already registered themselves can login and use the other features which will be described

later in the other sections. This webpage also allows its user to a) Search the web, b) Check

other Semantic Web Search Engines, and c) Contact the Author. Kindly refer to appendix

7.1.1 for web page design and code.

4.4.2 Ontology Repository

This webpage will showcase all the Semantic Web Ontology, which are presently stored in

the Databases of this website. Along with the names of the semantic web ontology, a brief

description about them and a link to the original source is also provided. If a user likes to

download any of the Ontology Files, he first needs to register himself with the website, and

all the other instructions to download will then be provided to him. If a user wants to

contribute and share his ontology, the user will still need to register and login, to get further

instruction on uploading the semantic web ontology. Ontology Repository page will be

regularly updated by the admin, as and when new ontology is submitted by the users. This

webpage also allows its user to a) Search the web, b) Check other Semantic Web Search

- 32 -

Engines, c) Login, d) Register New User and e) Contact the Author. Kindly refer to appendix

7.1.2 for web page design.

4.4.3 Tech-Support

The tech-support page will give the basic technical information about following things: a)

Purpose of website, b) Security, c) How to download the Ontology file, d) How to upload an

Ontology file, and e) Necessity of user being on Linux/Unix platform. This webpage also

allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Login,

d) Register New User and e) Contact the Author. Kindly refer to appendix 7.1.3 for web page

design.

4.4.4 About

About me page will give an insight into the author’s profile, his interests and activities and

contact information for feedback and suggestions. This webpage also allows its user to a)

Search the web, b) Check other Semantic Web Search Engines, c) Register New User and d)

Contact the Author. Kindly refer to appendix 7.1.4 for web page design.

4.4.5 New User Registration Page

If a user wants to register him/her self with the website, to benefit from all the features like

downloading and uploading semantic web ontology, he can get to this page by clicking on

New User tab on the top right corner of the page. The page consists of a really small form

asking just for very basic information from the user like a) Username, b) Password, c) Full

Name, d) Occupation and e) Country. Kindly refer to the appendix 7.1.5 for web page design

and code.

4.4.6 User’s Page

If a registered user wants to share (Upload or Download) semantic web ontology, from or to

this website, he/she will have to login with their unique user id and password. After login

he/she can get to this User’s page where detailed instructions are provided about the steps

involved during Upload and Download of semantic web ontology file. A like to SECCURE

toolkit is also provided and installation instructions are also given alongside. The user is

asked to first download and install SECCURE toolkit from http://point-at-

infinity.org/seccure/. After that user is asked to generate its Private and public key pair and

store it in a safe location. Links to the Download/ Upload Request Forms are also given on

the same page. The Admin’s public key also shared with the user on the same page, so that in

case of semantic web ontology upload the user can encrypt the his file with the Admin’s

public key. So, that only admin can see ontology file. This webpage also allows its user to a)

- 33 -

Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the

Author. Kindly refer to appendix 7.1.6 for web page design and code.

4.4.7 Download Request Form

Download request form allows the registered user to request the admin for the download link

to selected semantic web ontology file of user’s choice. But to make sure of security and

enhance user’s trust in the download process involved. A small form is presented in which

the user needs to fill in following details: a) Username, b) Email Add, c) Public Key, d)

Ontology Name and e) Purpose. On press of submit button the request of the user is added to

admin’s task list. Admin than consider the download request and Encrypts the requested

ontology file with user’s public key. Later a unique and secure FTP download link is emailed

to the user on the provided email address. This process is given a buffer time of 24Hours,

because each and every time a new file will be encrypted for all the requests received at the

admin’s end. This webpage also allows its user to a) Search the web, b) Check other

Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to

appendix 7.1.7 for web page design and code.

4.4.8 Upload Request Form

If a registered user is willing to make a contribution to the archives of this website with his

semantic web ontology file, he is very much welcomed and thus an upload request form is

also included in this website. On this page the user is presented with a small form to fill in

few details and upload the encrypted semantic web ontology file. But the user can only

upload an exclusively encrypted semantic web ontology file and is encrypted with the

admin’s public key which is given on the User’s main page. In the small form provided the

user is asked to fill in some very simple details which are as follows: a) Ontology Name, b)

Ontology Description, c) User name, d) Email add, e) File Browse/ Upload. The user is asked

to browse to the encrypted semantic web ontology file from his system and upload it using

the submit button. On submit the request to upload will be added to the admin’s task list. The

admin will then decrypt the file and then the admin will check the semantic web ontology file

and if everything is fine it will uploaded and added to the website ontology archives. An

acknowledgement mail will the sent to the user on the email id provided. This webpage also

allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Logout

and d) Contact the Author. Kindly refer to appendix 7.1.8 for web page design and code.

- 34 -

4.5 Testing and Maintenance

4.5.1 Testing

Testing is very crucial in terms of making sure the adequate functioning of the proposed

system. Testing should be an approach to find maximum errors in a system, thus resulting in

finding out all the scopes of improvement in the system.

This website has been thoroughly and rigorously tested to ensure the smooth functioning of

the website. The security of the website is also tested and all the best web development

practices have been used in developing this website.

Use of secure sessions, unique login-id credentials and strong emphasis is given to make the

website safe from Sql Injection Attacks and Cross Site Scripting Attacks. All the forms and

functions have been thoroughly tested by the author. The new user registration form, login

form, download and upload request form all of them have been tested rigorously both offline

and online. Users are allowed to upload the file with “.enc” extensions only and no other file

type is supported by the upload form. If any glitch or bug is found, kindly report it to the

admin on [email protected].

Following tests were conducted, to ensure adequate functioning of the proposed system:

TESTS TEST CASES RESULTS

Functionality Testing 1) Checking All The Links In Web Pages

2) Database Connections

3) Testing Forms

4) Cookies Testing

Successfully Tested: Perfect




Usability Testing 1) Navigation Testing

2) Content Checking

3) User Information


As per W3C & WCAG Standard

As per W3C & WCAG Standard

Interface Testing 1) Application Server Interface

2) Database Server Interface

Byethost Control Panel: Good

Byethost Control Panel: Good

Compatibility Testing 1) Browser Compatibility

2) O/S Compatibility

3) Mobile Browsing

Chrome/Mozzila/IE: Perfect

Linux Only

Web Browsing : Yes

SECCURE is only on Linux

Security Testing 1) Testing Internal URL without Login

2) SQL Injections

3) Web Directory

4) Invalid Inputs

Secured Using Sessions

Secured (special characters not allowed)

Secured (secure sessions)

Secured (not allowed)

Table 2: Testing Results

- 35 -

4.5.2 Maintenance

Maintenance is a continuous and never ending process, and it goes on till the system is in use.

This website was developed and will be maintained solely by the author, who is also the

admin of the website. With time the website is expected to grow. The user database, ontology

archives will grow with time, and thus a continuous maintenance will go on.

5 Chapter 5: Planning Management

5.1 Initial Project Scope

Initially the project was aimed to use some kind of encryption methodology to secure the

semantic web ontology and then to store it into RDF Triple Store. However, later on the

author realised that encrypted ontology can’t be stored into a RDF Triple Store, as the

internal format of ontology get completely converted into cipher text and hence can’t be

recognised by the RDF Triple Store. Than after careful consideration of all the aspects

associated with the project and discussion with group monitor the project was aimed to

deliver a Secure Semantic Web, Ontology Sharing System.

5.2 Available Resources

At the start of the project, the available resources to guide the author were just the few lecture

notes from Prof. Nigel Shadbolt’s Lecture, Some literature in form of books and papers on

Cryptography, Semantic Web and Secure Semantic Web and some papers written by the

author himself in the previous semesters in the field of Secure Semantic Web and Secure

World Wide Web.

5.3 Project Tasks

This M.Sc. dissertation project presented lots of tough challenges to the author. The very first

challenge was to do extensive reading and literature review on as much literature that can be

found on the topic. As this topic is relatively new to the other aspects of semantic web, which

made it lot harder for the author to find relevant work.

The second challenge came in form of learning and understanding cryptography, luckily the

author was able to find some books on cryptography and some online literature which helped

him to opt for Elliptic Curve Cryptography. But the real challenge starts here, Elliptic Curve

Cryptography deals with the toughest mathematical problem i.e. Elliptic Curve Discrete

- 36 -

Logarithm Problem. It took a fair amount of time for the author to understand Elliptic Curve

Cryptography.

The third challenge was to implement Elliptic Curve Cryptography onto the Semantic Web

Ontology Files. This task can be further sub-divided in learning and understanding ECC

toolkit. Elliptic Curve Cryptography toolkit used is SECCURE. But using this toolkit

presented another challenge to author i.e. the toolkit can only be used on Linux Platform,

which further lead the author to learn UBUNTU 10.04.

Fourth challenge was to store the encrypted ontology into the RDF Triple Store, which later

became a hurdle as the semantic web ontology file can’t be recognised by the triple store after

encryption as everything in that file has been converted into cipher text (as mentioned

earlier). This hurdle was later sorted out with the help and guidance of the group monitor,

who suggested the author to use an ontology sharing website to present the securely

encrypted ontology files.

Fifth and final challenge was the biggest problem which came after a month of final

submission. But it also gave an opportunity to the author to improvise his previous work and

present the work with more sophisticated results, comparison charts and improved website.

Before making this final submission author make sure that all the short coming have been

taken care adswhich were there in the previous submission.

5.4 Risk

During the middle of the project author’s bad health was a major threat, as substantial amount

of time was wasted in recovering. To compensate for the time loss, author devoted extra time

on the project in the weeks after recovery. The second risk was posed when the author found

out that the encrypted files cannot be stored into RDF triple store. Later on after discussion

with the group monitor, a way out was found.

5.5 Gantt chart

Initially at the time of starting the project Gantt chart was planned and designed while

keeping all the tasks and activities in mind. The difficult tasks and activities like literature

review, studying access control mechanism and encryption mechanisms were given more

time.

- 37 -

But, later on some tasks took more time than expected like learning Linux environment, RDF

Triple Store Problem and health issues affected the planned schedule. However, author made

every possible effort to meet the deadlines and to attend all the scheduled meetings with the

monitor and supervisor.

After the submitting the dissertation officially for the first time, the author was advised to do

some more work, to further improve the proposed system and present it in a better way to the

examiners. Which added another 7 weeks to the project schedule, thus the final Gantt Chart

of the project plan as follow:

- 38 -

5.6 Management techniques

MSc IS system was of great help in managing the project. It helped in keeping the author

aware of his peers; managing meetings with monitor and supervisor; milestones and tasks

were set to meet the deadlines on time. Author also used his Personal Digital Assistant in

managing the scheduled tasks. A log book was also maintained by the author to keep minutes

from the monitor and supervisor meeting.

6 Chapter 6: Conclusion and Suggestion for future work

6.1 Suggestion for future work

This website is just the first step towards the making of Secure Semantic Web, a lot more can

be done but due to time constraint of three months, only this much was feasible. For future

work the author would recommend its readers the following things:

a) Work on integration of Elliptic Curve Cryptography into Semantic Web Stack.

b) Work on SECCURE Toolkit to be available for Windows platform.

c) Work on integration of SECCURE toolkit into Semantic Web Ontology IDE’s like

Protégé 4.1.

d) A secure encryption mechanism or access control mechanism can be developed

exclusively for RDF triple store.

6.2 Conclusion

In this M.Sc. Dissertation Project Report the author presented a successful demonstration of

Secure Semantic Web, Ontology Sharing System. In this project the author emphasised on

the importance of Security in Semantic Web. The author also talks about importance of

factors like Trust, Proof and Cryptography in Semantic Web Stack.

Author also presented his findings on different crypto systems like RSA: Rivest Shamir

Adleman, DSA: Digital Signature Algorithm and ECC: Elliptic Curve Cryptography. Author

finds out that Elliptic Curve Cryptography is the best crypto system available today and

should be exploited in the benefit of a Secure World Wide Web and a Secure Semantic Web.

The use of SECCURE toolkit was definitely an advantage towards the successful completion

of project on time. SECCURE introduced the easiest possible way to deal with the strongest

crypto system which is based on the most difficult mathematical problem i.e. Elliptic Curve

- 39 -

Discrete Logarithm Problem. All the commands were easy to understand, learn and

implement.

Overall the MSc Dissertation project was delivered on time, with all the results & successful

demonstration. This project has greatly enhanced the author’s understanding, about Semantic

Web and Importance of Layers like Trust, Proof and Cryptography in Semantic Web Stack.

It also gave an opportunity to the author to investigate web design packages such as Adobe

Dreamweaver CS3, WAMP 2.0, Elliptic Curve Cryptography Toolkit: SECCURE and Linux

based Operating System: UBUNTU 10.04.

- 40 -

7 Chapter 7: Appendices

7.1 Appendix: Web Pages along with the some important bits of code

7.1.1 HOME PAGE

CODE for the Home Page:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<title>Homepage</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="images/Envision.css" type="text/css" />

</head>

<body>

<div id="wrap">

- 41 -

<div id="header">

<h1 id="logo-text">Secure Semantic Web</h1>

<h2 id="slogan"><b>Web Ontology Sharing....</b></h2>

<div id="header-links">

<p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p>

</div>

</div>

<div id="menu">

<ul>

<li id="current"><a href="index.php">Home</a></li>

<li><a href="archives.php">Archives</a></li>

<li><a href="support.php">Tech-Support</a></li>

<li class="last"><a href="about.php">About</a></li>

</ul>

</div>

<div id="content-wrap">

<div id="sidebar">

<h1>Search Box</h1>

<form method="get" action="http://www.google.com/search">

<p>

<input type="text" name="q" size="20" maxlength="255" value="" />

<input type="submit" value="Search" />

</p>

</form>

<h1>Login</h1>

<form action="download_upload.php" method="post">

<p>

<label>Username</label>

<input name="username" value="Your UserName" type="text" size="20"

id="username"/>

<label>Password</label>

<input name="password" value="Your Password" type="password" size="20"

id="password"/>

<br />

<br />

<input class="button" type="submit" />

</p>

</form>

<h1>Links to Semantic Websites</h1>

<ul class="sidemenu">

<li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li>

<li><a href="http://swoogle.umbc.edu/">Swoogle</a></li>

<li><a href="http://data.gov.uk/">Data Gov UK</a></li>

<li><a href="http://sig.ma/">SIG.MA</a></li>

- 42 -

<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li>

</ul>

</div>

<div id="main">

<h1>Secure Semantic Web </h1>

<p><strong>Semantic Web</strong><strong>"</strong>is a group of methods and

technologies to allow machines to understand the meaning - or "semantics" - of information

on the World Wide Web.

The term was coined by <strong>World Wide Web Consortium (W3C)</strong> director

<strong>Tim Berners-Lee</strong>. According to the original vision, the availability of

machine-readable metadata would enable automated agents and other software to access the

Web more intelligently.<br /><br /> The agents would be able to perform tasks automatically

and locate related information on behalf of the user.

While the term "Semantic Web" is mainly to be used to describe the model and technologies

proposed by the W3C. These technologies include the <strong>Resource Description

Framework (RDF)</strong>, a variety of data interchange formats (e.g. RDF/XML, N3,

Turtle, N-Triples), and notations such as <strong>RDF Schema (RDFS)</strong> and the

<strong>Web Ontology Language (OWL)</strong>, all of which are intended to provide a

formal description of concepts, terms, and relationships within a given knowledge

domain.Many of the technologies proposed by the W3C already exist and are used in various

projects.<strong>"<a href=http://en.wikipedia.org/wiki/Semantic_Web> [1]

</a></strong><br /><br />

<strong>Security</strong> has always been considered as a key concern, by all the

research scientists who are working in the field of <strong>Semantic Web</strong>. That is

why factors associated with the Security of Semantic Web like Trust, Proof, Encryption,

Signatures has been kept on top most layer of <a

href="http://en.wikipedia.org/wiki/Semantic_Web_Stack#Overview">Semantic Web

Stack</a>. This website demonstrate a step towards the making of a <strong>Secure

Semantic Web</strong>.</p>

<p>Semantic Web revolves around the <strong>Ontologies</strong> and <strong>RDF

Triples</strong>, and there are lots of web forums and communities which provides ready to

use Ontologies. Which means that you are free to use and modify it for any purpose.</p>

<p class="post-footer align-right"> <a

href="http://en.wikipedia.org/wiki/Semantic_Web" class="readmore">Read more</a></p>

</div>

</div>

<div id="footer">

<p> © 2010 <strong>MSc Dissertation Project</strong> | Design by:

<strong>Raman Pal</strong> | Valid <a

href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a

- 43 -

href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a>

<a href="index.php">Home</a> |

</p>

</div>

</div>

</body>

</html>

7.1.2 ONTOLOGY REPOSITORY

- 44 -

7.1.3 TECH-SUPPORT

- 45 -

7.1.4 ABOUT

- 46 -

7.1.5 NEW USER REGISTRATION PAGE

CODE for NEW USER REGISTRATION PAGE:




<head>

<title>New User Registration</title>



</head>

<body>

<div id="wrap">

<div id="header">




<p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p>

</div>

</div>

<div id="menu">

<ul>

<li><a href="index.php">Home</a></li>



- 47 -


</ul>

</div>


<div id="sidebar">

<h1>Search Box</h1>


<p>



</p>

</form>








</ul>

</div>

<div id="main">

<h1>New User Registration </h1>

<p>

<form action="congrats.php" method="post">

<p>Enter Username: <input type="text" name="username" value="" size=50/><br />

Enter Password : <input type="password" name="password" value=""

size=50/><br />

Full Name         : <input

type="text" name="name" value="" size=50/><br />

Email          &nbsp

;    : <input type="text" name="email_id" value="" size=50/><br

/>

Occupation       : <input type="text"

name="occupation" value="" size="50"/><br />

Country           :

<input type="text" name="country" value="" size="50"/></p>

<p align="center"> Submit Details: <input type ="submit" name="submit"

value="Submit"/></p>

</form>

</div>

</div>

<div id="footer">

- 48 -






</p>

</div></div></body></html>

- 49 -

7.1.6 USER’S PAGE

- 50 -

CODE for USER’s PAGE




<head>

<title>Download and Upload Instructions</title>



</head>

<body>

<?php

$username_1 = $_POST['username'];

$password_1 = $_POST['password'];

$db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143') OR

die("disconnected<br>");

$db = mysql_select_db('b13_6284740_project') OR die("unable to select database");

$dbquery_1 = "select * from users where username='$username_1' and

password='$password_1'" OR die

("unable to execute query");

$dbresult_1 = mysql_query($dbquery_1,$db_connect) OR die("unable 2 give result");

?>

<div id="wrap">

<div id="header">




<p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p>

</div>

</div>

<div id="menu">

<ul>




<li><a href="download_request.php">Download Request</a></li>

<li><a href="upload_request.php">Upload Request</a></li>


</ul>

- 51 -

</div>


<div id="sidebar">

<h1>Search Box</h1>


<p>



</p>

</form>








</ul>

</div>

<div id="main">

<h1>Instructions for Downloading Semantic Web Ontology !!</h1>

<ul>

<li>For Downloading any Semantic Web Ontology, you need to fill in some details into

the form below:</li>

<li>First download <strong>SECCURE: Secure Elliptic Curve Cryptography Utility for

Reliable Encryption</strong>. You can download its Tar.gz File or Debian Package from <a

href="http://point-at-infinity.org/seccure/">Seccure</a>.</li>

<li>After installing this very important toolkit in your machine. You should generate

<strong>PUBLIC KEY & PRIVATE KEY PAIR</strong>, using the following set of

commands in your terminal window:<br />

<strong>$ seccure-key<br />

Assuming curve p160.<br />

Enter private key: my private key<br />

The public key is: 8W;>i^H0qi|J&$coR5MFpR*V </strong></li>

<li>User Should must provide this <strong>PUBLIC KEY</strong> in the form below, and

keep the <strong>PRIVATE KEY</strong> safe with you.</li>

<li>The website Admin needs your PUBLIC KEY to encrypt the file exclusively for you.

</li>

<li>The Download link for the requested ontology will be made available to you in

24Hours.</li>

- 52 -

<li>After downloading the file on your machine, Simply browse to the directory of

the file. Use the following set of commands to Decrypt the File.<br />

<strong>seccure-decrypt -o filename.enc <br />

Enter the Private Key: my private key<br />

File Open</strong></li>

</li>

</ul>

<p align="center"><a href="download_request.php"><strong>Download Request

Form</strong></a></p>

<h1>Instructions for Uploading Semantic Web Ontology!!</h1>

<ul>

<li>For Uploading any Semantic Web Ontology to this website, the user needs to fill in

some details into the form below, and upload the file using the file upload tool.</li>

<li>First Download and Install <strong>SECCURE: Secure Elliptic Curve Cryptography

Utility for Reliable Encryption</strong>. You can download its Tar.gz File or Debian

Package from <a href="http://point-at-infinity.org/seccure/">Seccure</a>.</li>

<li>After installing this very important toolkit in your machine. Use this PUBLIC

KEY::<strong>2D*~@S|:iXX.8HHY;kYBy*E>n</strong>, to encrypt the Ontology file,

using the commands below:<br />

<strong>$ seccure-encrypt -i file.owl -o file.enc '2D*~@S|:iXX.8HHY;kYBy*E>n'<br />

Encryption Succesful</strong></li>

<li>User Should than, UPLOAD the encrypted version of the file, using the File_Upload

option below:</li>

<li>The website Admin will check the file, and if the decryption is successful on Admin's

end, It will be uploaded in our Archives in 24Hours of time span.</li>

<li>Kindly fill in all the details related to the Semantic web Ontology you are about to

upload.</li>

</li>

</ul>

<p align="center"><a href="upload_request.php"><strong>Upload Request

Form</strong></a></p>

</div>

</div>

<div id="footer">





- 53 -


</p>

</div>

</div>

</body>

</html>

7.1.7 DOWNLOAD REQUEST FORM

CODE for DOWNLOAD REQUEST FORM:




<head>




</head>

<body>

<div id="wrap">

<div id="header">





- 54 -

</div>

</div>

<div id="menu">

<ul>




<li id="current"><a href="download_request.php">Download Request</a></li>

<li><a href="upload_request.php">Upload Request</a></li>


</ul>

</div>


<div id="sidebar">

<h1>Search Box</h1>


<p>



</p>

</form>








</ul>

</div>

<div id="main">

<h1>Request form for Downloading Semantic Web Ontology !!</h1>

<form action="download_request.php" method="post"><br />

Username:          <input

type="text" value="" name="usrname" /><br /><br />

Email

Add:          <input

type="text" value="" name="email" /><br /><br />

PUBLIC KEY:       <input type="text"

value="" name="pubkey" /><br /><br />

- 55 -

Ontology Name:  <input type="text" value="" name="owlname" /><br

/><br />

Purpose:

            <inp

ut type="text" value="" name="purpose" /><br /><br />

<input type="submit" value"Send Download Request" name="dndrequest" />

</form>

<?php

$usrname = $_POST['usrname'];

$mail = $_POST['email'];

$pubkey = $_POST['pubkey'];

$owlname = $_POST['owlname'];

$purpose = $_POST['purpose'];

$db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143');

if ($db_connect == false)

{

die ("Unable to Connect to MySql Database<br>");

}

$db = mysql_select_db('b13_6284740_project');

if ($db == false)

{

die ("Unable to Select MySql Databse<br>");

}

$dbquery = "INSERT INTO download (usrname, mail, publickey, owlname,

purpose) VALUES ('$usrname','$mail','$pubkey','$owlname','$purpose')";

$dbresult = mysql_query ($dbquery, $db_connect);

if ($dbresult == false)

{

die("Unable to add record <br>");

}

?>

</div>

</div>

<div id="footer">





       <a

href="index.php">Home</a> | </p>

- 56 -

</div>

</div>

</body>

</html>

7.1.8 UPLOAD REQUEST FORM

CODE for UPLOAD REQUET FORM:




<head>




</head>

<body>

<div id="wrap">

<div id="header">





</div>

</div>

- 57 -

<div id="menu">

<ul>




<li><a href="download_request.php">Download Request</a></li>

<li id="current"><a href="upload_request.php">Upload Request</a></li>


</ul>

</div>


<div id="sidebar">

<h1>Search Box</h1>


<p>



</p>

</form>








</ul>

</div>

<div id="main">

<h1>Request form for Uploading Semantic Web Ontology!!</h1>

<form enctype="multipart/form-data" action="upload_request.php" method="POST"><br />

Ontology Name::         <input

type="text" name="ontologyname" value="" /><br /><br />

Ontology Description:: <input type="text" name"description" value="" size="50" /><br /><br

/>

Username::

     <input type="text" name="username" value="" /><br /><br />

Email::           &nbs

p;           <input

type="text" name="email" value="" /><br /><br />

- 58 -

<input type="hidden" name="MAX_FILE_SIZE" value="100000" />

Choose a file to upload: <input name="uploadedfile" type="file" />

<input type="submit" value="Submit" /><br /><br />

</form>

<?php

$target_path = "upload/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))

{

echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

}

else

{

echo "There was an error uploading the file, please try again!";

}

?>

</div>

</div>

<div id="footer">





<a

href="index.php">Home</a> | </p>

</div>

</div>

</body>

</html>

8 References [1] Ali, R. (2008). Elliptic Curve Cryptography A new way for Encryption. Karachi: IEEE.

[2] Amit Jain, Csilla Farkas. (2006). Secure Resource Description Framework: an Access

Control Model. SACMAT'06. ACM.

[3] Azadeh Nematzadeh, Layla Pournajaf . (2008). Privacy Concerns of Semantic Web . Fifth

International Conference on Information Technology: New Generations. Tehran: IEEE

Computer Society.

- 59 -

[4] Bertino, E. (2002). Access Control for XML Documents, Data and Knowledge

Engineering.

[5] Bhavani Thuraisingham, Pranav Parikh . (2008). Trustworthy Semantic Web

Technologies for Secure Knowledge Management . 2008 IEEE/IFIP International

Conference on Embedded and Ubiquitous Computing . IEEE Computer Society.

[6] Elena Ferrari, Bhavani Thuraisingham. (2000). Secure Database System. In Advances in

Database Management. Artech House.

[7] Farkas, C. (2003). Inference Problem for Semantic Web. Proceeding of the IFIP

conference on Data and Application Security. Colorado.

[8] Gaithersburg, M. (2009, June). Digital Signature Standards, FIPS PUB 186-3. Retrieved

from Federal Information Processing Standards Publications FIPS PUBS:

http://www.itl.nist.gov/fipspubs/by-num.htm

[9] Ian F. Blake, Gadiel seroussi, Nigel P. Smart. (2005). Advances in Elliptic Curve

Cryptography. Cambridge: Cambridge University Press.

[10] Jirı Dokulil, Jakub Yaghob, Jana Katreniakova. (2008). Everything You Ever Wanted to

Learn from the Semantic Web but Were Unable to Ask. The Second International Conference

on Advanced Engineering Computing and Applications in Sciences. IEEE Computer Society.

[11] Koblitz, N. (1987). Elliptic Curve Cryptosystems. Math. Comp.

[12] Maryam Tahajod, Azadeh Iranmehr, Nasim khozooyi. (2009). Trust Management for

Semantic Web . 2009 Second International Conference on Computer and Electrical

Engineering. IEEE Computer Society.

[13] Nigel Shadbolt, Wendy Hall, Tim Berners-Lee. (2006). Semantic Web Revisted. Web

and Semantic Web Research Information. IEEE Computer Society.

[14] Poettering, B. (2009, april 9). SECCURE. Retrieved from Point At Infinity:

http://www.point-at-infinity.org/seccure/

[15] Qizhi Qiu, Qianxing Xiong . (2003). Research on Elliptic Curve Cryptography. The 8th

International Conference on Computer Supported Cooperative Work in Design Proceedings.

IEEE.

[16] R. L. Rivest, A. Shamir, L. Adleman. (1978). A method for obtaining digital signatures

and public key cryptosystem. Communication of the ACM. ACM.

[17] Semantic Information Mash-Up. (n.d.). Retrieved from Sig.MA: http://www.sig.ma

[18] Shuhua Wu, Yuefei Zhu. (2006). A Resource Efficient Architecture for RSA and Elliptic

Curve Cryptosystems. IEEE.

- 60 -

[19] Sizov, S. (2007). What Makes You Think That? The Semantic Web’s Proof Layer. IEEE

Computer Society.

[20] The Case For Elliptic Curve Cryptography. (2009, January 15). Retrieved from National

Security Agency, Central Security Service:

http://www.nsa.gov/business/programs/elliptic_curve.shtml

[21] Thuraisingham, B. (2002). Builing Secure Survivable Semantic Web. 14th IEEE

International Conference on Tools with Artificial Intelligence (ICTAI’02).

[22] Thuraisingham, B. (2007). CONFIDENTIALITY, PRIVACY AND TRUST POLICY

ENFORCEMENT FOR THE SEMANTIC WEB. Eight IEEE International Workshop on

Policies for Distributed System and Networks (POLICY'07). Dallas: IEEE Computer Society.

[23] Thuraisingham, B. (2003). Security Issues for the Semantic Web . 27th Annual

International Computer Software and Applications Conference (COMPSAC’03).

[24] Thuraisingham, B. (2002). XML Databases and the Semantci Web. CRC.

[25] Thuraisingham, D. B. (2009). Building Trustworthy Semantic Webs . IEEE IRI 2009.

[26] Tim Berners-Lee, Mark Fischetti. (1999). Weaving The Web. San Francisco: Harper.

[27] Vanstone, S. (2004, March 18). ECC holds key to Next-Gen Cryptography. Retrieved

from EE Times News and Analysis:

http://www.commsdesign.com/showArticle.jhtml?articleID=18400497

[28] Yu Zhang, Huajun Chen, Zhaohui Wu, Xiaoqing Zheng. (2006). Develop a

computational trust prototype for the Semantic Web. Proceedings of the 22nd International

Conference on Data Engineering Workshops (ICDEW'06).