Visible to the public Biblio

Filters: Keyword is Proposals  [Clear All Filters]
2020-02-10
Carneiro, Lucas R., Delgado, Carla A.D.M., da Silva, João C.P..  2019.  Social Analysis of Game Agents: How Trust and Reputation can Improve Player Experience. 2019 8th Brazilian Conference on Intelligent Systems (BRACIS). :485–490.
Video games normally use Artificial Intelligence techniques to improve Non-Player Character (NPC) behavior, creating a more realistic experience for their players. However, rational behavior in general does not consider social interactions between player and bots. Because of that, a new framework for NPCs was proposed, which uses a social bias to mix the default strategy of finding the best possible plays to win with a analysis to decide if other players should be categorized as allies or foes. Trust and reputation models were used together to implement this demeanor. In this paper we discuss an implementation of this framework inside the game Settlers of Catan. New NPC agents are created to this implementation. We also analyze the results obtained from simulations among agents and players to conclude how the use of trust and reputation in NPCs can create a better gaming experience.
2020-01-20
Ren, Zhengwei, Zha, Xianye, Zhang, Kai, Liu, Jing, Zhao, Heng.  2019.  Lightweight Protection of User Identity Privacy Based on Zero-knowledge Proof. 2019 IEEE International Conference on Systems, Man and Cybernetics (SMC). :2549–2554.
A number of solutions have been proposed to tackle the user privacy-preserving issue. Most of existing schemes, however, focus on methodology and techniques from the perspective of data processing. In this paper, we propose a lightweight privacy-preserving scheme for user identity from the perspective of data user and applied cryptography. The basic idea is to break the association relationships between User identity and his behaviors and ensure that User can access data or services as usual while the real identity will not be revealed. To this end, an interactive zero-knowledge proof protocol of identity is executed between CSP and User. Besides, a trusted third-party is introduced to manage user information, help CSP to validate User identity and establish secure channel between CSP and User via random shared key. After passing identity validation, User can log into cloud platform as usual without changing existing business process using random temporary account and password generated by CSP and sent to User by the secure channel which can further obscure the association relationships between identity and behaviors. Formal security analysis and theoretic and experimental evaluations are conducted, showing that the proposal is efficient and practical.
2020-01-13
Potrino, Giuseppe, de Rango, Floriano, Santamaria, Amilcare Francesco.  2019.  Modeling and evaluation of a new IoT security system for mitigating DoS attacks to the MQTT broker. 2019 IEEE Wireless Communications and Networking Conference (WCNC). :1–6.
In recent years, technology use has assumed an important role in the support of human activities. Intellectual work has become the main preferred human activity, while structured activities are going to become ever more automatized for increasing their efficiency. For this reason, we assist to the diffusion of ever more innovative devices able to face new emergent problems. These devices can interact with the environment and each other autonomously, taking decisions even without human control. This is the Internet of Things (IoT) phenomenon, favored by low cost, high mobility, high interaction and low power devices. This spread of devices has become uncontrolled, but security in this context continues to increase slowly. The purpose of this work is to model and evaluate a new IoT security system. The context is based on a generic IoT system in the presence of lightweight actuator and sensor nodes exchanging messages through Message Queue Telemetry Transport (MQTT) protocol. This work aims to increase the security of this protocol at application level, particularly mitigating Denial of Service (DoS) attacks. The system is based on the use of a host Intrusion Detection System (IDS) which applies a threshold based packet discarding policy to the different topics defined through MQTT.
2019-12-16
Park, Chan Mi, Lee, Jung Yeon, Baek, Hyoung Woo, Lee, Hae-Sung, Lee, JeeHang, Kim, Jinwoo.  2019.  Lifespan Design of Conversational Agent with Growth and Regression Metaphor for the Natural Supervision on Robot Intelligence. 2019 14th ACM/IEEE International Conference on Human-Robot Interaction (HRI). :646–647.
Human's direct supervision on robot's erroneous behavior is crucial to enhance a robot intelligence for a `flawless' human-robot interaction. Motivating humans to engage more actively for this purpose is however difficult. To alleviate such strain, this research proposes a novel approach, a growth and regression metaphoric interaction design inspired from human's communicative, intellectual, social competence aspect of developmental stages. We implemented the interaction design principle unto a conversational agent combined with a set of synthetic sensors. Within this context, we aim to show that the agent successfully encourages the online labeling activity in response to the faulty behavior of robots as a supervision process. The field study is going to be conducted to evaluate the efficacy of our proposal by measuring the annotation performance of real-time activity events in the wild. We expect to provide a more effective and practical means to supervise robot by real-time data labeling process for long-term usage in the human-robot interaction.
2019-11-25
Pei, Xin, Li, Xuefeng, Wu, Xiaochuan, Zheng, Kaiyan, Zhu, Boheng, Cao, Yixin.  2019.  Assured Delegation on Data Storage and Computation via Blockchain System. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0055–0061.
With the widespread of cloud computing, the delegation of storage and computing is becoming a popular trend. Concerns on data integrity, security, user privacy as well as the correctness of execution are highlighted due to the untrusted remote data manipulation. Most of existing proposals solve the integrity checking and verifiable computation problems by challenge-response model, but are lack of scalability and reusability. Via blockchain, we achieve efficient and transparent public verifiable delegation for both storage and computing. Meanwhile, the smart contract provides API for request handling and secure data query. The security and privacy issues of data opening are settled by applying cryptographic algorithms all through the delegations. Additionally, any access to the outsourced data requires the owner's authentication, so that the dat transference and utilization are under control.
2019-09-09
Dholey, M. K., Saha, M. K..  2018.  A Security Mechanism in DSR Routing for MANET. 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI). :921-925.

Mobile Ad-hoc Network (MANET) is an autonomous collection of mobile nodes and communicate among them in their radio range. It is an infrastructure less, bandwidth constraint multi-hop wireless network. A various routing protocol is being evolved for MANET routing and also provide security mechanism to avoid security threads. Dynamic Source Routing (DSR), one of the popular reactive routing protocols for MANET, establishes path between source to destination before data communication take place using route request (RREQ) and route reply (RREP) control messages. Although in [1] authors propose to prevent route diversion due to a malicious node in the network using group Diffie-Hellman (GDH) key management applied over source address, but if any intermediate trusted node start to misbehave then there is no prevention mechanism. Here in this paper, we applied Hash function scheme over destination address to identify the misbehaving intermediate node that can provide wrong destination address. The path information towards the destination sent by the intermediate node through RREP is exactly for the intended required destination or not, here we can identified according to our proposed algorithm and pretend for further data transmission. Our proposed algorithm proves the authenticity of the destination and also prevent from misbehaving intermediate nodes.

2019-07-01
Rosa, F. De Franco, Jino, M., Bueno, P. Marcos Siqueira, Bonacin, R..  2018.  Coverage-Based Heuristics for Selecting Assessment Items from Security Standards: A Core Set Proposal. 2018 Workshop on Metrology for Industry 4.0 and IoT. :192-197.

In the realm of Internet of Things (IoT), information security is a critical issue. Security standards, including their assessment items, are essential instruments in the evaluation of systems security. However, a key question remains open: ``Which test cases are most effective for security assessment?'' To create security assessment designs with suitable assessment items, we need to know the security properties and assessment dimensions covered by a standard. We propose an approach for selecting and analyzing security assessment items; its foundations come from a set of assessment heuristics and it aims to increase the coverage of assessment dimensions and security characteristics in assessment designs. The main contribution of this paper is the definition of a core set of security assessment heuristics. We systematize the security assessment process by means of a conceptual formalization of the security assessment area. Our approach can be applied to security standards to select or to prioritize assessment items with respect to 11 security properties and 6 assessment dimensions. The approach is flexible allowing the inclusion of dimensions and properties. Our proposal was applied to a well know security standard (ISO/IEC 27001) and its assessment items were analyzed. The proposal is meant to support: (i) the generation of high-coverage assessment designs, which include security assessment items with assured coverage of the main security characteristics, and (ii) evaluation of security standards with respect to the coverage of security aspects.

2019-05-01
Li, X., Kodera, Y., Uetake, Y., Kusaka, T., Nogami, Y..  2018.  A Consideration of an Efficient Arithmetic Over the Extension Field of Degree 3 for Elliptic Curve Pairing Cryptography. 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW). :1–2.

This paper presents an efficient arithmetic in extension field based on Cyclic Vector Multiplication Algorithm that reduces calculation costs over cubic extension for elliptic curve pairing cryptography. In addition, we evaluate the calculation costs compared to Karatsuba-based method.

2019-03-06
Cuzzocrea, A., Damiani, E..  2018.  Pedigree-Ing Your Big Data: Data-Driven Big Data Privacy in Distributed Environments. 2018 18th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). :675-681.
This paper introduces a general framework for supporting data-driven privacy-preserving big data management in distributed environments, such as emerging Cloud settings. The proposed framework can be viewed as an alternative to classical approaches where the privacy of big data is ensured via security-inspired protocols that check several (protocol) layers in order to achieve the desired privacy. Unfortunately, this injects considerable computational overheads in the overall process, thus introducing relevant challenges to be considered. Our approach instead tries to recognize the "pedigree" of suitable summary data representatives computed on top of the target big data repositories, hence avoiding computational overheads due to protocol checking. We also provide a relevant realization of the framework above, the so-called Data-dRIven aggregate-PROvenance privacypreserving big Multidimensional data (DRIPROM) framework, which specifically considers multidimensional data as the case of interest.
2019-02-14
Facon, A., Guilley, S., Lec'Hvien, M., Schaub, A., Souissi, Y..  2018.  Detecting Cache-Timing Vulnerabilities in Post-Quantum Cryptography Algorithms. 2018 IEEE 3rd International Verification and Security Workshop (IVSW). :7-12.

When implemented on real systems, cryptographic algorithms are vulnerable to attacks observing their execution behavior, such as cache-timing attacks. Designing protected implementations must be done with knowledge and validation tools as early as possible in the development cycle. In this article we propose a methodology to assess the robustness of the candidates for the NIST post-quantum standardization project to cache-timing attacks. To this end we have developed a dedicated vulnerability research tool. It performs a static analysis with tainting propagation of sensitive variables across the source code and detects leakage patterns. We use it to assess the security of the NIST post-quantum cryptography project submissions. Our results show that more than 80% of the analyzed implementations have at least one potential flaw, and three submissions total more than 1000 reported flaws each. Finally, this comprehensive study of the competitors security allows us to identify the most frequent weaknesses amongst candidates and how they might be fixed.

2018-06-11
Kaaniche, N., Laurent, M..  2017.  A blockchain-based data usage auditing architecture with enhanced privacy and availability. 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA). :1–5.

Recent years have witnessed the trend of increasingly relying on distributed infrastructures. This increased the number of reported incidents of security breaches compromising users' privacy, where third parties massively collect, process and manage users' personal data. Towards these security and privacy challenges, we combine hierarchical identity based cryptographic mechanisms with emerging blockchain infrastructures and propose a blockchain-based data usage auditing architecture ensuring availability and accountability in a privacy-preserving fashion. Our approach relies on the use of auditable contracts deployed in blockchain infrastructures. Thus, it offers transparent and controlled data access, sharing and processing, so that unauthorized users or untrusted servers cannot process data without client's authorization. Moreover, based on cryptographic mechanisms, our solution preserves privacy of data owners and ensures secrecy for shared data with multiple service providers. It also provides auditing authorities with tamper-proof evidences for data usage compliance.

2018-06-07
Akcay, S., Breckon, T. P..  2017.  An evaluation of region based object detection strategies within X-ray baggage security imagery. 2017 IEEE International Conference on Image Processing (ICIP). :1337–1341.

Here we explore the applicability of traditional sliding window based convolutional neural network (CNN) detection pipeline and region based object detection techniques such as Faster Region-based CNN (R-CNN) and Region-based Fully Convolutional Networks (R-FCN) on the problem of object detection in X-ray security imagery. Within this context, with limited dataset availability, we employ a transfer learning paradigm for network training tackling both single and multiple object detection problems over a number of R-CNN/R-FCN variants. The use of first-stage region proposal within the Faster RCNN and R-FCN provide superior results than traditional sliding window driven CNN (SWCNN) approach. With the use of Faster RCNN with VGG16, pretrained on the ImageNet dataset, we achieve 88.3 mAP for a six object class X-ray detection problem. The use of R-FCN with ResNet-101, yields 96.3 mAP for the two class firearm detection problem requiring 0.1 second computation per image. Overall we illustrate the comparative performance of these techniques as object localization strategies within cluttered X-ray security imagery.

2018-04-04
Nguyen-Meidine, L. T., Granger, E., Kiran, M., Blais-Morin, L. A..  2017.  A comparison of CNN-based face and head detectors for real-time video surveillance applications. 2017 Seventh International Conference on Image Processing Theory, Tools and Applications (IPTA). :1–7.

Detecting faces and heads appearing in video feeds are challenging tasks in real-world video surveillance applications due to variations in appearance, occlusions and complex backgrounds. Recently, several CNN architectures have been proposed to increase the accuracy of detectors, although their computational complexity can be an issue, especially for realtime applications, where faces and heads must be detected live using high-resolution cameras. This paper compares the accuracy and complexity of state-of-the-art CNN architectures that are suitable for face and head detection. Single pass and region-based architectures are reviewed and compared empirically to baseline techniques according to accuracy and to time and memory complexity on images from several challenging datasets. The viability of these architectures is analyzed with real-time video surveillance applications in mind. Results suggest that, although CNN architectures can achieve a very high level of accuracy compared to traditional detectors, their computational cost can represent a limitation for many practical real-time applications.

2018-04-02
Focardi, R., Squarcina, M..  2017.  Run-Time Attack Detection in Cryptographic APIs. 2017 IEEE 30th Computer Security Foundations Symposium (CSF). :176–188.

Cryptographic APIs are often vulnerable to attacks that compromise sensitive cryptographic keys. In the literature we find many proposals for preventing or mitigating such attacks but they typically require to modify the API or to configure it in a way that might break existing applications. This makes it hard to adopt such proposals, especially because security APIs are often used in highly sensitive settings, such as financial and critical infrastructures, where systems are rarely modified and legacy applications are very common. In this paper we take a different approach. We propose an effective method to monitor existing cryptographic systems in order to detect, and possibly prevent, the leakage of sensitive cryptographic keys. The method collects logs for various devices and cryptographic services and is able to detect, offline, any leakage of sensitive keys, under the assumption that a key fingerprint is provided for each sensitive key. We define key security formally and we prove that the method is sound, complete and efficient. We also show that without key fingerprinting completeness is lost, i.e., some attacks cannot be detected. We discuss possible practical implementations and we develop a proof-of-concept log analysis tool for PKCS\#11 that is able to detect, on a significant fragment of the API, all key-management attacks from the literature.

2018-02-28
Arellanes, D., Lau, K. K..  2017.  Exogenous Connectors for Hierarchical Service Composition. 2017 IEEE 10th Conference on Service-Oriented Computing and Applications (SOCA). :125–132.

Service composition is currently done by (hierarchical) orchestration and choreography. However, these approaches do not support explicit control flow and total compositionality, which are crucial for the scalability of service-oriented systems. In this paper, we propose exogenous connectors for service composition. These connectors support both explicit control flow and total compositionality in hierarchical service composition. To validate and evaluate our proposal, we present a case study based on the popular MusicCorp.

2018-02-02
Mattos, D. M. F., Duarte, O. C. M. B., Pujolle, G..  2016.  A resilient distributed controller for software defined networking. 2016 IEEE International Conference on Communications (ICC). :1–6.

Control plane distribution on Software Defined Networking enhances security, performance and scalability of the network. In this paper, we propose an efficient architecture for distribution of controllers. The main contributions of the proposed architecture are: i) A controller distributed areas to ensure security, performance and scalability of the network; ii) A single database maintained by a designated controller to provide consistency to the control plane; iii) An optimized heuristic for locating controllers to reduce latency in the control plane; iv) A resilient mechanism of choosing the designated controller to ensure the proper functioning of the network, even when there are failures. A prototype of the proposal was implemented and the placement heuristic was analyzed in real topologies. The results show that connectivity is maintained even in failure scenarios. Finally, we show that the placement optimization reduces the average latency of controllers. Our proposed heuristic achieves a fair distribution of controllers and outperforms the network resilience of other heuristics up to two times better.

Hussein, A., Elhajj, I. H., Chehab, A., Kayssi, A..  2016.  SDN Security Plane: An Architecture for Resilient Security Services. 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW). :54–59.

Software Defined Networking (SDN) is the new promise towards an easily configured and remotely controlled network. Based on Centralized control, SDN technology has proved its positive impact on the world of network communications from different aspects. Security in SDN, as in traditional networks, is an essential feature that every communication system should possess. In this paper, we propose an SDN security design approach, which strikes a good balance between network performance and security features. We show how such an approach can be used to prevent DDoS attacks targeting either the controller or the different hosts in the network, and how to trace back the source of the attack. The solution lies in introducing a third plane, the security plane, in addition to the data plane, which is responsible for forwarding data packets between SDN switches, and parallel to the control plane, which is responsible for rule and data exchange between the switches and the SDN controller. The security plane is designed to exchange security-related data between a third party agent on the switch and a third party software module alongside the controller. Our evaluation shows the capability of the proposed system to enforce different levels of real-time user-defined security with low overhead and minimal configuration.

2017-12-20
Yamaguchi, M., Kikuchi, H..  2017.  Audio-CAPTCHA with distinction between random phoneme sequences and words spoken by multi-speaker. 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC). :3071–3076.
Audio-CAPTCHA prevents malicious bots from attacking Web services and provides Web accessibility for visually-impaired persons. Most of the conventional methods employ statistical noise to distort sounds and let users remember and spell the words, which are difficult and laborious work for humans. In this paper, we utilize the difficulty on speaker-independent recognition for ASR machines instead of distortion with statistical noise. Our scheme synthesizes various voices by changing voice speed, pitch and native language of speakers. Moreover, we employ semantic identification problems between random phoneme sequences and meaningful words to release users from remembering and spelling words, so it improves the accuracy of humans and usability. We also evaluated our scheme in several experiments.
2017-12-04
Alejandre, F. V., Cortés, N. C., Anaya, E. A..  2017.  Feature selection to detect botnets using machine learning algorithms. 2017 International Conference on Electronics, Communications and Computers (CONIELECOMP). :1–7.

In this paper, a novel method to do feature selection to detect botnets at their phase of Command and Control (C&C) is presented. A major problem is that researchers have proposed features based on their expertise, but there is no a method to evaluate these features since some of these features could get a lower detection rate than other. To this aim, we find the feature set based on connections of botnets at their phase of C&C, that maximizes the detection rate of these botnets. A Genetic Algorithm (GA) was used to select the set of features that gives the highest detection rate. We used the machine learning algorithm C4.5, this algorithm did the classification between connections belonging or not to a botnet. The datasets used in this paper were extracted from the repositories ISOT and ISCX. Some tests were done to get the best parameters in a GA and the algorithm C4.5. We also performed experiments in order to obtain the best set of features for each botnet analyzed (specific), and for each type of botnet (general) too. The results are shown at the end of the paper, in which a considerable reduction of features and a higher detection rate than the related work presented were obtained.

2017-04-20
Zhang, X., Gong, L., Xun, Y., Piao, X., Leit, K..  2016.  Centaur: A evolutionary design of hybrid NDN/IP transport architecture for streaming application. 2016 IEEE 7th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :1–7.

Named Data Networking (NDN), a clean-slate data oriented Internet architecture targeting on replacing IP, brings many potential benefits for content distribution. Real deployment of NDN is crucial to verify this new architecture and promote academic research, but work in this field is at an early stage. Due to the fundamental design paradigm difference between NDN and IP, Deploying NDN as IP overlay causes high overhead and inefficient transmission, typically in streaming applications. Aiming at achieving efficient NDN streaming distribution, this paper proposes a transitional architecture of NDN/IP hybrid network dubbed Centaur, which embodies both NDN's smartness, scalability and IP's transmission efficiency and deployment feasibility. In Centaur, the upper NDN module acts as the smart head while the lower IP module functions as the powerful feet. The head is intelligent in content retrieval and self-control, while the IP feet are able to transport large amount of media data faster than that if NDN directly overlaying on IP. To evaluate the performance of our proposal, we implement a real streaming prototype in ndnSIM and compare it with both NDN-Hippo and P2P under various experiment scenarios. The result shows that Centaur can achieve better load balance with lower overhead, which is close to the performance that ideal NDN can achieve. All of these validate that our proposal is a promising choice for the incremental and compatible deployment of NDN.

Torres, J. V., Alvarenga, I. D., Pedroza, A. de Castro Pinto, Duarte, O. C. M. B..  2016.  Proposing, specifying, and validating a controller-based routing protocol for a clean-slate Named-Data Networking. 2016 7th International Conference on the Network of the Future (NOF). :1–5.

Named-Data Networking (NDN) is the most prominent proposal for a clean-slate proposal of Future Internet. Nevertheless, NDN routing schemes present scalability concerns due to the required number of stored routes and of control messages. In this work, we present a controller-based routing protocol using a formal method to unambiguously specify, and validate to prove its correctness. Our proposal codes signaling information on content names, avoiding control message overhead, and reduces router memory requirements, storing only the routes for simultaneously consumed prefixes. Additionally, the protocol installs a new route on all routers in a path with a single route request to the controller, avoiding replication of routing information and automating router provisioning. As a result, we provide a protocol proposal description using the Specification and Description Language and we validate the protocol, proving that CRoS behavior is free of dead or live locks. Furthermore, the protocol validation guarantees that the scheme ensures a valid working path from consumer to producer, even if it does not assure the shortest path.

2017-02-21
W. Guibene, K. E. Nolan, M. Y. Kelly.  2015.  "Survey on Clean Slate Cellular-IoT Standard Proposals". 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. :1596-1599.

In this paper we investigate the proposals made by various industries for the Cellular Internet of Things (C-IoT). We start by introducing the context of C-IoT and demonstrate how this technology is closely linked to the Low Power-Wide Area (LPWA) technologies and networks. An in-depth look and system level evaluation is given for each clean slate technology and a comparison is made based on its specifications.

W. Guibene, K. E. Nolan, M. Y. Kelly.  2015.  "Survey on Clean Slate Cellular-IoT Standard Proposals". 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. :1596-1599.

In this paper we investigate the proposals made by various industries for the Cellular Internet of Things (C-IoT). We start by introducing the context of C-IoT and demonstrate how this technology is closely linked to the Low Power-Wide Area (LPWA) technologies and networks. An in-depth look and system level evaluation is given for each clean slate technology and a comparison is made based on its specifications.

2015-05-06
Pura, M.L., Buchs, D..  2014.  A self-organized key management scheme for ad hoc networks based on identity-based cryptography. Communications (COMM), 2014 10th International Conference on. :1-4.

Ad hoc networks represent a very modern technology for providing communication between devices without the need of any prior infrastructure set up, and thus in an “on the spot” manner. But there is a catch: so far there isn't any security scheme that would suit the ad hoc properties of this type of networks and that would also accomplish the needed security objectives. The most promising proposals are the self-organized schemes. This paper presents a work in progress aiming at developing a new self-organized key management scheme that uses identity based cryptography for making impossible some of the attacks that can be performed over the schemes proposed so far, while preserving their advantages. The paper starts with a survey of the most important self-organized key management schemes and a short analysis of the advantages and disadvantages they have. Then, it presents our new scheme, and by using informal analysis, it presents the advantages it has over the other proposals.

Albino Pereira, A., Bosco M.Sobral, J., Merkle Westphall, C..  2014.  Towards Scalability for Federated Identity Systems for Cloud-Based Environments. New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on. :1-5.

As multi-tenant authorization and federated identity management systems for cloud computing matures, the provisioning of services using this paradigm allows maximum efficiency on business that requires access control. However, regarding scalability support, mainly horizontal, some characteristics of those approaches based on central authentication protocols are problematic. The objective of this work is to address these issues by providing an adapted sticky-session mechanism for a Shibboleth architecture using CAS. This alternative, compared with the recommended shared memory approach, shown improved efficiency and less overall infrastructure complexity.