secure semantic web (ontology sharing)
DESCRIPTION
MSc Web Technology Dissertation, University of Southampton, United KingdomTRANSCRIPT
- 1 -
UNIVERSITY OF SOUTHAMPTON
Faculty of Engineering, Science and Mathematics
School of Electronics and Computer Science
Secure Semantic Web, Ontology Sharing
By
RAMAN PAL
Completed on 18th
January, 2011
A dissertation submitted in partial fulfilment of the degree of
M.Sc. Web Technology
By examination and dissertation
Supervisor: Dr. Kirk Martinez
Examiner: Dr. Richard M Crowder
- 2 -
Abstract
This dissertation will present the developments in the field of Semantic Web and will talk
about Secure Semantic Web. To satisfy the requirements of M.Sc. Dissertation, the author
has also proposed an implementation model which will present the concept of Secured
Sharing of Semantic Web Ontology. This model is devised for secured resource management
for intelligent service framework, such as semantic web.
This dissertation will talk about Semantic Web and Security. It will showcase, why factors
like Trust and Proof are kept on top most layers of Semantic Web Stack. It will further
demonstrate the use of encryptions to enhance the effect of factors like Trust & Proof. A
study on various Encryption algorithms is also presented; Elliptic Curve Cryptography (ECC)
being one of them. ECC is explained in detail and the description of its toolkit “SECCURE”
is also provided.
For the purpose of demonstrating the implementation of Secure Medium of Information
Interchange for Semantic Web Ontology, author developed a website which will allow its
users to securely share their semantic web ontology and suggested the use of Elliptic Curve
Cryptography.
Keywords Semantic Web, Security, Encryption, Cryptography, Trust, Proof, Elliptic Curve
Cryptography, ECC, SECCURE, Semantic Web Stack, Secure Semantic Web, Web Ontology
Language, Secure Information Interchange.
Acknowledgement I would like to thank my project supervisor Dr. Kirk Martinez for his invaluable support and
guidance throughout the project design and implementation.
I would also like to thank my second examiner Dr. Richard M. Crowder, who took time from
his busy schedule for evaluating my implementation work, and giving useful feedback.
And, in the last I would like to thank my group monitor Mu Yang, she is the person who was
always there to help me with all kind of difficulties in my project.
Thank you all.
- 3 -
Table of Contents
Keywords .............................................................................................................................. - 2 -
Acknowledgement ................................................................................................................ - 2 -
Chapter 1: Introduction ......................................................................................................... - 6 -
1.1 Introduction ............................................................................................................ - 6 -
1.2 Thesis Structure ...................................................................................................... - 7 -
2 Chapter 2: Semantic Web and Secure Semantic Web .................................................. - 8 -
2.1 Semantic Web ........................................................................................................ - 8 -
2.1.1 Proof and Trust Layer ..................................................................................... - 9 -
2.2 Secure Semantic Web........................................................................................... - 10 -
2.3 Examples of websites where security can be compromised ................................ - 12 -
2.3.1 http://www.marinetraffic.com/ais/ ................................................................ - 12 -
2.3.2 http://www.sig.ma ......................................................................................... - 13 -
2.3.3 www.swoogle.umbc.edu ............................................................................... - 15 -
2.4 Comparison Chart for security vulnerability testing of the above mentioned
examples. ........................................................................................................................ - 16 -
3 Chapter 3: Cryptography............................................................................................. - 17 -
3.1 Cryptography in Semantic Web ........................................................................... - 17 -
3.1.1 DSA: Digital Signature Algorithm ............................................................... - 18 -
3.1.2 RSA: Rivest Shamir Adleman Algorithm..................................................... - 19 -
3.1.3 ECC: Elliptic Curve Cryptography ............................................................... - 20 -
3.2 How Elliptic Curve Cryptography is better than others?? ................................... - 21 -
3.2.1 Quick Wrap Up on Elliptic Curve Cryptography ......................................... - 24 -
4 Chapter 4: Secure Semantic Web, Ontology Sharing ................................................. - 25 -
4.1 SECCURE: ECC Toolkit ..................................................................................... - 25 -
4.1.1 Generate private-public key pair. .................................................................. - 26 -
4.1.2 Encrypt a piece of text message. ................................................................... - 26 -
4.1.3 Decrypt a piece of text message.................................................................... - 26 -
4.1.4 Encrypt a file. ................................................................................................ - 26 -
4.1.5 Decrypt a file................................................................................................. - 26 -
4.1.6 Verify the generated signature. ..................................................................... - 27 -
4.1.7 Share or exchange Public Keys with Deffie-Hellman Key Exchange. ......... - 27 -
4.2 Requirement Analysis and Specifications ............................................................ - 28 -
4.2.1 Requirement Analysis ................................................................................... - 28 -
- 4 -
4.2.2 Specification of requirement ......................................................................... - 28 -
4.3 Site Structure and Design ..................................................................................... - 28 -
4.3.1 Use Case Diagram: ....................................................................................... - 28 -
4.3.2 Website Flow Control Diagram: ................................................................... - 29 -
4.4 Website Development .......................................................................................... - 31 -
4.4.1 Home Page .................................................................................................... - 31 -
4.4.2 Ontology Repository ..................................................................................... - 31 -
4.4.3 Tech-Support................................................................................................. - 32 -
4.4.4 About............................................................................................................. - 32 -
4.4.5 New User Registration Page ......................................................................... - 32 -
4.4.6 User’s Page ................................................................................................... - 32 -
4.4.7 Download Request Form .............................................................................. - 33 -
4.4.8 Upload Request Form ................................................................................... - 33 -
4.5 Testing and Maintenance ..................................................................................... - 34 -
4.5.1 Testing........................................................................................................... - 34 -
4.5.2 Maintenance .................................................................................................. - 35 -
5 Chapter 5: Planning Management ............................................................................... - 35 -
5.1 Initial Project Scope ............................................................................................. - 35 -
5.2 Available Resources ............................................................................................. - 35 -
5.3 Project Tasks ........................................................................................................ - 35 -
5.4 Risk....................................................................................................................... - 36 -
5.5 Gantt chart ............................................................................................................ - 36 -
5.6 Management techniques ....................................................................................... - 38 -
6 Chapter 6: Conclusion and Suggestion for future work .............................................. - 38 -
6.1 Suggestion for future work ................................................................................... - 38 -
6.2 Conclusion ............................................................................................................ - 38 -
7 Chapter 7: Appendices ................................................................................................ - 40 -
7.1 Appendix: Web Pages along with the some important bits of code..................... - 40 -
7.1.1 HOME PAGE ............................................................................................... - 40 -
7.1.2 ONTOLOGY REPOSITORY ....................................................................... - 43 -
7.1.3 TECH-SUPPORT ......................................................................................... - 44 -
7.1.4 ABOUT ......................................................................................................... - 45 -
7.1.5 NEW USER REGISTRATION PAGE ......................................................... - 46 -
- 5 -
7.1.6 USER’S PAGE ............................................................................................. - 49 -
7.1.7 DOWNLOAD REQUEST FORM ................................................................ - 53 -
7.1.8 UPLOAD REQUEST FORM ....................................................................... - 56 -
8 References ................................................................................................................... - 58 -
Table of Figures
FIGURE 1: SEMANTIC WEB STACK ........................................................................... - 9 -
FIGURE 2: SCREEN SHOT OF MARINE TRAFFIC WEBSITE, GIVING AWAY CRUCIAL INFORMATION. ... -
13 -
FIGURE 3: SCREEN SHOT OF SIG.MA GIVING AWAY CRUCIAL INFORMATION AND COMPROMISING
SECURITY. ................................................................................................. - 14 -
FIGURE 4: SCREEN SHOT OF SWOOGLE: SEMANTIC WEB SEARCH ENGINE ALLOWING ITS USERS
TO DOWNLOAD SEMANTIC WEB ONTOLOGY WITHOUT ANY SECURITY. ..................... - 15 -
FIGURE 5: SIGNATURE GENERATION AND VERIFICATION FOR DSA ................................ - 18 -
FIGURE 6: UNDERLYING MATHEMATICAL PROBLEM FOR DIFFERENT PUBLIC KEY SYSTEMS. . - 22 -
FIGURE 7: NIST GUIDELINES FOR PUBLIC KEY SIZES WITH EQUIVALENT SECURITY LEVELS. .. - 23 -
FIGURE 8: RUN TIMES FOR DIFFERENT PUBLIC KEY SCHEMES ....................................... - 24 -
FIGURE 9: USE CASE DIAGRAM ............................................................................ - 29 -
FIGURE 10: PAGE FLOW DIAGRAM ....................................................................... - 30 -
- 6 -
Chapter 1: Introduction
1.1 Introduction
The present World Wide Web is heading towards its third stage of evolution. Starting with a
basic architecture and design of web pages, having just the static content to display
information and hyperlinks to other web pages, which later evolved into a more user centred
design with interactive information sharing, a collaborative World Wide Web. Latest research
and developments are taking it to its third stage of evolution which is about to take place or
rather be said is taking place in this virtual world of WWW, in which the information and
content on the web will be understandable and processed by the machines [computers],
intelligent agents and web services.
The fact which is a matter of concern for all the users of World Wide Web is: Security, Trust
and Proof in regard to the services that are offered online. Some of the issues are:
1) Are we 100% sure about the fact, that all our information which is available up there
online is safe and secure?
2) Are we 100% sure that whatever we buy online will definitely reach us and we will
not become victim to any scam?
3) Are we 100% sure about the facts that we read online on different forums are
trustworthy enough to believe them?
All the concerns mentioned above triggers another question that, have we achieved such a
level of access control and security mechanism which is capable of supporting an entirely
new and improved World Wide Web, where machines will be able to take control of every
other thing which is available online?
Author believes that for the growth and success of semantic web factors like trust, proof,
security and encryptions are indispensible in semantic web stack.
This dissertation will talk about importance of factors like trust and proof in the semantic web
stack. Furthermore, it will present a prototype for secure information interchange for
semantic web ontology sharing. To support the prototype presented, use of encryption
algorithm is a must, that’s why comparison between different available cryptosystems is
shown and use of Elliptic curve cryptography is recommended.
- 7 -
1.2 Thesis Structure
This dissertation is divided in chapters; Second chapter of this dissertation will explain
Semantic Web and Secure Semantic Web. It will present its finding for existence of a Secure
Semantic Web, by secure the author means: which can be Trusted and there is Proof for every
assertion made on it. The author will also talk about Semantic Web Stack and the importance
of Trust and Proof layer. And in the third section, the author will present some of the
instances from Semantic Web Sites where security has been compromised or can be
compromised and will also present a comparison between existing systems and the proposed
system.
Third Chapter of this dissertation will talk about use of Encryptions and Signatures to make
Semantic Web a Secure Semantic Web. Further, to this chapter the author will compare
different Encryption Algorithms and will present its findings. In the second section of this
chapter the author will talk about Elliptic Curve Cryptography, and will show how Elliptic
Curve Cryptography is the best cryptography system available today.
Fourth Chapter of this dissertation will present the project design and implementation of a
Secure Semantic Web, Ontology Sharing System. The author will showcase its development
and usage description. And will also throw light on how this system is better than the existing
systems of Semantic Web Search Engines. Furthermore, the author will talk about Secure
Semantic Web Information Interchange and use of Encryption to increase Trust and Proof for
the end user.
Fifth Chapter of this dissertation is on Planning & Management and will present the evidence
of project, time and resource management.
Sixth and Seventh Chapter of this dissertation will present the suggestions for future work,
conclusion and further reading. Appendices will showcase all the coding, UI design with the
screenshots of the application designed. Also, there is a CD with the complete code and
implementation model. References to all the sources of the research and study can be found
in Eighth Chapter.
- 8 -
2 Chapter 2: Semantic Web and Secure Semantic Web
2.1 Semantic Web
Past two decades have witnessed a technology which has outpaced every other technology on
the scale of its popularity, usability, research and development. The same technology has
outpaced every other technological revolution, which has ever taken place in the history of
mankind. The name of this technology is Web Technology and it revolves around the World
Wide Web which was invented by Sir Prof. Tim Berners-Lee when he was working in
CERN, Geneva, Switzerland in the year 1990. His original vision was much more ambitious
than the present syntactic World Wide Web. He said “I have a dream for the Web [in which
computers] become capable of analyzing all the data on the Web – the content, links, and
transactions between people and computers. A ‘Semantic Web’, which should make this
possible, has yet to emerge, but when it does, the day-to-day mechanisms of trade,
bureaucracy and our daily lives will be handled by machines talking to machines. The
‘intelligent agents’ people have touted for ages will finally materialize.” [26]
Since, than he and many others are working towards the realisation of this vision and they
named it as Semantic Web. In his paper “Semantic Web Revisited” he says: “The Semantic
Web is a Web of actionable information—information derived from data through a semantic
theory for interpreting the symbols. The semantic theory provides an account of “meaning”
in which the logical connection of terms establishes interoperability between systems.” [13]
The progress is consistent in the direction to achieve web semantics, Organisations like IETF
(Internet Engineering Task Force) and W3C (World Wide Web Consortium) are putting in
serious efforts in standardization of technologies, developing languages and standards for
sharing the meaning. Languages and standards like XML, XML Schema, RDF, RDF Schema,
OWL, SPARQL are organised in a Semantic Web Stack and they act as a foundation for
semantic web.
All of these tools and standards play a very important & crucial role in the making of
Semantic Web. But, the researchers realised that for the success of semantic web, factors
stated above are not enough and the factors like Trust and Security will play a crucial role in
deciding the fate of any future technology. They realised that Trust and Proof should be kept
on top most layer of Semantic Web Stack and Encryptions should be there across all layers of
the stack.
Source1 http://www.w3.org/2000/Talks/1206
Over the years of research and stu
and development organisations targeted their research to Web Ontology Language, RDF,
XML, etc. Very less work has been done in the area to make Semantic Web Secure and
Reliable. There is a lot of sc
Encryptions. That is the reason why author opted to work in this field.
2.1.1 Proof and Trust Layer
Self-organizing knowledge exchange between users is one of the key motivations for the
research and development in Semantic Web Technology. Humans browsing the World Wide
Web will soon be a history. In the near future with the advent of Semantic Web Technology
personal digital agents and application would be able to browse World Wide Web
automatically for its master, and would also be able to look for things and take decisions on
behalf of its master on the basis of their personal information stored somewhere online. Use
- 9 -
Figure 1: Semantic Web Stack
http://www.w3.org/2000/Talks/1206-xml2k-tbl/slide10-0.html
Over the years of research and studies in the field of Semantic Web, all the major research
and development organisations targeted their research to Web Ontology Language, RDF,
XML, etc. Very less work has been done in the area to make Semantic Web Secure and
Reliable. There is a lot of scope for research and development in Trust, Proof and
Encryptions. That is the reason why author opted to work in this field.
Proof and Trust Layer
organizing knowledge exchange between users is one of the key motivations for the
nt in Semantic Web Technology. Humans browsing the World Wide
Web will soon be a history. In the near future with the advent of Semantic Web Technology
personal digital agents and application would be able to browse World Wide Web
ter, and would also be able to look for things and take decisions on
behalf of its master on the basis of their personal information stored somewhere online. Use
dies in the field of Semantic Web, all the major research
and development organisations targeted their research to Web Ontology Language, RDF,
XML, etc. Very less work has been done in the area to make Semantic Web Secure and
ope for research and development in Trust, Proof and
organizing knowledge exchange between users is one of the key motivations for the
nt in Semantic Web Technology. Humans browsing the World Wide
Web will soon be a history. In the near future with the advent of Semantic Web Technology
personal digital agents and application would be able to browse World Wide Web
ter, and would also be able to look for things and take decisions on
behalf of its master on the basis of their personal information stored somewhere online. Use
- 10 -
of Semantic Web Agents and Web Services will demand Proof to develop Trust between the
collaborative agents and services. [5][10]
But, if something happens which seems strange or unusual to its master, than the master
should also be in a position where he can ask for an explanation from his personal digital
agent. This is the point where Proof and Trust Layer of Semantic Web Stack comes into use.
The decisions taken up by the personal digital agent will be based on the credibility/ user
ratings/ reviews etc which will work as proof for the agent to trust the other party. So when
the master asks for an explanation the digital agent can right away show all the facts
supporting its decision.
Let me give you a hypothetical scenario: John and Becky are siblings and have a busy work
life in Southampton. Their mother lives with Becky and she is very old, and needs to visit a
Doctor quite regularly for her old age health issues. Mother was supposed to have an eye
surgery on Tuesday. But the doctor’s assistant sends an email to Becky and tells her that the
doctor would not be able to do the surgery before Friday. But Becky has another problem, her
personal digital assistant just told her that she had big official conference to attend on Friday
and the only way she can sort this complicated scenario is by asking her brother John to take
mother for the eye surgery on Friday. Becky’s personal digital assistant sends an email to
John with all the details. John’s personal digital assistant reads the mail to John and also tells
him that he has not much work to do on Friday and he can take mother to the Doctor. But
John queries the assistant about his appointments on Friday. The assistant tells him that, all
the appointments are in the evening and are also not very high on his priority list. John asks
his assistant to confirm his availability to Becky.
Now in the above scenario the personal agents were able to understand all the commands
from their masters, and were able to take decision based on the information stored in their
personal calendars which are managed online and were also able to justify the assertion made
by them. That explains the requirement of Proof and Trust Layer in the Semantic Web Stack.
2.2 Secure Semantic Web
Collection of technologies which enables machines to understand web pages is called
Semantic Web. The core idea was to automate every process using intelligent agents on
behalf of user. Everything which an actual user used to do will be done by agents like
collaborating, invoking web services, understanding the web pages and carrying out activities
- 11 -
such as making reservation, designing vehicles, etc. Semantic web includes technologies such
as mark-up languages like XML, semantic based languages such as RDF and ontology
description languages like OWL. Contracts are negotiated and activities are carried out using
above mentioned technologies. Policies on trust, privacy, integrity, confidentiality are must to
ensure secure execution of each operation in the web of semantics. These policies will define
the level and type of access permissions that agents have on web resources and will also
determine the level of trust that can be put on other agents.
Various inference systems have been developed and are in developing process to carry
automated negotiations between intelligent agents. Inference system deals with all sorts of
processes like deducing new information and posing queries.
“We also need to examine the inference problem for the semantic web. Inference is the
process of posing queries and deducing new information. It becomes a problem when the
deduced information is something the user is unauthorized to know. With the semantic web,
and especially with data mining tools, one can make all kinds of inferences. Recently there
has been some research on controlling unauthorized inferences on the semantic web. Security
should not be an afterthought. We have often heard that one needs to insert security into the
system right from the beginning. Similarly security cannot be an afterthought for the semantic
web. However, we cannot also make the system inefficient if we must guarantee one hundred
percent security at all times. What is needed is a flexible security policy. During some
situations we may need one hundred percent security while during some other situations
some security (e.g., 60%) may be sufficient. [21, 22, 23]
Privacy is very closely related to security. The major challenge is sensitive information of
individuals should must be protected at all times. Trust management and negotiation are some
of the other challenges in front of semantic web research community. This includes
determining trust value that one agent can place on other. One suggestion is to use reputation
mechanisms for the agents. Maintaining integrity is another challenge. For example, when
XML documents are published by third parties, we need to ensure that the documents are
authentic and are of high quality. With consistent research initiatives in the field of Semantic
Web Research, more and more progress is achieved and better standards for security, trust
and proof can be developed to make Semantic Web a success.
After securing XML and RDF, next thing on the agenda is to examine security for ontology
and interoperation. That implies, security levels may have been attached to the ontology.
- 12 -
Some parts of the ontology could be unclassified and certain parts could be secret. The
challenge lies in the developing a method or an approach to use this ontology for secure
information interchange. In the past, researchers have done some work in the field of secure
interoperability of databases. Author suggests that we should revisit that research work and
then conclude what else needs to be done, to ensure that the information on the World Wide
Web can be managed, integrated and exchanged securely.
Security and privacy are very closely related to each other. The issue of privacy control has
received a lot of attention in the recent days partly because privacy is a very critical issue for
the success of semantic web. For national security reasons privacy plays a very crucial role,
certain portion of the document may be open for public access without any privacy and some
section may have private information which cannot be open for public access and this issue
gives the researchers a reason to find ways to develop a method or an approach which will
enable the users to take maximum advantage of the semantic web and still maintain privacy
and sometimes anonymity.
2.3 Examples of websites where security can be compromised
2.3.1 http://www.marinetraffic.com/ais/
This websites gives real-time information of all the ships that are in the sea or on the docks
worldwide, and also provides all the information like:
a) Ship Type
b) Country Flag
c) Status
d) Speed/Course
e) Length x Breadth
f) Destination
g) ETA
h) Ship Photos
i) Other Details
The above mentioned points are very important piece of information, and this online system was developed to monitor and track all the ships online. But, this system is open to everyone and lacks security, thus vulnerable to sea pirates e.g. Somalian pirates can use this system to know about the ship and can hijack the passengers or can loot the ship.
Figure 2: Screen shot of Marine traffic website, giving away crucial information.
This marine traffic websites lacks any kind of security parameters. There is a greater risk of information being hacked or altered. And thus whole system is completely vulnerable to being attacked and there is no guarantee, that the information being displayed is correct and is from right source.
This system lacks security, and a conventional HTTPS and S
enough to take care of the system and its security needs, reason being HTTPS & SSL only
provide the end to end security, there is a greater risk of information being hacked or altered
in transit. Thus a better security mecha
mechanism is required.
2.3.2 http://www.sig.ma
http://Sig.ma is a tool to explore
information in Sigma is likely to come from multiple, un
web site that embeds information in RDF, RDFa or Micro formats (standards for the Web of
Data).
Sig.ma can be used in 3 main ways:
1) “As a Web of Data browser: start from any entity and then click to another from the
resulting page. Remember you are browsing a “network of mashups”, quite a unique
thing. It might be noisy but you can spot gems, e.g. interesting description differences
in different sources.
- 13 -
Screen shot of Marine traffic website, giving away crucial information.
This marine traffic websites lacks any kind of security parameters. There is a greater risk of ation being hacked or altered. And thus whole system is completely vulnerable to
being attacked and there is no guarantee, that the information being displayed is correct and is
This system lacks security, and a conventional HTTPS and Secure Socket Layer would not be
enough to take care of the system and its security needs, reason being HTTPS & SSL only
provide the end to end security, there is a greater risk of information being hacked or altered
in transit. Thus a better security mechanism such as Digital Signature and Encryption
is a tool to explore and exploit the Web of Linked Data. At any time,
information in Sigma is likely to come from multiple, unrelated Web sites
web site that embeds information in RDF, RDFa or Micro formats (standards for the Web of
Sig.ma can be used in 3 main ways:
As a Web of Data browser: start from any entity and then click to another from the
ting page. Remember you are browsing a “network of mashups”, quite a unique
thing. It might be noisy but you can spot gems, e.g. interesting description differences
Screen shot of Marine traffic website, giving away crucial information.
This marine traffic websites lacks any kind of security parameters. There is a greater risk of ation being hacked or altered. And thus whole system is completely vulnerable to
being attacked and there is no guarantee, that the information being displayed is correct and is
ecure Socket Layer would not be
enough to take care of the system and its security needs, reason being HTTPS & SSL only
provide the end to end security, there is a greater risk of information being hacked or altered
nism such as Digital Signature and Encryption
Data. At any time,
related Web sites – potentially any
web site that embeds information in RDF, RDFa or Micro formats (standards for the Web of
As a Web of Data browser: start from any entity and then click to another from the
ting page. Remember you are browsing a “network of mashups”, quite a unique
thing. It might be noisy but you can spot gems, e.g. interesting description differences
- 14 -
2) As an embeddable/linkable widget: create a Sigma, refine it and when you’re ready to
paste it around in emails and twits or embed it on your blog. Sigmas are “data live”:
if one of your selected sources updates its information, so will your Sigma be updated
wherever it shows.
3) As a semantic API: retrieve entity descriptions and specific properties. For example
picture, phone@Giovanni Tummarello, ready to consume, in JSON, in RDF.” [17]
Figure 3: Screen Shot of Sig.ma giving away crucial information and compromising security.
This online system also lacks any kind of access control measures. When the user search for
any strings of words on this Semantic Mash-up Search Engine, they get all the information
from various secured and unsecured sources and that too without any type of access control
on the flow of information.
User being a black hat hacker can misuse the same information to carry out various other evil
practices. It can be act as a good source of information on practically almost anything for
doing Social Engineering for the black hat hackers. Identity theft, Information leak are some
of the possible threat.
Thirdly the source of information which is being mashed-up to the other sources, there is no
guarantee of information being correct and accurate. The information is automatically
collected by RDF tag linking. Thus, the information can be inaccurate or from a weak source
which can be potential target of being hacked. Thus the end user cannot trust the information
given on the www.sig.ma.
- 15 -
2.3.3 www.swoogle.umbc.edu
This is a Semantic Web Search Engine, it crawls the World Wide Web for special class of
document written in RDF. Provides features like searching Semantic Web Ontology, Instance
Data, Terms. However, no security is applied to system. It enables you to download ontology,
but there is no guarantee that you will get what you asked for. The author means that when
you click on an ontology file to download, there is no 100% surety that the file you have
received is the one you requested. Moreover, the website also doesn’t maintain any record of
the user details of downloads.
Figure 4: Screen Shot of Swoogle: Semantic Web Search Engine allowing its users to download Semantic Web
Ontology without any security.
- 16 -
2.4 Comparison Chart for security vulnerability testing of the above
mentioned examples.
Security
Vulnerability
Tests
Marine Traffic
http://www.marinetraffic.com/ais/
Swoogle
http://swoogle.umbc.edu
www.Sig.ma
Secure semantic
Web Ontology
sharing
Secure login Not available Yes’ to access more results basic login is provided. But is prone to Sql Injection Attacks.
Not available Yes’ a secure login is provided. And is safe from Sql Injection Attacks.
SSL Not Found SSL Enabled. Not Found. SSL doesn’t provide end to end security that is why author recommended the use of Encryptions.
Identity Theft Easy Access to Sensitive Information. Pirates can use the same system for hijacking ships and stealing from cargo shipments.
Easy access to a huge collection of Ontologies which could be used to steal sensitive information. These ontologies can be used extract very critical information from other sources of information.
This system will allow it’s user to get all sort of information regarding any search keyword. It uses the technology of intelligent mash up but has no security. Hence can be used for any purpose. Can be misused by terrorists.
Secure Login, Secure Encryption Tools and Admin’s Permission for every upload & download request plays a crucial role in making sure that none of the info or service could be misused.
Information
Security
No Security, anyone can access it and take away sensitive information about ships, cargo, tankers etc. Anyone can post wrong information about the ships with a little tweaking with the system. The system is completely open for any kind of security compromise.
Basic security but Anyone can download or access Semantic web Ontologies, which could have sensitive information stored in them.
No security, completely open mashup. Anyone can access lots of information about almost anything. Anyone can link fraud or wrong information using RDF tags, and thus no one can trust the information.
ECC & Secure Login provides a full proof mechanism & gives secure Access to the services. User can view the Ontology Collection and other pages but cannot download or upload any ontology until unless he signs in as Authentic User.
Secure Sessions Not Found Secure sessions are in use to provide page flow security & URL Security. But as the login is prone to SQL Injection attacks, thus sessions are of no use.
Not Found Secure Sessions are used to make sure of URL Security and Page flow Security.
Table 1: Comparison Chart
- 17 -
3 Chapter 3: Cryptography
3.1 Cryptography in Semantic Web
World Wide Web is an open system, where people interact with services, application, web
pages, look up for information, and social networking. Now, this giant gigantic web is taking
up another giant leap to completely revolutionize the entire system of people centred web
interaction. This new system is Semantic Web, which is a highly connected web of linked
data where machines can understand and process the web content. But, with power comes the
responsibility. Responsibility of making sure that everything on this super powerful web
works perfectly, and to make sure of that none of responsibilities is neglected, key properties
such as Cryptography, Trust and Proof will play a very crucial role. In the previous sections
the author has talked about Trust, Proof and Security. Now, in this section the author will talk
about Cryptography which plays a very important part in ensuring the security.
Cryptography has been kept alongside of all the layers in semantic web stack, the researchers
and developers knew its importance is all across the entire of infrastructure of Semantic web.
“These include XML, RDF, agents, the infrastructures as well as the information
management and data management technologies. We also need to ensure that security is
preserved when integrating the technologies. For example, one needs proper access to the
XML documents. Furthermore, these documents need to be encrypted for some applications.
The agents that carry out the processing have to communicate securely. Various security
technologies for the web do exist at present. These technologies have to be evaluated for the
semantic web. We also need to incorporate security semantics into semantic interoperability.
The various logics being developed for the semantic web need to be examined and security
properties have to be incorporated. ” [21]
Public key cryptosystem has developed quickly since it was purposed by W.Diffie and
M.Hellman in 1976. As we know, at the foundation of every cryptosystem is a hard
mathematical problem that seems infeasible to solve. People have been suggesting the
different complicated problems to establish the public key cryptosystem. The techniques of
the public key cryptosystem are classified into three classes: (1)based on the integer
factorisation, such as the popular RSA(Rivest, Shamir, Adelman), (2)based on the discrete
log, such as DSA ( Digital Signature Algorithm 1, DH ( Diffie-Hellman ) ,(3)based on
the elliptic curve, such as ECDH ( Elliptic Curve Difie-Hellman. ). The security degrees
of all the techniques are based on the hardness of mathematical problems.
- 18 -
Now, to make sure that the best of level of security infrastructure for semantic web, the best
of the best cryptosystem should be used. The author will now present a brief detail about all
the cryptosystems and will also show a comparison chart.
3.1.1 DSA: Digital Signature Algorithm
The Digital Signature Algorithm (DSA) is a standard by United Stated Federal Government
(FIPS) for digital signature. NIST (National Institute of Standards and Technology) proposed
it in Aug’1991 for use in their Digital Signature Standard (DSS), and specified it in FIPS 186
and later adopted it in 1993. It was later revised in 1996 as FIPS 186-1. The same standard
was later expanded and revised further in year 2000 as FIPS 186-2 and in 2009 as FIPS 186-
3.
Electronics analogue of a written signature is a digital signature; to provide assurance that the
claimed person (signatory) has signed the information using digital signature. It also enables
us to detect that, whether or not information was modified after it was signed. To meet the
requirements of the standard and to provide the services it is must for the digital signature to
be implemented properly.
Figure 5: Signature Generation and Verification for DSA
A digital signature algorithm includes a signature generation process and a signature
verification process. A signatory uses the generation process to generate a digital signature on
data; a verifier uses the verification process to verify the authenticity of the signature. Each
- 19 -
signatory has a public and private key and is the owner of that key pair. As shown in Figure
5, the private key is used in the signature generation process. The key pair owner is the only
entity that is authorized to use the private key to generate digital signatures. In order to
prevent other entities from claiming to be the key pair owner and using the private key to
generate fraudulent signatures, the private key must remain secret. The public key is used in
the signature verification process (see Figure 5). The public key need not be kept secret, but
its integrity must be maintained. Anyone can verify a correctly signed message using the
public key. For both the signature generation and verification processes, the message (i.e., the
signed data) is converted to a fixed-length representation of the message by means of an
approved hash function. Both the original message and the digital signature are made
available to a verifier. [8]
3.1.2 RSA: Rivest Shamir Adleman Algorithm
In cryptography, RSA was the first algorithm which gained large scaled popularity for being
perfectly suitable for both encryption and signing, and was the first great advancement in the
field of public key cryptography. It was developed by the trio of Rivest, Shamir and Adleman
and named after their initials. It is used almost everywhere in e-commerce protocols, and it is
believed that, if sufficiently long keys and up-to-date implementation methods are used than
it is among one of the most secure and powerful Public Key Cryptosystem. The unique
feature of RSA Cryptosystem which brought a change was that, even after publicly re-veiling
an encryption key was no more considered a threat and will therefore does not reveal the
corresponding decryption key.
This had two very important consequences:
1. Other means of secure communication like couriers and postal mails were no longer
required to transmit keys, because a message can now be enciphered using encryption keys
which were revealed by the intended recipient. And, the best part is that only he can decrypt
the message, since he is the only person who knows the corresponding decryption key.
2. A message can be signed using the decryption key held privately, and anyone who wants to
verify the signature can do that using the corresponding encryption key which is publicly
revealed to everyone. Signatures provided a full proof assurance as now they can’t be forged
and a signer cannot deny the validity of his signature. This new cryptosystem had very huge
impact in e-mail and e-funds transfer systems.
- 20 -
“A message is encrypted by representing it as a number M, raising M to a publicly specified
power e, and then taking the remainder when the result is divided by the publicly specified
product, n, of two large secret prime numbers p and q. Decryption is similar; only a different,
secret, power d is used, where e.d≡1 (mod (p-1).(q-1)). The security of the system rests in
part on the difficulty of factoring the published divisor, n.” [16, 18]
3.1.3 ECC: Elliptic Curve Cryptography
There are many drawbacks in current encryption algorithms in respect of security, real-time
performance and so on, and researchers are presenting various algorithms. Among them, the
Elliptic Curve Cryptography (ECC) is evolving as an important cryptography, and shows a
promise to be an alternative of RSA. Small size, high security and other features characterize
ECC.
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the
algebraic structure of elliptic curves over finite fields. The use of elliptic curves in
cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. [15,
11, 9, 1]
“Actually ECC is a kind of cryptography where an abelian group has been used to
implement the Diffie-Hellman key passing scheme, and the ElGamal public key
cryptosystem and signature schemes. The ECC relies upon the hardness of the Elliptic
Curve Discrete Log Problem (ECDLP). [15]
Consider the abelian group E of rational points. ECDLP is to determine the integer k, which
can let k*P = Q(P,Q is the given points on E).
More specifically, n*P=P+P+ ...+ P=8 (point at infinity)
Where n is a prime. Obviously, k<n, and if k and P is given, Q can be found easily. On the
other hand, it is difficult to get k even if P,Q are known. This is the hardness of ECDLP.
It is believed that the usual discrete log problem (DLP) over the multiplicative group of a
finite field and ECDLP are not equivalent problems, and that ECDLP is more difficult than
DLP. Now an ECC process of the ElGamal public key cryptosystem is explained as a
example:
Firstly, a specific point P on the curve E is selected and published as a part of public key.
Secondly, the user (denote: A) of private key will proceed the following operations:
� A private key K is selected as a random integer, k<n.
� The value Q = k*P is calculated, (E, P, n, Q) as the public key is published.
Thirdly, the one who wants to send message m to A (denote: B) should:
- 21 -
� Get A’s public key.
� Embed m in E and denote it as Pm.
� A random integer d is selected, d<n.
� Search for the point (x2, y2) = d*Q until x2=0.
� The value d*P and Pm+d*Q is calculated, (d*P, Pm+d*Q) is sent as an encrypted
message.
Finally, when A receives the encrypted message, he will:
� Using private key k, calculate k*d*P=d*(k*P) = d*Q.
Get the message by calculating Pm = (Pm+d*Q)-d*(k*P).” [15]
The purpose of any public key cryptosystem is to maintain the security and integrity of
the resources, avoid the attack of any people, any event, etc. while the anti-attack
performance of the algorithm assures its security. In 6th International Cryptography
Conferences in Jan.2000, ECC as well as RSA were the only two algorithms that were
recommended. Actually in the term of security, ECC provides the highest strength per bit
among all the cryptosystems.
3.2 How Elliptic Curve Cryptography is better than others??
ECC holds the key to next generation of cryptography as stated by Certicom Corporation and
NIST, NSA. [8, 20, 27]
These are few of the statics which make Elliptic Curve Cryptography the best choice for next
generation of cryptography. All the figures stated below are from NIST: National Institute of
Standards and Technology.
- 22 -
Figure 6: Underlying Mathematical problem for different Public Key Systems.
Figure 6 above tells us about the underlying mathematical problem for different public key
systems. These are the industry standard for public key cryptosystems and are commercially
viable, secure and efficient. They are based on different types of mathematical problems like
RSA is the best example of Integer Factorization Systems, DSA is based on Discrete Log and
ECC is based on the toughest of all problems i.e. Elliptic Curve.
- 23 -
Figure 7: NIST Guidelines for Public Key Sizes with Equivalent Security Levels.
Figure 7 showcases NIST Guidelines for Security levels with equivalent Public Key Sizes.
Among all of them ECC i.e. Elliptic Curve Cryptography is a clear winner, it is able to offer
highest amount of security bits at minimum public key size, DSA and RSA are on equal
terms with each other.
NIST has issued strict recommendations that 128-bit protection is necessary to achieve
relatively lasting security (to the year 2036 and beyond). That means shifting to AES from
3DES. To avoid compromising the security of the system, National Institute of Standards and
Technology FIPS 140-2 standard clearly states that security keys for symmetric ciphers like
AES must match to the strength by public-key algorithms like RSA and ECC. As you can see
in the table above, while ECC key sizes are scaling linearly, RSA key sizes do not. That
resulting into the gap between systems and will grow as the key sizes increases. This is
especially relevant when 512 bits of key size of ECC is compared to 15,360 bits of RSA key
size to implement AES of 256-bit security.
- 24 -
Figure 8: Run Times for different Public key Schemes
Two major benchmarks of comparing these cryptosystems are Security and Efficiency. The
security of these systems depends on the level of hardness of the underlying mathematical
problems. Above mentioned three different cryptosystems are based on three different
underlying mathematical problems and can only solved by three unique methods. Fully
exponential is the best way to solve ECC i.e. Elliptic Curve Discrete Log Problem. And thus,
it is able to deliver the best security/bit of any Public Key Cryptosystem.
3.2.1 Quick Wrap Up on Elliptic Curve Cryptography
As the author just showed how Elliptic Curve Cryptography is an extremely efficient
compact algorithm, and how it makes very few processing demands on devices with resource
constraints in comparison to RSA. Plus, it is a standardized cryptosystem, and it also ensures
- 25 -
interoperability between devices. And, it answers manufacturers' concerns about reliability as
being a well-researched and proven system.
In the end, benefits of ECC are many: linear scalability, a small software footprint, low
hardware implementation costs, low bandwidth requirements, and high device performance.
For the reasons above, ECC has gained a lot of support from a number of leading companies
and also received a strong validation from National Security Agency.
It is very clear that security is an essential component of World Wide Web and Semantic
Web. As the points stated above has shown, ECC is a superior algorithm to all the other
alternatives when it comes to enabling that security. And as it offers the highest strength-per-
bit of any other public-key cryptography system, there is no doubt that ECC is the best choice
for cryptography layer in Semantic Web Stack.
4 Chapter 4: Secure Semantic Web, Ontology Sharing
This chapter will exhibit the work of the author in order to present a web based system which
is capable of sharing Semantic Web Ontology but subsequently making sure of crucial factors
like Trust, Proof and Cryptography.
This system will exhibit the use of Elliptic Curve Cryptography to ensure that Trust and
Proof in Semantic Web Ontology Sharing. Elliptic Curve Cryptography was implemented
with the help of a very powerful and important toolkit “SECCURE”. It stands for Secure
Elliptic Curve Crypto Utility for Reliable Encryption.
4.1 SECCURE: ECC Toolkit
“SECCURE is free software published under the GNU General Public License (GPL).
The SECCURE toolset implements a selection of asymmetric algorithms based on elliptic
curve cryptography (ECC). In particular it offers public key encryption /
decryption, signature generation / verification and key establishment. To my best knowledge
none of the implemented algorithms and crypto graphical schemes
(ECDH, ECIES, ECDSA, AES-CTR, SHA256, SHA512) is covered by software patents (see
the Patent statement). All the named algorithms and all underlying elliptic curves
(standardized by NIST and SECG) are considered cryptographically secure
nowadays. SECCURE received two security audits by the Debian auditing team in August
2006, none of them detecting a problem.”[14]
- 26 -
SECCURE Use Description [14]:
SECCURE can also be found out at SECCURE Website i.e. http://www.point-at-
infinity.org/seccure.
SECCURE can be used to do following things:
4.1.1 Generate private-public key pair.
$ seccure-key
Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn
4.1.2 Encrypt a piece of text message.
$ seccure-encrypt -o private.msg '8W;>i^H0qi|J&$coR5MFpR*Vn' Assuming MAC length of 80 bits. Go ahead and type your message ... This is a very very secret message! ^D
4.1.3 Decrypt a piece of text message.
$ seccure-decrypt -i private.msg Assuming MAC length of 80 bits. Assuming curve p160. Enter private key: my private key This is a very very secret message! Integrity check successful, message unforged!
4.1.4 Encrypt a file.
$ seccure-key
Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn $ seccure-encrypt -i file.owl -o file.enc
'2D*~@S|:iXX.8HHY;kYBy*E>n'
4.1.5 Decrypt a file.
$ seccure-key
- 27 -
Assuming curve p160. Enter private key: my private key The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn seccure-decrypt -o filename.enc
Enter the Private Key: my private key
4.1.6 Verify the generated signature.
$ seccure-sign Assuming curve p160. Enter private key: my private key Go ahead and type your message ... This message will be signed ^D Signature: $HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq $ seccure-verify '8W;>i^H0qi|J&$coR5MFpR*Vn' '$HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq' Go ahead and type your message ... This message will be signed ^D Signature successfully verified!
4.1.7 Share or exchange Public Keys with Deffie-Hellman Key Exchange.
$ seccure-dh Assuming curve p160. Pass this key to your peer: 6cuC+ODUT5%uPnS<0HR*<F6X( Enter your peer's key: Ap]_BBbK>3hZjKr<#W+BX-z-7 Established key: $$b|qzU0~1y/f Verification key: %#R.Fc+q>a1]v $ seccure-dh Assuming curve p160. Pass this key to your peer: Ap]_BBbK>3hZjKr<#W+BX-z-7 Enter your peer's key: 6cuC+ODUT5%uPnS<0HR*<F6X( Established key: $$b|qzU0~1y/f Verification key: %#R.Fc+q>a1]v
Further to the project design, this project will follow the website development life cycle.
In WDLC the steps are:
Step 1: Requirement Analysis
Step 2: Specification of Requirements
Step 3: Site Structure and Design
Step 4: Website Development
- 28 -
Step 5: Testing and Maintenance
4.2 Requirement Analysis and Specifications
4.2.1 Requirement Analysis
This web based system will be able to demonstrate the authors work on Secure Semantic
Web-Ontology Sharing. The targeted users for this website are University Student’s,
Researchers and Developers. The sole aim of this website will be to provide a web based
system, where its users can share (upload and download) semantic web ontology, but the
thing which makes it different from the other existing similar systems like
www.swoogle.umbc.edu and www.dbpedia.org is that this website will make sure of the
security and will ensure Trust of the user. This website will give necessary guidelines to its
registered users on how to securely encrypt there ontology using the best crypto system i.e.
Elliptic Curve Cryptography and use of a toolkit SECCURE: Secure Elliptic Curve Crypto
Utility for Reliable Encryption. This website will further explain the method of downloading
and decrypting the ontology. The website will have pages for new user registration, user
login, ontology repository, ontology upload request and download request. The website will
be developed using PHP and the backend will be on MySQL.
4.2.2 Specification of requirement
Web Development Language: PHP 5.3.0 Web Design: CSS/HTML Back End: MySQL 5.1.36 Web Server: Apache Tomcat 2.2.11 Platform: Linux and Windows (SECCURE only on LINUX) Targeted User: Students, Researchers and Developers Services: New User Registration, User Login, Ontology Archives, Upload/Download Request, Encryption/Decryption Method, Use of SECCURE toolkit for Elliptic Curve Cryptography. Website Security: Use of Sessions, Secure User Login, SQL Injection and Cross Site Scripting proof.
4.3 Site Structure and Design
4.3.1 Use Case Diagram:
Use Case diagrams are used to depict the real-time scenario, which will be witnessed every
time a user uses the website. The actors or the players involved are USER and ADMIN. The
system boundary defines the limits of the websites. Each and every bubble represents a
webpage or its function. The cloud shows the process that is likely to take place on that page.
- 29 -
Some bubbles are linked to each other and they show a connected flow of pages for example
Download Instruction page is connected to download request form.
4.3.2 Website Flow Control Diagram:
Website flow control diagram is used to present the flow and connection between the web
pages. The connections between the web pages can be uni-directional and bi-directional.
Here, in the diagram below all the web pages have been represented with blocks, and the
connection among them are represented with a line.
HOME
Ontology Repository
Tech Support
Register New User
Login
Download
Instructions
Download
Request Form
Upload
Instructions Upload Request
Form
System Boundary
USER ADMIN
Browsing
Ontologies
Updating the Ontology Files
Technical Information
Secure Login Guidelines for SECCURE
Guidelines for SECCURE
SECCURE
Figure 9: Use Case Diagram
- 30 -
Home Page
Ontology
Collection
Tech-Support
New User
About Me
Upload Instructions
&
Request Form
Login/Sign In
Download Instructions
&
Request Form
Use SECCURE to generate Public
Key
Decrypt the file using Private Key
Use SECCURE to Encrypt the
Upload File
Logout/Signout
Figure 10: Page Flow Diagram
- 31 -
4.4 Website Development
The sole aim of the author for developing this website is just to demonstrate the Secure
Semantic Web, Ontology Sharing System. The website will allow its users to visit the website
at this address: http://www.raman.byethost13.com. The website has many pages, each with a
specific function which is associated to the next and all of them have been described below
along with a screen shot of each and every page. Use of SECCURE toolkit is also explained
in the website, as that toolkit will be used to provide the best crypto system to ensure the
security of the ontology exchange that will take place on this website. The major constraint is
the toolkit can only be used in Linux Environment. So, the user has to be on Linux platform
to use this toolkit for encryption or decryption. There is no other version of this software
which could be used on Windows platform. There are lot of Linux O/S which are available
free for download, to name a few Ubuntu 10.04 http://www.ubuntu.com/desktop/get-
ubuntu/download and Backtrack 4 http://www.backtrack-linux.org/downloads/.
4.4.1 Home Page
Home page will welcome all the users. Give a brief introduction to the purpose behind this
website, and will present the author’s view point on the need of Secure Semantic Web,
Ontology Sharing. The home page will also allow its new user’s to register themselves, to get
the privilege to share (upload and download) semantic web ontology. The users who have
already registered themselves can login and use the other features which will be described
later in the other sections. This webpage also allows its user to a) Search the web, b) Check
other Semantic Web Search Engines, and c) Contact the Author. Kindly refer to appendix
7.1.1 for web page design and code.
4.4.2 Ontology Repository
This webpage will showcase all the Semantic Web Ontology, which are presently stored in
the Databases of this website. Along with the names of the semantic web ontology, a brief
description about them and a link to the original source is also provided. If a user likes to
download any of the Ontology Files, he first needs to register himself with the website, and
all the other instructions to download will then be provided to him. If a user wants to
contribute and share his ontology, the user will still need to register and login, to get further
instruction on uploading the semantic web ontology. Ontology Repository page will be
regularly updated by the admin, as and when new ontology is submitted by the users. This
webpage also allows its user to a) Search the web, b) Check other Semantic Web Search
- 32 -
Engines, c) Login, d) Register New User and e) Contact the Author. Kindly refer to appendix
7.1.2 for web page design.
4.4.3 Tech-Support
The tech-support page will give the basic technical information about following things: a)
Purpose of website, b) Security, c) How to download the Ontology file, d) How to upload an
Ontology file, and e) Necessity of user being on Linux/Unix platform. This webpage also
allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Login,
d) Register New User and e) Contact the Author. Kindly refer to appendix 7.1.3 for web page
design.
4.4.4 About
About me page will give an insight into the author’s profile, his interests and activities and
contact information for feedback and suggestions. This webpage also allows its user to a)
Search the web, b) Check other Semantic Web Search Engines, c) Register New User and d)
Contact the Author. Kindly refer to appendix 7.1.4 for web page design.
4.4.5 New User Registration Page
If a user wants to register him/her self with the website, to benefit from all the features like
downloading and uploading semantic web ontology, he can get to this page by clicking on
New User tab on the top right corner of the page. The page consists of a really small form
asking just for very basic information from the user like a) Username, b) Password, c) Full
Name, d) Occupation and e) Country. Kindly refer to the appendix 7.1.5 for web page design
and code.
4.4.6 User’s Page
If a registered user wants to share (Upload or Download) semantic web ontology, from or to
this website, he/she will have to login with their unique user id and password. After login
he/she can get to this User’s page where detailed instructions are provided about the steps
involved during Upload and Download of semantic web ontology file. A like to SECCURE
toolkit is also provided and installation instructions are also given alongside. The user is
asked to first download and install SECCURE toolkit from http://point-at-
infinity.org/seccure/. After that user is asked to generate its Private and public key pair and
store it in a safe location. Links to the Download/ Upload Request Forms are also given on
the same page. The Admin’s public key also shared with the user on the same page, so that in
case of semantic web ontology upload the user can encrypt the his file with the Admin’s
public key. So, that only admin can see ontology file. This webpage also allows its user to a)
- 33 -
Search the web, b) Check other Semantic Web Search Engines, c) Logout and d) Contact the
Author. Kindly refer to appendix 7.1.6 for web page design and code.
4.4.7 Download Request Form
Download request form allows the registered user to request the admin for the download link
to selected semantic web ontology file of user’s choice. But to make sure of security and
enhance user’s trust in the download process involved. A small form is presented in which
the user needs to fill in following details: a) Username, b) Email Add, c) Public Key, d)
Ontology Name and e) Purpose. On press of submit button the request of the user is added to
admin’s task list. Admin than consider the download request and Encrypts the requested
ontology file with user’s public key. Later a unique and secure FTP download link is emailed
to the user on the provided email address. This process is given a buffer time of 24Hours,
because each and every time a new file will be encrypted for all the requests received at the
admin’s end. This webpage also allows its user to a) Search the web, b) Check other
Semantic Web Search Engines, c) Logout and d) Contact the Author. Kindly refer to
appendix 7.1.7 for web page design and code.
4.4.8 Upload Request Form
If a registered user is willing to make a contribution to the archives of this website with his
semantic web ontology file, he is very much welcomed and thus an upload request form is
also included in this website. On this page the user is presented with a small form to fill in
few details and upload the encrypted semantic web ontology file. But the user can only
upload an exclusively encrypted semantic web ontology file and is encrypted with the
admin’s public key which is given on the User’s main page. In the small form provided the
user is asked to fill in some very simple details which are as follows: a) Ontology Name, b)
Ontology Description, c) User name, d) Email add, e) File Browse/ Upload. The user is asked
to browse to the encrypted semantic web ontology file from his system and upload it using
the submit button. On submit the request to upload will be added to the admin’s task list. The
admin will then decrypt the file and then the admin will check the semantic web ontology file
and if everything is fine it will uploaded and added to the website ontology archives. An
acknowledgement mail will the sent to the user on the email id provided. This webpage also
allows its user to a) Search the web, b) Check other Semantic Web Search Engines, c) Logout
and d) Contact the Author. Kindly refer to appendix 7.1.8 for web page design and code.
- 34 -
4.5 Testing and Maintenance
4.5.1 Testing
Testing is very crucial in terms of making sure the adequate functioning of the proposed
system. Testing should be an approach to find maximum errors in a system, thus resulting in
finding out all the scopes of improvement in the system.
This website has been thoroughly and rigorously tested to ensure the smooth functioning of
the website. The security of the website is also tested and all the best web development
practices have been used in developing this website.
Use of secure sessions, unique login-id credentials and strong emphasis is given to make the
website safe from Sql Injection Attacks and Cross Site Scripting Attacks. All the forms and
functions have been thoroughly tested by the author. The new user registration form, login
form, download and upload request form all of them have been tested rigorously both offline
and online. Users are allowed to upload the file with “.enc” extensions only and no other file
type is supported by the upload form. If any glitch or bug is found, kindly report it to the
admin on [email protected].
Following tests were conducted, to ensure adequate functioning of the proposed system:
TESTS TEST CASES RESULTS
Functionality Testing 1) Checking All The Links In Web Pages
2) Database Connections
3) Testing Forms
4) Cookies Testing
Successfully Tested: Perfect
Successfully Tested: Perfect
Successfully Tested: Perfect
Successfully Tested: Perfect
Usability Testing 1) Navigation Testing
2) Content Checking
3) User Information
Successfully Tested: Perfect
As per W3C & WCAG Standard
As per W3C & WCAG Standard
Interface Testing 1) Application Server Interface
2) Database Server Interface
Byethost Control Panel: Good
Byethost Control Panel: Good
Compatibility Testing 1) Browser Compatibility
2) O/S Compatibility
3) Mobile Browsing
Chrome/Mozzila/IE: Perfect
Linux Only
Web Browsing : Yes
SECCURE is only on Linux
Security Testing 1) Testing Internal URL without Login
2) SQL Injections
3) Web Directory
4) Invalid Inputs
Secured Using Sessions
Secured (special characters not allowed)
Secured (secure sessions)
Secured (not allowed)
Table 2: Testing Results
- 35 -
4.5.2 Maintenance
Maintenance is a continuous and never ending process, and it goes on till the system is in use.
This website was developed and will be maintained solely by the author, who is also the
admin of the website. With time the website is expected to grow. The user database, ontology
archives will grow with time, and thus a continuous maintenance will go on.
5 Chapter 5: Planning Management
5.1 Initial Project Scope
Initially the project was aimed to use some kind of encryption methodology to secure the
semantic web ontology and then to store it into RDF Triple Store. However, later on the
author realised that encrypted ontology can’t be stored into a RDF Triple Store, as the
internal format of ontology get completely converted into cipher text and hence can’t be
recognised by the RDF Triple Store. Than after careful consideration of all the aspects
associated with the project and discussion with group monitor the project was aimed to
deliver a Secure Semantic Web, Ontology Sharing System.
5.2 Available Resources
At the start of the project, the available resources to guide the author were just the few lecture
notes from Prof. Nigel Shadbolt’s Lecture, Some literature in form of books and papers on
Cryptography, Semantic Web and Secure Semantic Web and some papers written by the
author himself in the previous semesters in the field of Secure Semantic Web and Secure
World Wide Web.
5.3 Project Tasks
This M.Sc. dissertation project presented lots of tough challenges to the author. The very first
challenge was to do extensive reading and literature review on as much literature that can be
found on the topic. As this topic is relatively new to the other aspects of semantic web, which
made it lot harder for the author to find relevant work.
The second challenge came in form of learning and understanding cryptography, luckily the
author was able to find some books on cryptography and some online literature which helped
him to opt for Elliptic Curve Cryptography. But the real challenge starts here, Elliptic Curve
Cryptography deals with the toughest mathematical problem i.e. Elliptic Curve Discrete
- 36 -
Logarithm Problem. It took a fair amount of time for the author to understand Elliptic Curve
Cryptography.
The third challenge was to implement Elliptic Curve Cryptography onto the Semantic Web
Ontology Files. This task can be further sub-divided in learning and understanding ECC
toolkit. Elliptic Curve Cryptography toolkit used is SECCURE. But using this toolkit
presented another challenge to author i.e. the toolkit can only be used on Linux Platform,
which further lead the author to learn UBUNTU 10.04.
Fourth challenge was to store the encrypted ontology into the RDF Triple Store, which later
became a hurdle as the semantic web ontology file can’t be recognised by the triple store after
encryption as everything in that file has been converted into cipher text (as mentioned
earlier). This hurdle was later sorted out with the help and guidance of the group monitor,
who suggested the author to use an ontology sharing website to present the securely
encrypted ontology files.
Fifth and final challenge was the biggest problem which came after a month of final
submission. But it also gave an opportunity to the author to improvise his previous work and
present the work with more sophisticated results, comparison charts and improved website.
Before making this final submission author make sure that all the short coming have been
taken care adswhich were there in the previous submission.
5.4 Risk
During the middle of the project author’s bad health was a major threat, as substantial amount
of time was wasted in recovering. To compensate for the time loss, author devoted extra time
on the project in the weeks after recovery. The second risk was posed when the author found
out that the encrypted files cannot be stored into RDF triple store. Later on after discussion
with the group monitor, a way out was found.
5.5 Gantt chart
Initially at the time of starting the project Gantt chart was planned and designed while
keeping all the tasks and activities in mind. The difficult tasks and activities like literature
review, studying access control mechanism and encryption mechanisms were given more
time.
- 37 -
But, later on some tasks took more time than expected like learning Linux environment, RDF
Triple Store Problem and health issues affected the planned schedule. However, author made
every possible effort to meet the deadlines and to attend all the scheduled meetings with the
monitor and supervisor.
After the submitting the dissertation officially for the first time, the author was advised to do
some more work, to further improve the proposed system and present it in a better way to the
examiners. Which added another 7 weeks to the project schedule, thus the final Gantt Chart
of the project plan as follow:
- 38 -
5.6 Management techniques
MSc IS system was of great help in managing the project. It helped in keeping the author
aware of his peers; managing meetings with monitor and supervisor; milestones and tasks
were set to meet the deadlines on time. Author also used his Personal Digital Assistant in
managing the scheduled tasks. A log book was also maintained by the author to keep minutes
from the monitor and supervisor meeting.
6 Chapter 6: Conclusion and Suggestion for future work
6.1 Suggestion for future work
This website is just the first step towards the making of Secure Semantic Web, a lot more can
be done but due to time constraint of three months, only this much was feasible. For future
work the author would recommend its readers the following things:
a) Work on integration of Elliptic Curve Cryptography into Semantic Web Stack.
b) Work on SECCURE Toolkit to be available for Windows platform.
c) Work on integration of SECCURE toolkit into Semantic Web Ontology IDE’s like
Protégé 4.1.
d) A secure encryption mechanism or access control mechanism can be developed
exclusively for RDF triple store.
6.2 Conclusion
In this M.Sc. Dissertation Project Report the author presented a successful demonstration of
Secure Semantic Web, Ontology Sharing System. In this project the author emphasised on
the importance of Security in Semantic Web. The author also talks about importance of
factors like Trust, Proof and Cryptography in Semantic Web Stack.
Author also presented his findings on different crypto systems like RSA: Rivest Shamir
Adleman, DSA: Digital Signature Algorithm and ECC: Elliptic Curve Cryptography. Author
finds out that Elliptic Curve Cryptography is the best crypto system available today and
should be exploited in the benefit of a Secure World Wide Web and a Secure Semantic Web.
The use of SECCURE toolkit was definitely an advantage towards the successful completion
of project on time. SECCURE introduced the easiest possible way to deal with the strongest
crypto system which is based on the most difficult mathematical problem i.e. Elliptic Curve
- 39 -
Discrete Logarithm Problem. All the commands were easy to understand, learn and
implement.
Overall the MSc Dissertation project was delivered on time, with all the results & successful
demonstration. This project has greatly enhanced the author’s understanding, about Semantic
Web and Importance of Layers like Trust, Proof and Cryptography in Semantic Web Stack.
It also gave an opportunity to the author to investigate web design packages such as Adobe
Dreamweaver CS3, WAMP 2.0, Elliptic Curve Cryptography Toolkit: SECCURE and Linux
based Operating System: UBUNTU 10.04.
- 40 -
7 Chapter 7: Appendices
7.1 Appendix: Web Pages along with the some important bits of code
7.1.1 HOME PAGE
CODE for the Home Page:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Homepage</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="images/Envision.css" type="text/css" />
</head>
<body>
<div id="wrap">
- 41 -
<div id="header">
<h1 id="logo-text">Secure Semantic Web</h1>
<h2 id="slogan"><b>Web Ontology Sharing....</b></h2>
<div id="header-links">
<p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p>
</div>
</div>
<div id="menu">
<ul>
<li id="current"><a href="index.php">Home</a></li>
<li><a href="archives.php">Archives</a></li>
<li><a href="support.php">Tech-Support</a></li>
<li class="last"><a href="about.php">About</a></li>
</ul>
</div>
<div id="content-wrap">
<div id="sidebar">
<h1>Search Box</h1>
<form method="get" action="http://www.google.com/search">
<p>
<input type="text" name="q" size="20" maxlength="255" value="" />
<input type="submit" value="Search" />
</p>
</form>
<h1>Login</h1>
<form action="download_upload.php" method="post">
<p>
<label>Username</label>
<input name="username" value="Your UserName" type="text" size="20"
id="username"/>
<label>Password</label>
<input name="password" value="Your Password" type="password" size="20"
id="password"/>
<br />
<br />
<input class="button" type="submit" />
</p>
</form>
<h1>Links to Semantic Websites</h1>
<ul class="sidemenu">
<li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li>
<li><a href="http://swoogle.umbc.edu/">Swoogle</a></li>
<li><a href="http://data.gov.uk/">Data Gov UK</a></li>
<li><a href="http://sig.ma/">SIG.MA</a></li>
- 42 -
<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li>
</ul>
</div>
<div id="main">
<h1>Secure Semantic Web </h1>
<p><strong>Semantic Web</strong><strong>"</strong>is a group of methods and
technologies to allow machines to understand the meaning - or "semantics" - of information
on the World Wide Web.
The term was coined by <strong>World Wide Web Consortium (W3C)</strong> director
<strong>Tim Berners-Lee</strong>. According to the original vision, the availability of
machine-readable metadata would enable automated agents and other software to access the
Web more intelligently.<br /><br /> The agents would be able to perform tasks automatically
and locate related information on behalf of the user.
While the term "Semantic Web" is mainly to be used to describe the model and technologies
proposed by the W3C. These technologies include the <strong>Resource Description
Framework (RDF)</strong>, a variety of data interchange formats (e.g. RDF/XML, N3,
Turtle, N-Triples), and notations such as <strong>RDF Schema (RDFS)</strong> and the
<strong>Web Ontology Language (OWL)</strong>, all of which are intended to provide a
formal description of concepts, terms, and relationships within a given knowledge
domain.Many of the technologies proposed by the W3C already exist and are used in various
projects.<strong>"<a href=http://en.wikipedia.org/wiki/Semantic_Web> [1]
</a></strong><br /><br />
<strong>Security</strong> has always been considered as a key concern, by all the
research scientists who are working in the field of <strong>Semantic Web</strong>. That is
why factors associated with the Security of Semantic Web like Trust, Proof, Encryption,
Signatures has been kept on top most layer of <a
href="http://en.wikipedia.org/wiki/Semantic_Web_Stack#Overview">Semantic Web
Stack</a>. This website demonstrate a step towards the making of a <strong>Secure
Semantic Web</strong>.</p>
<p>Semantic Web revolves around the <strong>Ontologies</strong> and <strong>RDF
Triples</strong>, and there are lots of web forums and communities which provides ready to
use Ontologies. Which means that you are free to use and modify it for any purpose.</p>
<p class="post-footer align-right"> <a
href="http://en.wikipedia.org/wiki/Semantic_Web" class="readmore">Read more</a></p>
</div>
</div>
<div id="footer">
<p> © 2010 <strong>MSc Dissertation Project</strong> | Design by:
<strong>Raman Pal</strong> | Valid <a
href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a
- 43 -
href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a>
<a href="index.php">Home</a> |
</p>
</div>
</div>
</body>
</html>
7.1.2 ONTOLOGY REPOSITORY
- 44 -
7.1.3 TECH-SUPPORT
- 45 -
7.1.4 ABOUT
- 46 -
7.1.5 NEW USER REGISTRATION PAGE
CODE for NEW USER REGISTRATION PAGE:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>New User Registration</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="images/Envision.css" type="text/css" />
</head>
<body>
<div id="wrap">
<div id="header">
<h1 id="logo-text">Secure Semantic Web</h1>
<h2 id="slogan"><b>Web Ontology Sharing....</b></h2>
<div id="header-links">
<p> <a href="newuser.php">New User</a> | <a href="about.php">Contact</a> </p>
</div>
</div>
<div id="menu">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="archives.php">Archives</a></li>
<li><a href="support.php">Tech-Support</a></li>
- 47 -
<li class="last"><a href="about.php">About</a></li>
</ul>
</div>
<div id="content-wrap">
<div id="sidebar">
<h1>Search Box</h1>
<form method="get" action="http://www.google.com/search">
<p>
<input type="text" name="q" size="20" maxlength="255" value="" />
<input type="submit" value="Search" />
</p>
</form>
<h1>Links to Semantic Websites</h1>
<ul class="sidemenu">
<li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li>
<li><a href="http://swoogle.umbc.edu/">Swoogle</a></li>
<li><a href="http://data.gov.uk/">Data Gov UK</a></li>
<li><a href="http://sig.ma/">SIG.MA</a></li>
<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li>
</ul>
</div>
<div id="main">
<h1>New User Registration </h1>
<p>
<form action="congrats.php" method="post">
<p>Enter Username: <input type="text" name="username" value="" size=50/><br />
Enter Password : <input type="password" name="password" value=""
size=50/><br />
Full Name : <input
type="text" name="name" value="" size=50/><br />
Email  
; : <input type="text" name="email_id" value="" size=50/><br
/>
Occupation : <input type="text"
name="occupation" value="" size="50"/><br />
Country :
<input type="text" name="country" value="" size="50"/></p>
<p align="center"> Submit Details: <input type ="submit" name="submit"
value="Submit"/></p>
</form>
</div>
</div>
<div id="footer">
- 48 -
<p> © 2010 <strong>MSc Dissertation Project</strong> | Design by:
<strong>Raman Pal</strong> | Valid <a
href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a
href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a>
<a href="index.php">Home</a> |
</p>
</div></div></body></html>
- 49 -
7.1.6 USER’S PAGE
- 50 -
CODE for USER’s PAGE
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Download and Upload Instructions</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="images/Envision.css" type="text/css" />
</head>
<body>
<?php
$username_1 = $_POST['username'];
$password_1 = $_POST['password'];
$db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143') OR
die("disconnected<br>");
$db = mysql_select_db('b13_6284740_project') OR die("unable to select database");
$dbquery_1 = "select * from users where username='$username_1' and
password='$password_1'" OR die
("unable to execute query");
$dbresult_1 = mysql_query($dbquery_1,$db_connect) OR die("unable 2 give result");
?>
<div id="wrap">
<div id="header">
<h1 id="logo-text">Secure Semantic Web</h1>
<h2 id="slogan"><b>Web Ontology Sharing....</b></h2>
<div id="header-links">
<p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p>
</div>
</div>
<div id="menu">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="archives.php">Archives</a></li>
<li><a href="support.php">Tech-Support</a></li>
<li><a href="download_request.php">Download Request</a></li>
<li><a href="upload_request.php">Upload Request</a></li>
<li class="last"><a href="about.php">About</a></li>
</ul>
- 51 -
</div>
<div id="content-wrap">
<div id="sidebar">
<h1>Search Box</h1>
<form method="get" action="http://www.google.com/search">
<p>
<input type="text" name="q" size="20" maxlength="255" value="" />
<input type="submit" value="Search" />
</p>
</form>
<h1>Links to Semantic Websites</h1>
<ul class="sidemenu">
<li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li>
<li><a href="http://swoogle.umbc.edu/">Swoogle</a></li>
<li><a href="http://data.gov.uk/">Data Gov UK</a></li>
<li><a href="http://sig.ma/">SIG.MA</a></li>
<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li>
</ul>
</div>
<div id="main">
<h1>Instructions for Downloading Semantic Web Ontology !!</h1>
<ul>
<li>For Downloading any Semantic Web Ontology, you need to fill in some details into
the form below:</li>
<li>First download <strong>SECCURE: Secure Elliptic Curve Cryptography Utility for
Reliable Encryption</strong>. You can download its Tar.gz File or Debian Package from <a
href="http://point-at-infinity.org/seccure/">Seccure</a>.</li>
<li>After installing this very important toolkit in your machine. You should generate
<strong>PUBLIC KEY & PRIVATE KEY PAIR</strong>, using the following set of
commands in your terminal window:<br />
<strong>$ seccure-key<br />
Assuming curve p160.<br />
Enter private key: my private key<br />
The public key is: 8W;>i^H0qi|J&$coR5MFpR*V </strong></li>
<li>User Should must provide this <strong>PUBLIC KEY</strong> in the form below, and
keep the <strong>PRIVATE KEY</strong> safe with you.</li>
<li>The website Admin needs your PUBLIC KEY to encrypt the file exclusively for you.
</li>
<li>The Download link for the requested ontology will be made available to you in
24Hours.</li>
- 52 -
<li>After downloading the file on your machine, Simply browse to the directory of
the file. Use the following set of commands to Decrypt the File.<br />
<strong>seccure-decrypt -o filename.enc <br />
Enter the Private Key: my private key<br />
File Open</strong></li>
</li>
</ul>
<p align="center"><a href="download_request.php"><strong>Download Request
Form</strong></a></p>
<h1>Instructions for Uploading Semantic Web Ontology!!</h1>
<ul>
<li>For Uploading any Semantic Web Ontology to this website, the user needs to fill in
some details into the form below, and upload the file using the file upload tool.</li>
<li>First Download and Install <strong>SECCURE: Secure Elliptic Curve Cryptography
Utility for Reliable Encryption</strong>. You can download its Tar.gz File or Debian
Package from <a href="http://point-at-infinity.org/seccure/">Seccure</a>.</li>
<li>After installing this very important toolkit in your machine. Use this PUBLIC
KEY::<strong>2D*~@S|:iXX.8HHY;kYBy*E>n</strong>, to encrypt the Ontology file,
using the commands below:<br />
<strong>$ seccure-encrypt -i file.owl -o file.enc '2D*~@S|:iXX.8HHY;kYBy*E>n'<br />
Encryption Succesful</strong></li>
<li>User Should than, UPLOAD the encrypted version of the file, using the File_Upload
option below:</li>
<li>The website Admin will check the file, and if the decryption is successful on Admin's
end, It will be uploaded in our Archives in 24Hours of time span.</li>
<li>Kindly fill in all the details related to the Semantic web Ontology you are about to
upload.</li>
</li>
</ul>
<p align="center"><a href="upload_request.php"><strong>Upload Request
Form</strong></a></p>
</div>
</div>
<div id="footer">
<p> © 2010 <strong>MSc Dissertation Project</strong> | Design by:
<strong>Raman Pal</strong> | Valid <a
href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a
href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a>
- 53 -
<a href="index.php">Home</a> |
</p>
</div>
</div>
</body>
</html>
7.1.7 DOWNLOAD REQUEST FORM
CODE for DOWNLOAD REQUEST FORM:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Download and Upload Instructions</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="images/Envision.css" type="text/css" />
</head>
<body>
<div id="wrap">
<div id="header">
<h1 id="logo-text">Secure Semantic Web</h1>
<h2 id="slogan"><b>Web Ontology Sharing....</b></h2>
<div id="header-links">
<p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p>
- 54 -
</div>
</div>
<div id="menu">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="archives.php">Archives</a></li>
<li><a href="support.php">Tech-Support</a></li>
<li id="current"><a href="download_request.php">Download Request</a></li>
<li><a href="upload_request.php">Upload Request</a></li>
<li class="last"><a href="about.php">About</a></li>
</ul>
</div>
<div id="content-wrap">
<div id="sidebar">
<h1>Search Box</h1>
<form method="get" action="http://www.google.com/search">
<p>
<input type="text" name="q" size="20" maxlength="255" value="" />
<input type="submit" value="Search" />
</p>
</form>
<h1>Links to Semantic Websites</h1>
<ul class="sidemenu">
<li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li>
<li><a href="http://swoogle.umbc.edu/">Swoogle</a></li>
<li><a href="http://data.gov.uk/">Data Gov UK</a></li>
<li><a href="http://sig.ma/">SIG.MA</a></li>
<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li>
</ul>
</div>
<div id="main">
<h1>Request form for Downloading Semantic Web Ontology !!</h1>
<form action="download_request.php" method="post"><br />
Username: <input
type="text" value="" name="usrname" /><br /><br />
Add: <input
type="text" value="" name="email" /><br /><br />
PUBLIC KEY: <input type="text"
value="" name="pubkey" /><br /><br />
- 55 -
Ontology Name: <input type="text" value="" name="owlname" /><br
/><br />
Purpose:
<inp
ut type="text" value="" name="purpose" /><br /><br />
<input type="submit" value"Send Download Request" name="dndrequest" />
</form>
<?php
$usrname = $_POST['usrname'];
$mail = $_POST['email'];
$pubkey = $_POST['pubkey'];
$owlname = $_POST['owlname'];
$purpose = $_POST['purpose'];
$db_connect = mysql_connect('sql106.byethost13.com','b13_6284740','RAMAN143');
if ($db_connect == false)
{
die ("Unable to Connect to MySql Database<br>");
}
$db = mysql_select_db('b13_6284740_project');
if ($db == false)
{
die ("Unable to Select MySql Databse<br>");
}
$dbquery = "INSERT INTO download (usrname, mail, publickey, owlname,
purpose) VALUES ('$usrname','$mail','$pubkey','$owlname','$purpose')";
$dbresult = mysql_query ($dbquery, $db_connect);
if ($dbresult == false)
{
die("Unable to add record <br>");
}
?>
</div>
</div>
<div id="footer">
<p> © 2010 <strong>MSc Dissertation Project</strong> | Design by:
<strong>Raman Pal</strong> | Valid <a
href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a
href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a>
<a
href="index.php">Home</a> | </p>
- 56 -
</div>
</div>
</body>
</html>
7.1.8 UPLOAD REQUEST FORM
CODE for UPLOAD REQUET FORM:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Download and Upload Instructions</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="images/Envision.css" type="text/css" />
</head>
<body>
<div id="wrap">
<div id="header">
<h1 id="logo-text">Secure Semantic Web</h1>
<h2 id="slogan"><b>Web Ontology Sharing....</b></h2>
<div id="header-links">
<p> <a href="byebye.php">Logout</a> | <a href="about.php">Contact</a> </p>
</div>
</div>
- 57 -
<div id="menu">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="archives.php">Archives</a></li>
<li><a href="support.php">Tech-Support</a></li>
<li><a href="download_request.php">Download Request</a></li>
<li id="current"><a href="upload_request.php">Upload Request</a></li>
<li class="last"><a href="about.php">About</a></li>
</ul>
</div>
<div id="content-wrap">
<div id="sidebar">
<h1>Search Box</h1>
<form method="get" action="http://www.google.com/search">
<p>
<input type="text" name="q" size="20" maxlength="255" value="" />
<input type="submit" value="Search" />
</p>
</form>
<h1>Links to Semantic Websites</h1>
<ul class="sidemenu">
<li><a href="http://wiki.dbpedia.org/About">WIKI.DBPedia.Org</a></li>
<li><a href="http://swoogle.umbc.edu/">Swoogle</a></li>
<li><a href="http://data.gov.uk/">Data Gov UK</a></li>
<li><a href="http://sig.ma/">SIG.MA</a></li>
<li><a href="http://semanticweb.org/wiki/Main_Page">Semantic Web Wiki</a></li>
</ul>
</div>
<div id="main">
<h1>Request form for Uploading Semantic Web Ontology!!</h1>
<form enctype="multipart/form-data" action="upload_request.php" method="POST"><br />
Ontology Name:: <input
type="text" name="ontologyname" value="" /><br /><br />
Ontology Description:: <input type="text" name"description" value="" size="50" /><br /><br
/>
Username::
<input type="text" name="username" value="" /><br /><br />
Email:: &nbs
p; <input
type="text" name="email" value="" /><br /><br />
- 58 -
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" />
<input type="submit" value="Submit" /><br /><br />
</form>
<?php
$target_path = "upload/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "There was an error uploading the file, please try again!";
}
?>
</div>
</div>
<div id="footer">
<p> © 2010 <strong>MSc Dissertation Project</strong> | Design by:
<strong>Raman Pal</strong> | Valid <a
href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a
href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a>
<a
href="index.php">Home</a> | </p>
</div>
</div>
</body>
</html>
8 References [1] Ali, R. (2008). Elliptic Curve Cryptography A new way for Encryption. Karachi: IEEE.
[2] Amit Jain, Csilla Farkas. (2006). Secure Resource Description Framework: an Access
Control Model. SACMAT'06. ACM.
[3] Azadeh Nematzadeh, Layla Pournajaf . (2008). Privacy Concerns of Semantic Web . Fifth
International Conference on Information Technology: New Generations. Tehran: IEEE
Computer Society.
- 59 -
[4] Bertino, E. (2002). Access Control for XML Documents, Data and Knowledge
Engineering.
[5] Bhavani Thuraisingham, Pranav Parikh . (2008). Trustworthy Semantic Web
Technologies for Secure Knowledge Management . 2008 IEEE/IFIP International
Conference on Embedded and Ubiquitous Computing . IEEE Computer Society.
[6] Elena Ferrari, Bhavani Thuraisingham. (2000). Secure Database System. In Advances in
Database Management. Artech House.
[7] Farkas, C. (2003). Inference Problem for Semantic Web. Proceeding of the IFIP
conference on Data and Application Security. Colorado.
[8] Gaithersburg, M. (2009, June). Digital Signature Standards, FIPS PUB 186-3. Retrieved
from Federal Information Processing Standards Publications FIPS PUBS:
http://www.itl.nist.gov/fipspubs/by-num.htm
[9] Ian F. Blake, Gadiel seroussi, Nigel P. Smart. (2005). Advances in Elliptic Curve
Cryptography. Cambridge: Cambridge University Press.
[10] Jirı Dokulil, Jakub Yaghob, Jana Katreniakova. (2008). Everything You Ever Wanted to
Learn from the Semantic Web but Were Unable to Ask. The Second International Conference
on Advanced Engineering Computing and Applications in Sciences. IEEE Computer Society.
[11] Koblitz, N. (1987). Elliptic Curve Cryptosystems. Math. Comp.
[12] Maryam Tahajod, Azadeh Iranmehr, Nasim khozooyi. (2009). Trust Management for
Semantic Web . 2009 Second International Conference on Computer and Electrical
Engineering. IEEE Computer Society.
[13] Nigel Shadbolt, Wendy Hall, Tim Berners-Lee. (2006). Semantic Web Revisted. Web
and Semantic Web Research Information. IEEE Computer Society.
[14] Poettering, B. (2009, april 9). SECCURE. Retrieved from Point At Infinity:
http://www.point-at-infinity.org/seccure/
[15] Qizhi Qiu, Qianxing Xiong . (2003). Research on Elliptic Curve Cryptography. The 8th
International Conference on Computer Supported Cooperative Work in Design Proceedings.
IEEE.
[16] R. L. Rivest, A. Shamir, L. Adleman. (1978). A method for obtaining digital signatures
and public key cryptosystem. Communication of the ACM. ACM.
[17] Semantic Information Mash-Up. (n.d.). Retrieved from Sig.MA: http://www.sig.ma
[18] Shuhua Wu, Yuefei Zhu. (2006). A Resource Efficient Architecture for RSA and Elliptic
Curve Cryptosystems. IEEE.
- 60 -
[19] Sizov, S. (2007). What Makes You Think That? The Semantic Web’s Proof Layer. IEEE
Computer Society.
[20] The Case For Elliptic Curve Cryptography. (2009, January 15). Retrieved from National
Security Agency, Central Security Service:
http://www.nsa.gov/business/programs/elliptic_curve.shtml
[21] Thuraisingham, B. (2002). Builing Secure Survivable Semantic Web. 14th IEEE
International Conference on Tools with Artificial Intelligence (ICTAI’02).
[22] Thuraisingham, B. (2007). CONFIDENTIALITY, PRIVACY AND TRUST POLICY
ENFORCEMENT FOR THE SEMANTIC WEB. Eight IEEE International Workshop on
Policies for Distributed System and Networks (POLICY'07). Dallas: IEEE Computer Society.
[23] Thuraisingham, B. (2003). Security Issues for the Semantic Web . 27th Annual
International Computer Software and Applications Conference (COMPSAC’03).
[24] Thuraisingham, B. (2002). XML Databases and the Semantci Web. CRC.
[25] Thuraisingham, D. B. (2009). Building Trustworthy Semantic Webs . IEEE IRI 2009.
[26] Tim Berners-Lee, Mark Fischetti. (1999). Weaving The Web. San Francisco: Harper.
[27] Vanstone, S. (2004, March 18). ECC holds key to Next-Gen Cryptography. Retrieved
from EE Times News and Analysis:
http://www.commsdesign.com/showArticle.jhtml?articleID=18400497
[28] Yu Zhang, Huajun Chen, Zhaohui Wu, Xiaoqing Zheng. (2006). Develop a
computational trust prototype for the Semantic Web. Proceedings of the 22nd International
Conference on Data Engineering Workshops (ICDEW'06).