Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Biometric Systems by mmcsx

VIEWS: 165 PAGES: 39

									   Wireless Internet
Global Cyber Security




Biometric Systems
         From the Editor                                                                      Contents




    Dear Reader,
    NASK is an institution that, besides being active
    in the scientific and research field, also acts as


                                                                                     3 About NASK
    a regular telecommunications operator.
    Our scientific efforts center around quality of
    service (QoS) and IT system security projects.
    Special emphasis is placed on the research on
    biometric methods of identification.
                                                                                     6  SECURE 2006



                                                                                     8 News & Current
    An important part of NASK operations is the
    registration and maintenance of Internet domains. A national domain names           Events
    register for the .PL domain maintained by NASK is a fully automated
    system based on the newest technologies.
    The NASK commercial offering includes corporate networks, broadband
                                                                                    12  In the .EU Domain

    Internet access, collocation and hosting, teleconference services, telephony,
    as well as data communication security for businesses and institutions.
    Tremendous support in this field is provided through the knowledge and
                                                                                    14 About Radio
                                                                                        Technology

    experience of the CERT Polska team working at NASK.
    An important role is played by NASK as part of the European “Safer              15 Ethernet
                                                                                        VPN Based on the

    Internet” hotline program for eliminating illegal and harmful content on the
    Internet. A team implementing the guidelines of the European “Awareness”
    program for Internet safety in Poland also operates at NASK.
                                                                                    18 European Center
                                                                                        of Knowledge

    Moreover, NASK is an entity that creates the resources for the Polska.pl
    information portal (as well as its English-language version Poland.pl).         19 Reports
                                                                                        CERT Polska

    We present some of the areas of activity mentioned here in the current
    issue of the “NASK Review”. Among others, it includes information on the
    planned SECURE 2006 conference, articles on cybersecurity and new tech-
                                                                                    21 Global Cyber
                                                                                        Security


                                                                                    24 Forward
                                                                                        Web. 2.0 Goes
    nologies connected to services provided by NASK. Representatives of the
    Polska.pl team write about Web 2.0 services and members of the NASK
    Biometrics Laboratories present the findings of their research and develop-
    ment efforts.
                                                                                    27 AofNewWeb
                                                                                           the
                                                                                                Vision

                                                             Enjoy your reading,
                                                                Maria Baranowska
                                                                NASK PR Manager
                                                                                    31 Methods
                                                                                        Biometric



                                                                                    36 Biometric
                                                                                        Systems
2
                                                                                     About NASK




In accordance with the formation statute we are called The Research
and Academic Computer Network (in Polish: Naukowa i Akademicka
Sieć Komputerowa) and we are a research and development organization.




                     NASK as Seen by a Lawyer                                              Maria Ziółkowska


  Sometimes, we are wrongly described in
the press as a joint venture and sometimes                                 EXECUTIVE BODIES
we are perceived as a state corporation.                         At NASK, just like at any other research and
There are cases where the Director of NASK                      development organization, the executive bodies
is called the President and one time he was                     are the Director and the Scientific Council.
also addressed as his Magnificence Dean.                        Director, who by the power vested in him by the
How is it in reality?                                           Act manages NASK, has executive rights.
                                                                 NASK, with the exception of those falling under
  In accordance with the formation statute we                   the jurisdiction of the Scientific Council.
are called The Scientific and Academic Compu-
ter Network (in Polish: Naukowa i Akademicka              Particularly, the Director:
Sieć Komputerowa) and we are a research and               n determines NASK plans of operation,
development organization. The statute allows us           n implements personnel policy,
to use the abbreviated name NASK and this is              n manages the assets and is responsible for
the name we are most often identified with.               the results of NASK operations,
  NASK, as a research and development organi-             n represents NASK,
zation, is a state legal entity. The body respon-         n makes decisions in all matters pertaining to NASK,
sible for the creation of NASK in 1993 was                with the exception of those falling under the
the Chairman of the Scientific Research Com-              jurisdiction of the Scientific Council.
mittee, who cooperated on it with the Minister
of Finance. The foundation of NASK operation is                   The Director of NASK is elected for a 5 year
the Act from the 25th of July, 1985 about                       term by the overseeing executive body from
research and development organizations (Jour-                   among the candidates chosen by way of compe-
nal of Laws 01.33.388, as amended). NASK                        tition. Before the election of the Director, the
operates under the Statute nr 5 from the 14th                   executive body consults the Scientific Council
of December 1993 by the Chairman of the                         for its opinion.
Scientific Research Committee dealing with                        At NASK, there are four Deputy Directors.
the creation of NASK and under the Statute                      Deputy Directors are chosen by the Director
delivered by the NASK Scientific Council and                    following a recommendation of their candidacy
approved by the Minister of Science.                            by the Scientific Council.

NASK   Review 2006
                                                                                                              3
         About NASK




               SCIENTIFIC COUNCIL                                        THE SUPERVISORY BODY
      The second statutory body at NASK is the                    Presently, the executive body overseeing the
    Scientific Council. It consists of fifteen members,         operation of NASK is the Minister of Science
    who were elected by the NASK employees. The                 and Higher Education. The overseeing body con-
    Scientific Council is made up of ten NASK emplo-            trols and evaluates NASK’s operations and the
    yees, as well as five persons from outside of the           performance of its Director. As its right, the
    organization. The second group, according to the            overseeing body carries out at least one audit
    conditions of the bill about rdo., is made up of            at NASK per year.
    persons with a scientific title or a PhD degree,              The overseeing body can halt the execution
    as well as commanding outstanding knowledge                 of decisions made by the Director only when
    and practical achievement in the fields of tele-            it concludes that it is in conflict with the law.
    communications and data communication.                      In such a situation, the overseeing body can
      The Scientific Council is an executive, initia-           request the Director to change or withdraw his
    ting, opinion-forming and consulting body when              decision. The decision is administrative in natu-
    it comes to the statutory operations, as well               re, and therefore corrective measures apply as
    as in matters of expansion of scientific and                provided by the code of administrative conduct.
    technical-research personnel.                                 As part of the administrative rights, the oversee-
                                                                ing organ can burden NASK with the responsibility
     The duties of the NASK Scientific Council,                 to implement in its plans a special task, or appoint
     among others, include:                                     a task extraneous to the plan, if it is imperative
     n establishing direction for prospective scientific,       to realizing particularly important economic or
     development and implementation operations of the           social goals, due to defensive needs of the country,
     organization,                                              due to a catastrophe or in order to fulfill the
     n reviewing plans for thematic and financial               country’s international commitments. Up to now,
     direction of the organization, as well as the annual       NASK was called upon to carry out tasks in this
     reports on tasks accomplished from the Director,           mode twice. The overseeing body provided NASK
     n submitting recommendations for election or relief        with the means to carry out the appointed tasks.
     of duties of the organization’s Director,
     n reviewing candidates for the position of Director,
     n reviewing qualifications for positions of scientific
     and research-technical positions, as well as carrying
     out seasonal evaluations of the scientific and technical
     achievements of said personnel.


      As well, the Scientific Council is empowered
    to take up stance in all matters regarding the
    operation of a research and development organi-
    zation, including the ones not mentioned above.
      The full term for members of the Scientific
    Council lasts 4 years.
      Presently, the Scientific Council at NASK is in
    its 4th term.

4
                                                                                    About NASK




  NASK independently manages the assigned and                 file number 59. NASK is registered in the National
acquired part of national assets, as well as                  Court Registry as a research and development
implements its own management policy pertai-                  organization under the file number 0000012938.
ning to owned resources, taking the effective-                  The Director of NASK is Maciej Kozłowski,
ness of their use as the guiding principle.                   PhD. This is his second – after two won compe-
  NASK is an organization belonging to the public             titions – term at this position.
finance sector. In consequence, there is an
appropriate level of responsibility with regards      Deputy directors at NASK are:
to the exacting care taken of the assets belon-       Prof. Krzysztof Malinowski, PhD – Deputy Director
ging to NASK. One of the implications of NASK         for scientific matters,
being a part of the public finances sector is         Krzysztof Silicki, MSc – Deputy Director for technical
the application of the legal directives of the Bill   matters,
about public tenders which apply to NASK.             Maria Trąmpczyńska, MSc – Deputy Director
  NASK is responsible for its commitments. The        for academic matters,
National Treasury is not responsible for the          Dr. Tomasz Chlebowski, PhD – Deputy Director
commitments of NASK (the exception is the             for business matters.
responsibility of The National Treasury to honor      The chief accountant at NASK is Jarosław Nikiforuk.
the commitments of the research and develop-
ment organization in the event of its liquidation).             The Chairman of the NASK Scientific Council is
                                                              Prof. Jerzy Brzeziński, PhD. The Deputy Cha-
             SCOPE OF OPERATIONS                              irman of the Scientific Council is Prof. Andrzej
  The scope of NASK operations, including rese-               Dąbrowski, PhD.
arch and development operations, as well as
the business operations, is set out in the NASK       Members of the NASK Scientific Council are:
Statute. The Statute lists 24 categories of opera-    1. Maria Baranowska, PhD,
tions which NASK can be involved in.                  2 . Tadeusz Bieńkowski, MSc,
  The revenue from NASK operations is taxed the       3 . Prof. Jerzy Brzeziński, PhD,
same as the revenue of any entrepreneur who           4 . Tomasz Chlebowski, PhD,
is a legal entity.                                    5 . Adam Czajka, PhD
                                                      6 . Prof. Andrzej Dąbrowski, PhD,
 The following scopes of operation deserve            7. Krzysztof Heller, PhD
 particular mention:                                  8 . Jarosław Janiszewski, PhD
 n research and development efforts in the field      9 . Mirosław Maj, MSc,
 of technical science,                                10 . Prof. Krzysztof Malinowski, PhD,
 n data transmission and data communication,          11. Ewa Niewiadomska-Szynkiewicz, PhD,
 n radio communications,                              12 . Andrzej Pacut, PhD,
 n land telephony and telegraphy,                     13 . Krzysztof Silicki, MSc,
 n mobile telephony,                                  14 . Tadeusz Rogowski, MSc,
 n remaining telecommunications services.             15 . Maria Trąmpczyńska, MSc.

 NASK is a telecommunications entrepreneur                     Any detailed information regarding NASK can
registered in the Telecommunications Entrepre-                be found at www.nask.pl.
neur Registry maintained by the President of the                              Att. Maria Ziółkowska is the Manager
Office of Electronic Communications under the                                     of the Legal Department at NASK

NASK   Review 2006
                                                                                                               5
         News & Current Events




    The 10th anniversary of the SECURE conference series, as well as
    the CERT Polska team, brings about the conclusion that it is time to
    end a certain period, during which the mechanisms responsible for the
    security in the net, or the lack thereof, were well identified.




                                                 Time for a Breakthrough                               Mirosław Maj



     “Security – Time for a breakthrough” is the                         It is a very dangerous trend, which is starting
    slogan for this year’s anniversary edition of                      to have measurable effects. Already, market ana-
    the SECURE conference, which will take pla-                        lysts are noticing that in many economies the
    ce in Warsaw from the 17th to the 18th of                          clients are moving away from the so called
    October 2006.                                                      electronic economy because of the Internet secu-
                                                                       rity threats. Establishing the slogan for this
     The conference is organized under the patro-                      year’s SECURE we are not expecting that in
    nage of the Ministry of Science and Higher
    Education, as well as the Ministry of Interior
    and Administration. For the second time, one
    of the organizers is ENISA – European Network
    and Information Security Agency.

         THE REVERSAL OF THE TREND
      Trying to think of the best main theme for this
    year’s conference we came to a conclusion that
    it is time for a breakthrough in the field of data
    communication security. In addition, the 10th
    anniversary of the SECURE conference series, as
    well as the CERT Polska team, is conducive to
    asking the question which demonstrates that it is
    time to close a certain period. A period, during
    which the mechanisms responsible for the secu-
    rity in the net, or the lack thereof, were well
    identified. At the same time, it was a period when
    no good solution was found that would make the
    net more secure. What is worse – the net is
    becoming less and less secure.

6
                                                                         News & Current Events




little time a rapid reversal will take place and                           Presenting their position on the security at the
the Internet will become very secure. However,                           strategic level will be the representatives of
a breakthrough should arrive in the form of the                          the ENISA agency, as well as those of one of
reversal of the trend which I mentioned earlier.                         the honorable patrons – the Ministry of Interior
  The SECURE conference is not only about                                and Administration. Those lectures are a perfect
a discussion tied to the main theme. It is also                          opportunity to find out about the most recent
a series of lectures which, as usual, will deal                          ideas on the subject of data communication
with the most interesting and up-to-date matters                         security organization in the whole of European
from the world of IT security. Those are the                             Union and in our own backyard. They will be
topics dealing with strictly technical aspects, as                       complemented by other presentations illustrating
well as those tied to the general organization of                        specific accomplishments and plans of the Polish
data communication security.                                             government administration. Particularly, I have
                                                                         in mind the appearances by the representatives
                                                                         of the Department of Data Communication Secu-
                                                                         rity of the Internal Security Agency and the
 The 10th anniversary of the CERT Polska
                                                                         Bureau of the Inspector General for the Protec-
 The CERT Polska team operating at NASK was established in 1996.         tion of Personal Data.
 In 1997 it became a member of FIRST (Forum of Incidents Response          The practical aspects of approaching matters
 and Security Teams). It is within the framework of this organization    of security from a strictly business angle will be
 that CERT Polska cooperates with similar teams all over the world.      illustrated by the representatives of large Polish
 The team’s tasks include registration, handling and classification of   suppliers of mass Internet services. Those inc-
 events threatening the network’s security, conducting research and      lude the delegates of Gadu-Gadu and Allegro.pl
 publishing reports on the security of Internet users in Poland. CERT    services. Their activities in the net in Poland
 Polska participates in international initiatives aimed at network and   involve millions of Internet users. Mechanisms
 IT system security, e.g. it actively cooperates with ENISA (European    implemented, as well as processes developing as
 Network and Information Security Agency). The team’s knowledge and      part of those services can, and usually do, affect
 experience forms the foundation stone of the periodical IT security     the security of all users and, as a consequence,
 conference SECURE that NASK has been organized for years now.           in practice affect all of the Polish Internet. The
                                                                         same principle applies to a large extent to other
                                                                         “players”. As usual, in the course of the confe-
                                                                         rence, the largest producers of data communica-
                                                                         tion security hardware and software will present
                                                                         their products and solutions.
                                                                           A separate block of presentations will be pre-
                                                                         pared by NASK, and specifically the CERT Polska
                                                                         team. Representatives from the affiliated teams
                                                                         will also appear during the conference. This year,
                                                                         we expect to host guests from the oldest CERT
                                                                         in the world – the American CERT Coordination
                                                                         Center, the American Cymru CERT team, as well
                                                                         as one of the oldest European teams – the Dutch
                                                                         SURFnet CERT.
                                                                                     The author is the Manager of the CERT Polska
                                                                                                                   team at NASK

NASK   Review 2005
                                                                                                                              7
         News & Current Events




    Reaching Further
                                                                                The launch of the VectaStar radio
                                                                                access system boosts the possibili-
                                                                                ties and parameters of NASK
                                                                                services significantly.

                                                         Michał Małyszko



      A radio system allows reaching companies                             to change their location easily: the service can
    in locations where cabling infrastructure                              be continued at the new site with the installa-
    is missing or underdeveloped. The existing                             tion of a radio terminal. At the same time, the
    cabling is often used up or its quality makes                          primary fixed link is being transferred to the
    connections with the required parameters                               new location.
    impossible. This is where a radio access
    system comes in.                                                                      THE LAST MILE
                                                                             With its radio access system, NASK is no lon-
      A VectaStar base station allows providing servi-                     ger dependent on fixed cable network operators,
    ces within a 30 km radius – in most Polish cities                      whose resources were used previously to con-
    this means that NASK services are available not                        nect customers to the core network. Consequen-
    just in the centre but also on the outskirts, whe-                     tly, NASK is an independent operator that offers
    re business customers’ production and logistic                         last-mile connectivity within the range of its base
    facilities are located. Very often, providing any                      stations. This changes our competitive position
    telecommunications services in those areas used                        and relations with other operators. Reconfiguring
    to be very difficult. NASK’s radio system can                          services and adding new ones is also done in
    contribute to minimising areas with poor tele-                         a flash, usually without having to change the radio
    communications infrastructure, where access to                         terminal installed at the customer’s location.
    modern information and communication techno-                             The VectaStar enables a broad portfolio of
    logies is limited.                                                     services: from Internet access to corporate
                                                                           VPN’s, digital connections or traditional and VoIP
               FAST AND FLEXIBLE                                           telephony. Multiple services can also be delive-
      Launching a service in a radio system is much                        red simultaneously, using a single radio terminal
    faster than with fixed infrastructure. Consequen-                      and with the separation of traffic generated by
    tly, NASK can provide its customers with servi-                        those services.
    ces in just a few days. Since the installation of                        In the corporate networks segment, customers’
    radio terminals is quick and easy, a radio link                        local area networks can now be connected using
    can also be used as a temporary solution while                         a transparent Ethernet VPN channel. Radio-ba-
    work on the target fixed connection is underway.                       sed Internet access services come with Service
    The quick implementation of a radio service is                         Level Agreements that extend NASK’s responsi-
    of key importance, especially as the installation                      bility to the access link, up to the port provided
    of a copper link could take over a month and                           on the customer’s premises. Consequently, NASK
    an optic fibre link even up to eighteen months                         guarantees and takes full responsibility for the
    (taking into account all the required permits).                        quality of connections.
    The flexibility of radio access allows customers                        The author leads the Product Managers’ Team at NASK


8
                                                                            News & Current Events




Wireless Internet
in NASK’s offer
NASK has installed radio access             meters guaranteed with service
base stations working in the licensed       level agreements (SLA).
3.6-3.8 GHz band in Cracow and
Poznań. Internet access and other             The system used by NASK
wireless NASK services are already           provides the best transfer
available in Warsaw, Katowice and            quality and is highly wea-               Internet najwy˝szych lotów
the Gdańsk area.                             therproof. The system relia-
                                                                                      w biznesie
                                             bility is valued not only by                                  NASK mierzy wysoko ponad przeci´tnoÊç, oferujàc
                                                                                                           firmom: najwy˝szej jakoÊci po∏àczenie z Internetem,

 Like in those cities, NASK will offer       medium-sized and large com-                                   bezpieczne sieci korporacyjne oraz konkurencyjnà
                                                                                                           telefoni´. Szybko i niezawodnie. W ka˝dym miejscu

business customers in the Cracow and         panies, but also by telecom-                                  Krakowa i w jego okolicach. Z Twojej perspektywy
                                                                                                           widaç same zyski.
Poznań regions all radio-based transfer      munications operators, who
                                                                                                           Do∏àcz do NASK
services: broadband Internet access,         use the NASK system to pro-
corporate networks, fixed-line telephony     vide services to their own
                                                                                  www.nask.pl kontakt@nask.pl infolinia 0 801 80 80 30 tel. 022 380 80 80        ZMYS¸ TELEKOMUNIKACJI


and digital lines, with top quality para-    customers.




Radio system in Świętokrzyskie province
NASK is starting up an Internet access                             NASK’s radio network will enable residents and institutions
system based on a radio technology in the                        of the Świętokrzyskie province to take advantage of inexpen-
Świętokrzyskie province.                                         sive, fast and secure access to the Internet. Thanks to the
                                                                 considerable reach of the base stations (approximately 30
 We are facing the final implemen-                               km), the system will cover 64 percent of the province’s area.
tation stage of the project – says                               It will also encompass areas regarded as less urbanised,
Maria Trąmpczyńska, a NASK Acade-                                often deprived of other operators’ infrastructures.
mic Director. – All the necessary ten-
ders have been completed now, and
contractors are selected. Installation                              NASK’s offer for the Świętokrzyskie province include
of radio base stations in the six main                             the complete suite of the operator’s services. They are
cities of the province is being imple-                             addressed to all customer segments: local government
mented by Ericsson. Complete installation and operational          units, public services, educational institutions, commercial
readiness of the system are expected in the fourth quarter         companies and – through local Internet service providers
of the year.                                                       – individual customers.

NASK   Review 2006
                                                                                                                                                                              9
          News & Current Events




                                                         Biometric portal
                                                            Biometric portal, created by the       Biometric Labs, and will be constan-
                                                          team of Biometric Laboratories, was      tly supplemented with the informa-
                                                          successfully launched on the begin-      tion about biometric research and
                                                          ning of July 2006 and is available       systems being developed at other
                                                          at www.BiometricLabs.pl. The new         laboratories worldwide. The first
                                                          portal presents the biometric rese-      page of the portal informs also about
                                                          arch in NASK, concentrates on the        biometric conferences and seminars,
                                                          recent achievements of the NASK          especially those involving NASK.

                                                            A significant part of the portal presents complete biometric solutions
                                                           developed at NASK. They are related to iris and handwritten signatures
                                                           recognition, biometric smart cards, and a methodology for secure biometric
                                                           based control of VPN and wireless networks access.




     e-IANA with NASK’s software                                                              ty, especially among national Internet
                                                                                              domain registries that form CENTR (the
                                                                                              Council of European National Top-Level
                                                                                              Registries.)
       ICANN (the Internet Corporation            tract with the US government. Super-          ICANN is planning further development
     for Assigned Names and Numbers)              vision of this database was recently        of “e-IANA”. All the changes to its sour-
     – the organisation that coordinates          among the subjects of a widely discussed    ce code will be available to the public,
     the functioning of the Internet – has        debate on the management of the global      because the software was made ava-
     reached an agreement with NASK               Internet between some states acting as      ilable by NASK as open source. This
     regarding the use of NASK’s softwa-          UN members and the US administration.       approach guarantees transparency of
     re to automatically manage the Top-            The “e-IANA” system created by NASK       operations carried out in managing the
     Level Domain (TLD) database, called          allows managing the Internet’s most         global Internet.
     the “IANA database”.                         important database auto-
                                                  matically while guarante-         The software was created using the most advanced
       The IANA (IANA – the Internet Assigned     eing the strictest security     standards and software development procedures
     Numbers Authority – is the historical name   requirements. The NASK          (the Rational Unified Process, ISO 12207, and ISO
     of the central top-level domain database)    programmers’ team com-          9001.) Currently, NASK is negotiating an agreement
     database is of crucial importance to the     pleted the development of       with ICANN on the maintenance and further deve-
     functioning of the Internet, because it      “e-IANA” back in Septem-        lopment of “e-IANA”.
     contains records of top-level domains:       ber 2005. After that the          The choice of “e-IANA” proves the international
     generic, such as .com, .org, .net, and       system underwent thoro-         recognition that NASK enjoys as one of the most
     country code domains like .pl (Poland),      ugh testing and gained          technically and organisationally advanced Internet
     .de (Germany), or .fr (France.) The data-    very favourable opinions        domain registries, as well as the trust in the quality
     base is managed by ICANN under a con-        in the Internet communi-        of Polish information technology.

10
                                                                                News & Current Events




                                               Treasures of nature
                                               The nature site on the Polska.pl portal is enjoying a new life thanks to the
Fot. Tomasz Gałązka
                                               sponsorship of the National Fund for Environmental Protection and Water
  The core of the “Treasures of Nature”        Management. Polska.pl (as well as its English version Poland.pl) presents
project is the presentation of European        the most environmentally valuable areas of Poland, a total of over 200
NATURA 2000 Network areas, which               locations that are unique in Europe.
are important in preserving the diver-
sity of European nature. Each area                                                          pean Ecological Natura 2000 Network”.
is described in detail by naturalists                                                       The competition is to raise interest
who cooperate with us: botanists, geo-                                                      among young people on the fields of
logists, ornithologists, and geographers.                                                   ecology and nature, with special empha-
Our treasure list includes well-known                                                       sis on European Natura 2000 Network.
places visited by scores of tourists: the                                                   Guided by their teachers, participants in
Białowieska Forest, the Biebrza Valley,                                                     the contest (primary and secondary scho-
or the Tatra Mountains. There are also                                                      ol students) create their own descrip-
still undiscovered but enchanting and                                                       tions of selected natural treasures in
very interesting places like the wild,       Fot. Tomasz Gałązka
                                                                                            their region and enclose photographic,
inaccessible Pasłęka River, the old school                                                  film or audio documentation they have
in Kopanki, which hosts a colony of bats,     An important part of the project is the       collected. The most interesting descrip-
or the Przemkowskie Moor one of the          educational competition “Treasures of          tions are published on the Polska.pl
largest moors in Europe.                     Nature in our region based on the Euro-        portal.




  The offer is designed for companies
having multiple offices with considerable    Corporate
geographic distribution, for which fast
contact with colleagues and contractors                            video links
is an essential business requirement.
The service is comprehensive and inc-          Corporate video links are new multimedia
ludes NASK’s preparation of a solution         service based on NASK’s experience from the
design including a network of connec-          implementation of domestic and international
tions and transmission channels, organi-       videoconferences.
zation of videoconference rooms as well
as assistance in the selection of audio            NASK offers companies using video links and
and video equipment, project implemen-           video conferences a number of value-added servi-
tation as agreed with the customer and           ces – including streaming, that is the possibility to
organization of training seminars as well        post “live” audio and video content on the Internet
as further maintenance.                          as coverage of an ongoing conference.

NASK   Review 2006
                                                                                                                                 11
           News & Current Events




     The first stage of registering names in the European .eu domain closed on 6 April
     2006. This is a Top-Level Domain along with others, like .com, .net and all Country-Code
     Top-Level Domains like the Polish .pl or the German .de.




                                                 In the    .EU Domain            Agnieszka Kozłowska-Chodnicka



       The .eu registry is managed by the                              registered. Each stage was organised according
     EURid (the European Registry of Internet                          to the first-come, first-served principle.
     Domain Names) consortium. This institution                          The initial registration phase required that the
     is responsible for the correct registration of                    applicants prove their prior rights to the regi-
     .eu domain names for the whole Europe.                            stered name. Applications from that period are
                                                                       still being examined. The documentary evidence
      The registry is available to registrars from EU                  is being verified by PricewaterhouseCoopers.
     member states that have been accredited by                        Documents submitted by public bodies are veri-
     EURid. NASK is among over a thousand Europe-                      fied by the so-called “Government Validation
     an and thirteen Polish .eu domain registrars.                     Points” – institutions of public trust appointed
      European domain names may be registered by                       by the governments of EU member states. The
     any person who lives, or company that has its                     Polish government appointed NASK.
     seat, in the European Union.

                                                                              THE STRUCTURE OF NEEDS
              REGISTRATION TIMING                                        Both in Poland and in the EU, the most popular
       The registration process began in December                      types of registered domain names were trade-
     2005. In order to protect companies and organi-                   mark and company names. In Poland, they amo-
     sations from cybersquatting (taking over a doma-                  unted to 70 percent of all applications, and in
     in name illegally), EURid introduced an initial                   Germany and the Netherlands they made up as
     registration phase (Sunrise) only for applicants                  much as 90 percent.
     who met specific requirements. Sunrise compri-                      During the four months of the closed period,
     sed two stages. Until 7 February 2006, only                       Polish companies and public bodies submitted
     public institutions and registered trademark                      almost 5 thousand applications for .eu domain
     owners were allowed to participate. After 7                       names, while the total number for Europe was
     February 2006, names that could be easily                         over 346 thousand. The leading countries are
     associated with the registering party’s name,                     Germany (93 thousand) and the Netherlands (55
     geographical indications, and distinctive titles                  thousand.) As far as the number of applications
     of protected literary and artistic works were                     in the Sunrise period is concerned, Poland ranks

12
                                                             News & Current Events




                                                               2006) Poland has gained almost 50 thousand
                                                               active .eu domains. This places Poland 9th
                32%              44%                           among 31 countries that have been registering
                                                               .eu domain names since 6 April 2006.
            7%
                      17%                                        From the very beginning, Germany has held the
                                                               1st place in the number of registered (active)
                                                               .eu domains (645 thousand.) The United King-
                                                               dom comes second with 370 thousand domains,
                                  public bodies                and the Netherlands is third with 250 thousand
                                                               domain names.
                                  trademarks                     The applicants are both companies that want
                                                               to avoid potential court proceedings aiming to
                                  trade names
                                                               win domains back, and businesses that want to
                                  other                        promote themselves on the EU market using an
                                                               .eu domain.
                                                                                                 The author works
EU domain registration applications                                        in the NASK Internet Domain Department
in the “Sunrise“"phase in Poland

12 among the 29 countries that participated in
the .eu domain name registration.
  In the Sunrise period, NASK handled over 30
                                                                                      Press notes
percent of all applications from Poland submitted
to EURid. Customers trusted our long experience     Two Million Europeans
in registering domain names. Overall, there are
more than 110 thousand registered (accepted)          Over 2 million .eu domains are already used
.eu domain names, including over 2 thousand         on the Net – reports EURid, an organisation
in Poland.                                          that oversees the registration of EU Internet
  According to EURid, the most “desired” domain     addresses.
name in the closed period was sex.eu, with            Such domain names can be registered since
281 applicants. The hotel.eu domain name came       April 2006. EU domains have been most popu-
second with 136 applications. For that domain       lar with Germans (645 thousand addresses)
name, an objection to the registry decision has     and the British (373 thousand.) Compared with
already been filed. It is worth mentioning that     them, Poles fail to impress – just over 50 thou-
anyone who disagrees with a registry’s decision     sand addresses with the .eu suffix exist in our
on the registration of a .eu domain name may        country. EURid stresses that the EU domains
initiate ADR (Alternative Dispute Resolution)       have quickly gained popularity: in Europe, they
proceedings in the Czech Arbitration Court.         are outnumbered only by German (.de) and
  As of 7 April 2006, .eu domain names can be       British (.uk) domains.
registered by “regular” EU citizens. This period    www.eurid.eu
is called Landrush. The registration is carried
out on the same terms as the registration of glo-                    18 July 2006, Komputer Świat
bal domains. EURid has recorded over 2 million
registrations. During this period (by mid-July

NASK   Review 2006
                                                                                                             13
          Services




     NASK has already launched several base stations that cover the areas of the largest
     Polish cities. As part of the “e-Świętokrzyskie” project, it has also built a radio
     system that covers a significant area of the Świętokrzyskie province.




                                             About          Radio Technology                         Tomasz Chlebowski


      NASK uses the so-called “Single Carrier”                             the stabilisation forces in Iraq and work on Indian
     technology. The hardware manufacturer is                              and Chinese mobile networks.
     Cambridge Broadband Inc. (CBI) from the                                 NASK customers are mainly enterprises, cor-
     UK, and the solution is called VectaStar (VS).                        porations, state and local government admi-
     This technology is often likened to WiMAX;                            nistration, and educational institutions. Those
     therefore, a comparison of their parameters                           users expect services with top parameters rela-
     could be useful. As far as WiMAX is concer-                           ted not just to availability and reliability, but
     ned, we are talking about IEEE 802.16-2004.                           security as well. VS systems offer an adequate
     The other standards have not been tested                              service level guaranteed with SLA’s, which is
     (e.g. 802.16-2005), and even this one is still                        not common for a technology offering that has
     at the initial stage of development.                                  a virtually zero history of service quality.
                                                                             Undoubtedly, WiMAX is a technology for the
       Very few manufacturers have been                                    future. It focuses solely on IP and assumes that in
     certified for compliance with the                                     the future all services can be provided using that
     standard so far. Meanwhile, becau-                                    protocol. We do believe that the world is heading
     se the technology is so modern,                                       towards IP, but the domination of this protocol in
     equipment parameters are often                                        common telecommunications in Poland can only
     “overdone” to ensure standard com-                                    be expected in a few years. Meanwhile, most
     pliance. This is a decisive factor                                    NASK customers expect a complete portfolio of
     in choosing technology for NASK,                                      telecommunications services, including traditional
     which uses the most reliable, top                                     ones. They want to be able to connect a traditio-
     quality and tested hardware. VS                                       nal exchange to a telecommunications system, to
     systems have proved their worth in                                    establish a digital channel to increase security,
     many demanding circumstances,                                         and some of them even require the ATM protocol.
     for example, they have supported                                      The VS technology enables all those services,
                                                                           with IP access, of course.
     The Apollo Building in War-
       saw: the site of the first                                                   SIMILAR PARAMETERS
                 base station in                                            A fully-fledged telecommunications system often
       NASK’s wireless system                                              requires that the uplink and downlink transfer

14
                                                                                          Services




rate be the same (a synchronous connection.) On                In today’s world, the amount of informa-
the other hand, if Internet access is what we use
the most, the best solution is an asynchronous                 tion passed by electronic means increa-
system that allows downloading data with a lot                 ses exponentially. The value of the trans-
more bandwidth than uploading. And that is
                                                               ferred information increases as well.
another difference between VS and WiMAX: VS
offers synchronous (FDD) connections with the




                                                            VPN Based
uplink and downlink transfer in separate chan-
nels, while IDEE 802.16-2004 WiMAX offers
asynchronous (TDD-based) connections where
traffic in both directions is in a single channel.
The other parameters of the NASK system are



                                                                   on the Ethernet
similar to the WiMAX offering: a similar range
(up to 30 km using a user station with an
external antenna), no line-of-sight requirements
between the terminal antenna and the base
                                                                                                    Paweł Rytt
station, reflection-friendliness, similar transfer
rates at 3.5 bits with 1 Hz per sector, which,
with a 7 MHz channel, allows a maximum trans-                   In efforts to meet the demands of their
fer rate of 25 Mbps per sector in both directions              customers the producers of network equip-
(uplink and downlink), and weather-resistance.                 ment and telecommunications operators con-
  NASK experts believe that the VectaStar system               stantly upgrade the products they offer.
can currently be considered a better telecom-
munications solution for demanding customers                     Because of the increase in the amount of pas-
who expect top quality services.                               sed data elementary changes in teletransmission
                                                               network design and construction of network har-
             BUILDING ADVANTAGE                                dware, are headed in the direction of improving
  Over time, the growing popularity of IP will                 the efficiency of routers and switches.
convince many customers that this protocol will                  However, that is not all. The contemporary user,
be sufficient to satisfy all their needs. This                 besides reliability, speed and quality of the solu-
will also be an argument for WiMAX. Lastly,                    tion, also demands its elasticity, easy scalability
security issues and quality parameters will be                 and ability to integrate with other hardware
increasingly refined.                                          and applications. That is why network equipment
  NASK will certainly reconsider a migration                   serves an ever increasing gamut of interfaces and
path to WiMAX. However, can we be sure that                    network protocols, and teletransmission networks
in the meantime preferences will not change                    offer an ever increasing bandwidth and ever
and we will still be talking about the same                    greater SLA parameters.
WiMAX? Or about a mobile version, based on                       Data transmission development (including IP-ba-
completely different architectures (short ranges,              sed technologies) has led to the idea of creation
tiny terminals, possibly integrated in the tele-               of multiservice teletransmission networks. This is
phone processor)? If so, we will be talking about              the way that the face of contemporary corporate
completely different business models and target                networks has come to be while they are built
groups as well.                                                on various technologies such as Ethernet, MPLS,
                     The author is the NASK Sales Manager      SSL, IP, ATM and Frame Relay.

NASK   Review 2006
                                                                                                             15
          Services




                   THE NASK OFFER
      Thanks to the implementation of various tech-
     nologies, the longest experience in Poland in
     building VPN networks, as well as highly skilled
     employees, NASK can provide the services of
     building flexible, secure and unfailing corporate
     networks for the most demanding clients. In
     meeting their requirements, NASK has recently
     implemented VPN networks based on the Ether-
     net technology.                                      Fig.1. The first diagram of the Ethernet
                                                          network developed by Robert Metcalfe

       Currently, three products from this category can   as well as the GUI (graphic user interface) and
      be found in the offer of the operator:              many other useful IT solutions.
       n Metro VPN – service based on radio
                                                            30 years ago Xerox had put a lot of work into
      system VectaStar,
                                                          the development of computer network technolo-
       n Ethernet VPN – service based on the
                                                          gies. Now, it is NASK that has taken a quantum
      Gigabit Ethernet NASK network emerged from
                                                          leap in design and implementation of network
      the WARMAN network;
                                                          services based on Ethernet technology.
       n Gigabit Ethernet channels – point-to-
                                                            Currently in the market, two concepts in the
      point transmission conducted in the intercity
                                                          approach to building corporate networks can be
      exchange.
                                                          observed: on the one hand, MPLS and Packeteer
                                                          solutions responsible for improving the effecti-
       Our offer in the category of corporate networks    veness of bandwidth through the use of critical
     based on the ethernet is constantly expanding,       business applications are offered, and on the
     while continual efforts are bringing the expec-      other hand, high bandwidth Ethernet at low cost
     ted results in a way of expanded geographic          is proposed. To summarize: on the one hand,
     availability of the service.                         we have the ability to shape bandwidth, outstan-
                                                          ding quality QoS parameters (Quality of Service)
              ETHERNET BEGINNINGS                         and individual choice of CoS services (Class of
       But let us start from the beginning... It is the   Service), while on the other, solutions based
     year 1970; in the Xerox PARC research center         on the Ethernet with the ability to allocate
     (Xerox Palo Alto Research Center) the first pro-     large transmission bandwidth which thanks to
     totype of a computer network was being created,      excess can never be “jammed” and even with
     which gave birth to today’s Ethernet. June of        the highest network loads can run the critical
     1976 proves to be groundbreaking: during the         applications, even though the very technology
     National Computer Conference Robert M. Met-          involved cannot guarantee that...
     calfe presented the first network which was the        At this point, it is difficult to state unequivo-
     foundation of today’s Ethernet (fig. 1).             cally which approach has a better future, but
       This was not the first success of the Xerox PARC   the market analysis and current expectations of
     laboratories – it was there that in 1963 the first   the clients demand the implementation of that
     computer mouse was built and in the 1970s of the     technology, which allows the implementation of
     twentieth century the first icons were introduced,   both concepts. What the future will bring is

16
                                                                                                        Services




uncertain but most likely both concepts will com-
plement each other and both will have success –
each in its own market segment.                                    L AN C                            L AN C

          NATURE OF THE ETHERNET
  Initially, Ethernet networks were used for buil-
ding local area computer networks (LAN). The
increasing popularity of the Ethernet, as well                               S ieć MetroEthernet
as the expectations and demands of the clients,
have led the producers of network hardware
to develop that technology in the direction of
increasing the achieved bandwidth, as well as
possibility to transmit at greater distances.
  Currently, the decisive majority of local networks
                                                                              L AN A                  L AN B
operating within one department or office uses

                                                                        n     Q - I N - Q M O D E , also known as the tunnel
                                                                        mode (fig. 3) – in this case the operator tunnels
                                                                        the connection between the ports of the com-
         L AN C                               L AN C
                                                                        pany’s peripheral hardware. The client has the
                                                                        ability to freely join VLANs according to the
                                                                        802.1q standard, particularly to freely establish
           I nternet
                                                                        VLAN numbers.
                                S ieć MetroEthernet

                                                                            Ethernet technology to communicate between
                                                                            workstations. This is exactly why the Ethernet is
                                                                            the most natural solution for connecting geogra-
                                                                            phically scattered LAN networks.
                                                                              Ethernet VPN service offered by NASK and
                       L AN A                  L AN B                       available through the WARMAN network are
                                                                            implemented using the Gigabit Ethernet techno-
                                                                            logy. From the technical standpoint, the Ether-
   n    M U LT I P L E V L A N S (fig. 2) – in this case between            net VPN service is realized as a connection
   the peripheral ports of the company hardware many                        which uses transparent VLAN (Virtual Local
   VLANs are joined according to the 802.1q stan-                           Area Network) between locales chosen by the
   dard. The number VLAN numbers are assigned                               client. As part of the thus created network,
   by the operator (NASK) and the peripheral har-                           NASK can additionally join together any number
   dware of the company must communicate with                               of VLANs and utilize a Q-in-Q mode of ope-
   the operator’s network using the 802.1q protocol;                        ration in which the client can connect any
   a unique example of this service is connecting                           number of VLANs on their own (according to
   of one VLAN which will carry all of the traffic                          the 802.1q standard). The company using the
   between the client’s locales.                                            Ethernet VPN service can choose one of the two
                                                                            service models:

NASK   Review 2006
                                                                                                                           17
          Services




       The basis for creating the metro                                                                 by the expectations of the client
                                                 VPN networks built by NASK and based on
     VPN service is the Ethernet bridge                                                                 with regards to its functionality and
                                                 the Ethernet technology can be made in
     and vbridge, as well as the radio Vec-                                                             range of added value services.
                                                 star topology or the full-mesh connections.
     taStar system. Corporate networks                                                                    Ethernet is based on an idea
                                                 The network topology is determined by the
     built by NASK and based on the                                                                     of nodes connected to the same
                                                 expectations of the client with regards to
     metro VPN service belong to the                                                                    transmission medium with the help
                                                 its functionality and range of added value
     MAN-type of networks. The har-                                                                     of which they send and receive
                                                 services.
     dware platform to carry them is                                                                    special messages, the so-called
     the Cambridge Broadband Vecta-                                                                     frames. This method of communi-
     Star radio system. On the radio base station                                       cation was developed in 1985 and is called
     a virtual Ethernet cloud is being created to which                                 CSMA/CD (Carrier Sense Multiple Access / with
     all users of a given metro VPN network have                                        Collision Detect). It is a multiaccess CSMA
     access and each of them can distribute traffic                                     protocol with the ability to track the state of
     between them and the other users. In addition,                                     accessibility of the transmission medium, and
     the Ethernet cloud allows for creating Internet                                    a collision detection mechanism.
     access in a way as if each locale was connected                                      It is hard to imagine today’s Ethernet networks
     to the Internet separately. Even more so – as was                                  without the possibility to implement VLANs. In
     the case with the Ethernet VPN service – as part                                   order to create VLANs configurable switches are
     of a given connection for each application and                                     used which allow to divide one physical piece of
     service the number of VLANs can be established                                     hardware into a larger number of logical swit-
     by the client.                                                                     ches through the separation of traffic between
       The area of supplied service is equal to the                                     set groups of ports. Communication between
     reach of the VectaStar radio base station, which                                   VLANs is possible only when the port participa-
     is an area with a radius of about 30 kilometers                                    ting on their side belongs to the router.
     from the radio base station. Of course, NASK                                         In configurable switches, compliant with the
     makes it possible to join the client’s metropolitan                                IEEE 802.1Q standard, it is possible to tag
     networks built based on the metro VPN service                                      frames by attaching to them information about
     into one congruent WAN-type network used for                                       a VLAN they belong to. Thanks to that, the
     transmitting data between client’s locales found                                   transmission of frames belonging to many diffe-
     in different cities.                                                               rent VLANs is possible over one physical con-
       On top of that, based on the countrywide                                         nection (trunking).
     backbone network, NASK provides point-to-point
     services for intercity transmissions. This service
     is characterized by very high bandwidth (up to                               The above text is meant as a short description of
     2.5 Gbps).                                                                 characteristics of the service and it presents the idea
       Thanks to the application of Ethernet techno-                            of building corporate networks based on the Ethernet
     logy the corporate networks are supplied as if                             technology. If you find yourself interested in this type
     they were an integral part of the local network                            of service, we cordially invite you to contact NASK.
     (LAN). Besides the elasticity of solutions and                             We will help you in choosing the solution best fitting
     high transmission speeds, this is the greatest                             the needs of your company when it comes to VPN
     asset of this service. VPN networks built by                               networks.
     NASK and based on the Ethernet technology
     can be made in star topology or the full-mesh
     connections. The network topology is determined                                                  The author is a Product Manager at NASK


18
                                                                                                                        Security




Every year, “NASK Review” publishes data from the annual report of CERT
Polska – a team that responds to security incidents on the Internet.




                                                     CERT Polska Reports                                                         Anna Maj



  The team was established in 1996, and                                       the result of handling reports generated by the
since 1997 has been a member of FIRST                                         ARAKIS system.
(the Forum of Incidents Response and                                           Most incidents reported to CERT Polska last
Security Teams), the world’s largest orga-                                    year were about scanning, worms and spamming.
nisation that groups response and security                                    We have been explaining for years now that
teams worldwide. Since 2000, it has also                                      scanning is not just network noise but mainly the
been a member of the TERENA TF-CSIRT                                          result of successful intrusions and hijacking of
initiative that groups European response                                      entire computer networks, says Mirosław Maj,
teams. As an active participant, CERT                                         CERT Polska Team Manager.
Polska cooperates closely with other
such teams worldwide.
                                                      50%

  Every year, CERT Polska prepares and publi-         40%
shes statistics on information and communica-
                                                      30%
tion technology (ICT) security incidents in Polish
Internet resources. The team also works on            20%
developing ICT security incident registration and
handling standards. In particular, a uniform inci-    10%

dent classification system is to be developed to       0%
enable comparing data from different years and
                                                            er n




                                                                                   are s




                                                                                                                         r
                                                                                                             b il e
                                                                              o n nd



                                                                                fra ter




                                                                                                 pt n




                                                                                                                                    ns



                                                                                                                                             cu on
                                                                                                                         he
                                                         th tio



                                                                              f t w ou




other teams. This year’s report is the third such
                                                                                                          ila rc
                                                                                             tem io
                                                              ing




                                                                                                                 it y
                                                                                      t



                                                                                    ud




                                                                                                   s




                                                                                                                                                    y
                                                                                                                                s io
                                                                           lc ea




                                                                                                                                           se ati
                                                                                     u
                                                                                  ten




                                                                                                        av esou
                                                                                           at trus




                                                                                                                        Ot
                                                      g a r ma



                                                                           s o li c i




                                                                                                                                                rit
                                                                                 mp




                                                                                                                                               m
                                                                                                                               ru
                                                                         ga s i v
                                                                                 a




                                                                                              In




                                                                                                                                            or




document prepared according to the guidelines
                                                          o




                                                                            Co




                                                                                                                              Int
                                                                             M




                                                                                                          R
                                                                    ill e u
                                                      Inf




                                                                                                                                         Inf
                                                                          Ab




of the eCSIRT.net project.
  More detailed network traffic analyses and          Percentage distribution of incident types
identification of threats are possible using data
provided by the ARAKIS system. Designed by                                      The victims were mostly commercial companies
CERT Polska and launched in 2004, this project                                (53.1%), and the second largest group were indi-
aims at detecting and describing threats on the                               viduals (14.6%). Over 50% of the attackers were
Polish Internet (www.arakis.pl). The over twofold                             not identified. This is due to the fact that attackers
increase in the number of reported incidents                                  typically use a proxy server, a botnet or a compromi-
compared with last year is to a large extent also                             sed host whose owner remains unaware of that.

NASK   Review 2006
                                                                                                                                             19
               Security




                                                                                        The authors of the Report point out that many
3000                                                                                    operators and ISP’s fail to react to persistent
                                                                          2516          network scanning attempts that clearly indicate
2500
                                                                                        worm activity.
2000
                                                                                                   TENDENCIES IN 2006
1500
                                                            1196   1222                   It seems that the upward trend in the number
                                                     1013
1000                                          741                                       of incidents will continue. Already in the first
                                                                                        quarter of 2006, CERT Polska received 1075
 500                                                                                    reports – more than throughout 2002. Przemy-
         50     75     100    105     126
  0                                                                                     sław Jaroszewski from CERT Polska believes
        1997    1998   1999   2000    2001   2002    2003   2004   2005   2006          that most incidents are still scanning that results
                                                                                        from worm activity. Interestingly, no new worm
                                                                                        has emerged recently, which means that a large
       Percentage distribution of incident types
                                                                                        number of computers are poorly protected and
                                                                                        susceptible to old attack types. We are still
                                                                                        receiving many reports about phishing, adds
                 USERS AND CRIMINALS                                                    Jaroszewski. Fortunately, operators and their
         Among the new phenomena the team observed                                      customers are aware of the problem and act
       in 2005 is a change in the use of botnets. They                                  rather quickly.
       are not the source of DoS and DDoS attacks                                                        The author works in the NASK Public
       as often as they used to. Instead, they are                                                                           Relations Team
       increasingly employed as tools in deriving illegal
       profits, spamming or phishing. In their attempts
       to ensure the anonymity of the actual sender,                                                           Press notes
       spammers use innovative, sophisticated techni-
       ques. This often leads to false alarms that are                           CERT Polska warns
       generated even by experienced anti-spamming
       organizations.                                                            In 2005, CERT Polska specialists noted
         Many companies still appear to be badly in need                         over a 100% increase in the reports of
       of security solutions and professional network                            online security breach cases as compared
       management. Businesses are often unaware of                               to the situation from two years ago. Hac-
       risks that access to the Internet entails. Crimi-                         kers’ actions and the applications that they
       nals, however, respond to changes very quickly.                           use have also become more advanced. The
       If a technology becomes more difficult to use                             majority (51.35%) of the 2500 reports
       while another one is gaining popularity, they can
                                                                                 concerned the attempt to access informa-
       switch between them in no time.
                                                                                 tion on remote computers by scanning
         The spread of instant messaging is a good
                                                                                 unprotected ports. The damage was also
       example, says Mirosław Maj, who recommends:
                                                                                 inflicted by malware and spam.
       the reaction to such changes should be immedia-
       te, and-apart from technical security measures-
       the quickest way to achieve results is raising                                                 2006-03-08, Networld
       users’ awareness. After all, they can do the
       most about their own security on the Internet.

20
                                                                                                           Security




                                              Cooperation and sharing knowledge among all the users of electronic
                                                 communications pave the way for building trust in ICT technologies
                                                                              and increasing users’ feeling of security.




Global Cyber Security                      Krzysztof Silicki, Mirosław Maj



  The development of information society has                                 choice of a service provider, for example in the
been discussed for many years now. In fact,                                  context of e-government?
a cyber society already exists on the global
network, and it requires cyber security. It is                                     THE ROLE OF THE OPERATOR
important to remember that when discussing                                     Users might wonder why their ISP does not pro-
various phenomena in the world of electronic                                 tect its customers from various attacks: intru-
services, as the rate of their development                                   sions, packet flooding, viruses, Trojans, and even
largely depends on ICT security.                                             unwanted network content. For an operator,
                                                                             however, that would mean costly investments in
  Unfortunately, ICT security is usually taken                               technical and organizational security systems.
seriously only when a serious problem emerges.                               Still, an increasing number of European operators
Today, we can see a clear impact of inadequate                               (as a recent analysis by the European Network
network security on the slowing development of                               and Information Security Agency2 shows) use
e-services. The ubiquity of viruses, worms, Tro-                             filtering mechanisms to protect their customers.
jans, spyware etc. has had a negative influence                                SME’s are in a difficult position. They have no
on Internet users’ behaviour. They have begun to                             budget for costly protection systems or dedicated
feel insecure, and their security influences their                           security administrators. All they want is simply
choices. In the US, companies that run online                                to grow their business, wasting no time on follo-
businesses are becoming required by law to disc-                             wing daily security bulletins that inform readers
lose information about leaks of important custo-                             on threats and ways to combat new Internet
mer data or about the existence of such a risk.                              worms or viruses. Such companies expect speci-
  The National Survey on Data Security Breach                                fic tips how to manage security with minimum
Notification1 has shown that having received                                 expenditure.
such information, 40% of customers consider
changing their service provider and 19% actual-
                                                                  When security incidents occur, the victims rarely report their
ly do so. Such cases are related mainly to be
                                                                  cases to teams like CERT. They do not do that because:
financial sector; however, other service areas
                                                                  n    they do not know that such teams exist,
are also affected. What does an Internet user do
                                                                  n    they do not know what the benefits of reporting are,
when it turns out that he or she cannot trust yet
                                                                  n    they do not consider it to be the duty of a net citizen,
another institution? How many times can they be
                                                                  unless they seek immediate help themselves.
changed? What will the user do when there is no

NASK   Review 2006
                                                                                                                               21
          Security




                                   Ingress filtering                                                     68%
                                   Egress filtering                                         55%
                                  Content filtering                                                      65%
           Quarantining an infected /malicious PC                                                                   75%
                           Blackholing /Sinkholing                                  41%
                     Secure Domain Name Service                    5%
                        Traffic Shaping / Throttling                                        52%

     The technical and organizational measures used by electronic service providers to ensure the security of
     the services offered (ENISA “Survey on Industry Measures...”, February 2006)



       On the other hand, service providers do not                      is because there is no requirement for writing
     inform their customers about threats or issues                     secure programs, and the testing time before
     with the security of their networks and ways                       a market launch is reduced to a minimum. There
     to protect themselves during specific incidents,                   is a myth that creating secure code – if at all
     even though this is recommended by European                        possible – is much more expensive, because it
     directives.3                                                       requires more time and resources.
                                                                          Thus, cyber security is viewed like many other
     NEW PRODUCTS AND TECHNOLOGIES                                      net phenomena as virtual, that is non-existing.
       Observing the development of ICT technologies,                   All this facilitates the development of an Internet
     we cannot help having the impression that the                      economic underworld that exploits the weak-
     latest protocols and technologies are deficient                    nesses of computer systems and preys on the
     from the point of view of security. Wireless                       economy of the civilized world, which already
     (WiFi), voice (VoIP/SIP), and messaging (P2P)                      depends irreversibly on telecommunications and
     technologies are good examples. Very often, they                   information technology.
     are the victims of their own success: parado-
     xically, they are developed, because their con-                          THE INTERNET UNDERWORLD
     struction is simple, and they are easy to use.                       Today, the Internet underworld offers every-
     Later, when they are used by millions of people,                   thing: credit cards, passwords to the entire
     it is too late to think about adding in security                   networks of routers, passwords to servers aro-
     mechanisms. There are exceptions, but it all                       und the world, bot networks, “zerodays” (i.e. new
     depends on the willingness and skills of program-                  viruses), Trojans, worms, illegal software, films,
     mers who write the code of those systems.                          music etc. The underworld barter is turning
       Costly software developed in the labs of renow-                  into a classic money-based economy, where all
     ned manufacturers also contains vulnerabilities                    market laws apply.
     as it hits the shelves. Sooner or later, no matter                   It is, therefore, disturbing that manufacturers,
     how difficult it might be, those vulnerabilities will              users, operators, governments, academics, and
     be disclosed and exploited by “black hats.” This                   consumer organizations do not discuss ways

22
                                                                                                                                Security




how to handle the growing threats on a daily                                                   provide a field for cooperation on ITC security.
basis. It is not easy because each group has its                                               Therefore, initiatives that follow the idea of assu-
own viewpoint and often (seemingly) different                                                  ming more responsibility for security by the indi-
interests. Seemingly, because it’s obvious that                                                vidual players on the electronic communication
running in the vicious circle of growing threats                                               market deserve more attention.
leads nowhere. Consequently, in a few years,
we will continue to have the same problems as                                                                   JOINT INITIATIVES
today, but they will be much more serious, on                                                    As far as CERT teams are concerned, these
a larger scale, and – of course – incomparably                                                 could be initiatives developed in close internatio-
more expensive.                                                                                nal cooperation (e.g. TERENA TF-CSIRT, FIRST,
  Can this status quo be changed so that the                                                   Trusted Introducer). An example of national coo-
problem of ICT system security can gradually be                                                peration is the Response Teams’ Forum establi-
solved? The abovementioned European Network                                                    shed on the initiative of CERT Polska. The forum
and Information Security Agency (ENISA, esta-                                                  began its activity last year, in connection with
blished in 2004, to assist in building ICT security                                            the SECURE 2005 conference (more information:
culture in Europe) is an example of systematic                                                 http://www.cert.pl/news/731).
thinking about what should be done to change                                                     As far as technical actions with regard to
this unfavourable situation.                                                                   early warning are concerned, NASK’s ARAKIS
                                                                                               (http://arakis.cert.pl) project is a good example,
               KNOWLEDGE CENTRE                                                                where the state of the network under the system
  ENISA (http://www.enisa.eu.org) is a European                                                is monitored, and state-of-the-art data proces-
knowledge centre that supports the European                                                    sing algorithms allow the fastest possible detec-
Commission and member states by providing                                                      tion of anomalies and new threats.
consultancy and resources to enable a coordi-                                                    The value of the system increases as more
nated approach to eliminating growing threats                                                  and more networks connected to the Internet
to electronic communication security, as agreed                                                use it and share information about anomalies
with all economic, education, and public admini-                                               and threats. This leads us to the conclusion that
stration sectors. ENISA collects the knowledge                                                 cooperation and sharing knowledge among all the
of security experts from member states, who                                                    users of electronic communications today pave
represent various areas, and combines the expe-                                                the way for building trust in ICT technologies,
rience of manufacturers, users, academics, and                                                 so that users’ feeling of security is no longer
various organizations involved in ICT security. In                                             virtual.
2005, the agency conducted an interesting study                                                            Krzysztof Silicki is NASK’s Technical Manager,
of response teams (CSIT/CERT) in Europe.4 105                                                            Mirosław Maj is the Manager of the CERT Polska
teams on our continent were identified that could                                                                              team affiliated with NASK




 1 National Survey on Data Security Breach Notification – Ponemon Institute, September 26, 2005.

 2 ENISA “Survey on Industry Measures taken to comply with National Measures implementing Provisions of the Regulatory Framework for Electronic

Communications relating to the Security of Services”, February 2006 (http://www.enisa.eu.int/deliverables/ ).
 3 Directive 2002/58/EC of The European Parliament and of The Council of 12 July 2002 concerning the processing of personal data and the protection of

privacy in the electronic communications sector (Directive on privacy and electronic communications).
 4 ENISA Inventory of CERT activities in Europe v.1.2 Feb 02 (http://www.enisa.eu.int/deliverables/ ).


NASK   Review 2006
                                                                                                                                                    23
          Internet




                                                        Web 2.0 sites enable content co-authoring on a much larger scale
                                                    than before. They also allow deciding which content should be highli-
                                                                              ghted or displayed in the most visible area.




     Web 2.0 Goes Forward                                          Agnieszka Kukałowicz




      What do such different specialised web                                   have existed on the Net for some time, e.g.
     sites as Google Maps, which contains a data-                              wikipedia.org, blox.pl. Simplicity results from
     base of maps and satellite photos of the enti-                            a new approach to the user, who in Web 2.0 is
     re world, Blox.pl, a blog site of Gazeta.pl,                              in the centre of attention and should be able to
     Filmweb.pl, Poland’ s largest film web site,                              use web sites intuitively.
     Biblionetka.pl, a web site that recommends                                  Web 2.0 is about easy registration, an intuitive
     books, or Wiadomosci24.pl, a web site with                                interface, simple navigation, minimized page
     news compiled by users, have in common?                                   reloading in the browser and refreshing only
     They are all examples of Web 2.0 services.                                selected modules of the page. Instead of complex
                                                                               content management systems (CMS), it offers
       The term Web 2.0 is an attempt at naming                                Wiki-based sites (a type of web pages that can
     a new social trend that is slowly changing the                            be created, edited and modified directly from
     way we use the Internet. The main difference                              the browser.) Instead of heavy graphics, often
     between the first-generation Web and Web 2.0 is                           adorned with Flash elements, Java applets, or
     the approach to the user. With Web 2.0, the user                          ActiveX components, Web 2.0 calls for as little
     is no longer an anonymous recipient of content                            decoration and as much content as possible.
     published by a small group of editors, but he or
     she participates in creating Internet resources.                                CUTTING-EDGE TECHNOLOGY
     A good example is Wiadomosci24.pl, where eve-                               Web 2.0 is also about modern technology and
     ryone can be an editor or journalist and publish                          compatibility with Web standards. The standards
     their own information.                                                    that W3C has been suggesting since the 90’s are
                                                                               entering their second youth. It turns out that
                       SIMPLICITY                                              combined with the concept of simple and functio-
       Fig. 1 presents a map of topics and keywords                            nal services, they are a powerful tool for building
     that Web 2.0 is associated with. A keyword that                           web pages. Web 2.0 is the triumph of XHTML
     is very important from the point of view of                               (Extensible Hypertext Markup Language), the
     webmasters is simplicity. It is particularly visible                      underrated JavaScript, CSS-based page format-
     in web sites opened this year, like www.gwar.pl,                          ting, or simple XML, e.g. in RSS channels. The
     trendomierz.pl, wykop.pl, but also in sites that                          programming tools used on a large scale in Web

24
                                                                                                                        Internet




                                                                        Video                 Mobility
                                    AJAX                   Audio

                                                                                                               Folksonomy
        Focus on simplicity                                                        RSS


                                               Usability
                                                                   Convergence                                Blogs
            Joy of use


                                                                                                                               Wikis
                     Open API’s                                                           Participation
                                                              Web 2.0
                              „Remixability”                                                                            Recommendations


                                                                                                „Social software”
             Data driven
                                         Standardization
                                                                        Economy                                            Modularity

                                                                                                     Design
              Web standards                       Microformats
                                                                   The long tail
                                                                                                                      Simplicity

                                     CSS design                                      Affiliation


Fig. 1 Keywords and topics associated with Web 2.0



2.0 are well-known scripting languages like PHP,                                         tory branches to reach the required content.
Perl, Python or Ruby, which were used to write                                           Instead, data is filtered with keywords (or tags.)
most open source applications that can be used                                           Any piece of information can have many different
on the Internet right away. Surprisingly, such                                           tags for searching and navigation. The ideal kind
programming platforms as Java or .NET are not                                            of service where tagging is used is news sites
trusted by Web 2.0 webmasters. It turns out                                              where instead of assigning information to broad
that Web 2.0 services, where hypertext with no                                           categories (politics, the world, sports, culture,
unnecessary frills is important, go back to the                                          etc.), more meaningful keywords are assigned to
roots of the Internet, to the idea of the World                                          news items (e.g. world cup, president, cabinet,
Wide Web initiated by Timothy Berners-Lee from                                           parliament, holidays, linux). Keywords are often
CERN.                                                                                    created by users themselves, like on Gwar.pl,
                                                                                         which allows people to add links to interesting
                         TAGGING                                                         news on the Internet. Categorising content with
  Web 2.0 departs from the fixed categorization                                          keywords by Internet users is called folksonomy
of information and hierarchical directory struc-                                         (which can be translated as “people’ s classifica-
tures, where one has to go through entire direc-                                         tion management”.)

NASK   Review 2006
                                                                                                                                          25
        Internet




                          W E B 1.0                                                  W E B 2.0

                    Users’ home pages                                               Users’ blogs


               Content published by editors                               Content created by communities


             Content Management Systems                                                 Wikis


                     Britannica online                                                Wikipedia


              News services of web portals                                   Wiadomości24.pl, Gwar.pl


          Web page directories of Web portals                              Tagging Web pages Del.icio.us




                                                                 Fig. 2 Web 1.0 and Web 2.0 service
     Folksonomy is a neologism based on the words “folk” and     features
     “taxonomy” (the science of classification principles and
     methods.) Folksonomy is an informal content classifica-             THE FUTURE OF WEB 2.0
     tion method which uses tags that are freely chosen by
                                                                   Experts who are trying to predict the future
     Internet communities grouped around specific websites.
                                                                 of the Internet describe Web 2.0 as a kind of
     Unlike formal methods, this classification is based not
                                                                 “evolution of the Internet”, another stage, or
     on experts’ but on Internet users’ opinions, thus reflec-
                                                                 process that we are already taking part in as
     ting the way they perceive the world around them.
                                                                 Net users. However, to an average Internet user,
     However, the success of this method depends on the
                                                                 who limits his or her activity to reading news on
     activity of the community that participates in building
                                                                 Web portals, using a search engine or e-mailing,
     their classification system.
                                                                 this process is still invisible. No one can predict
     Folksonomy is currently applied successfully in various
                                                                 the direction of the Internet evolution or the
     services-not only in web directories (like http://
                                                                 scale and results of the Web 2.0 phenomenon.
     del.icio.us), but also on sites with photos (http://
                                                                   We should not forget about the threats that
     www.flickr.com) or music (http://last.fm). Every user
                                                                 Web 2.0 can entail. Some experts (including
     can add his or her own words to a given resource,
                                                                 Zbigniew Braniecki, co-creator of the Mozilla
     which allows presenting keywords as “tag clouds.” Tag
                                                                 Firefox browser) believe that when Internet
     clouds are simply collections of keywords displayed
                                                                 users create content and decide what should be
     in different colours and font sizes. This visualisation
                                                                 highlighted, “interesting” and “cool” items will
     is a simple way to reflect the popularity of individual
                                                                 be easier to find than “important”, “useful”, or
     words and phrases. For example, it is easy to check
                                                                 “clever” information.
     what words are being used the most today or this
     week. In a tag cloud, they are simply the largest and
                                                                                       The author is the Administrator
     most visible ones.
                                                                                                 of the Polska.pl portal


26
                                                                                                                                              Internet




Can the Internet offer anything else? Something that will surprise and encourage
us to use the Web more often and enjoy it more? The answer seems to be AJAX:
a technology expected to change the concept of a web page.




A New Vision of the Web                                               Anna Włoczewska



  Users are already accustomed to the
Internet as not just the source of valuable
                                                                                                                                    CLIENT
information but also a place where you
can shop, sign up for a course or meet




                                                                                                                                        JavaScript
interesting people.




                                                                                                                                                     XHTML,CSS
                                                                      Initiating connection with server



                                                                                                          XHTML, CSS, AJAX engine

  Webmasters are always on the look-out for
technologies that could make the Internet expe-
rience simpler and more attractive. It is believed
that AJAX is one such technology, and it is                                                                                            AJAX engine
expected to change the concept of a web page.
                                                                                                                                        HTTPReqest




 T he A J A X Technolog y
                                                                                                                                                     XML



 AJAX (Asynchronous JavaScript and XML) is
 not a new technology. In fact, AJAX is not even
 called a technology. It could be defined better
                                                                                                                                    SERVER
 as a technique that integrates several existing
 technologies into a single whole that includes:
                                                                 AJAX-based Internet application models
 n      a standard presentation method involving
 XHTML and CSS,
                                                                   In a standard Internet application model, most
 n      dynamic page structure changes using the
                                                                 user actions require sending data to a server.
 Document object Model,
                                                                 The server processes the received data (valida-
 n      data exchange and interpretation using XML
                                                                 tes it, responds to specific queries) and returns
 and XSLT,
                                                                 its response to the Web browser as new XHTML
 n      asynchronous server data retrieval using
                                                                 page code. While this approach is sufficient for
 XMLHttpRequest,
                                                                 simple Web pages, it is also completely inefficient
 n      JavaScript that keeps it all together.
                                                                 in complex Internet applications.

NASK   Review 2006
                                                                                                                                                                 27
            Internet




                                                                                                                      to wait for the data to be processed. Other ope-
                  Client activity                                         Client activity                             rations can be performed simultaneously. Server
     CLIENT                                                                                                           data in the XML format is returned to AJAX. Then,
                                                         Data transfer                                                using the Dynamic Object Model (DOM), XHTML,
                              Data transfer




                                                                                        Data transfer
                                                                                                                      and CSS, the engine updates only the necessary
                                                                                                                      fragment of the page.

                                                                                                                                        WHY AJAX?
                                                                                                                        The development of techniques like AJAX is
                                       Server activity                                             Server activity    intended to eliminate the shortcomings of Inter-
     SERVER
                                                                                                                      net applications compared with desktop ones
     Interaction in the asynchronous Internet application model                                                       (which are run directly on the user’s computer).
                                                                                                                      The characteristics of traditional Internet appli-
       The AJAX-based model assumes that information                                                                  cations include:
     is sent to the server asynchronously, and the                                                                      n Limited interactivity – existing Internet appli-
     sending, receiving and processing is done by the                                                                 cations require that the entire page be reloaded
     so-called AJAX engine. How does it work? In                                                                      after each interaction with the server. Meanwhi-
     the first step, the browser initiates a connection                                                               le, the user has to wait for the requested data
     with the server. The server responds by sending                                                                  to be displayed. Although broadband Internet
     page code: XHTML, CSS and the JavaScript-based                                                                   access is becoming a standard, web sites are
     AJAX engine. All sorts of user actions are captu-                                                                also keeping pace with the technological deve-
     red by the AJAX engine. If any action requires                                                                   lopment. They offer more and more content and
     retrieving data from the server, the AJAX engine                                                                 use richer graphic and multimedia files to make
     sends an XMLHttpRequest. This is done asynchro-                                                                  pages unique and attractive.
     nously, which means that the user does not need                                                                    n Limited sensitivity to user actions – sending
                                                                                                                      a request to the server requires reloading the entire
      CLIENT                                                                                                          content of the page, even though only a small part
                                                                                                                      of the content changes as a result of the script
       User interface
                                                                                                                      used. While the browser is waiting for the server
                                                                                                                      response, the user is impatiently and unsuccessful-
                                                            Act
                           Act




                                                                                          Act
                                                                                    n
                                                     n




                                                                                ctio
                                                 ctio




                                                                                                                      ly trying to perform another task. This makes the
                                                                ion
                              ion




                                                                                              ion
                                                                             Rea
                                              Rea




       AJAX engine                                                                                                    entire internet application seem clumsy and slow.
                                                                                                                        n Unimpressive interface – the drawback of
                                                                                                                      having to reload pages every time imposes certa-
                                                          Data transfer
                            Data transfer




                                                                                           Data transfer




                                                                                                                      in limits on the webmaster. It does not allow cre-
     Time                                                                                                             ating refined, original websites with interesting
                                                                                                                      graphical and multimedia elements that would
                                                                                                                      not use FLASH or similar technologies.
                                                                                                                        n Limited usability – reloading the entire page
                                                                                                                      can leave the user confused. Very often informa-
                                            Server activity                                         Server activity
      SERVER                                                                                                          tion about the current location is lost. Having to
                                                                                                                      scroll in order to find a specific page fragment
     Interaction in a classic, synchronous Internet application                                                       leads to an unfavourable opinion of the applica-
     model used in AJAX                                                                                               tion, discouragement and frustration.

28
                                                                                                                 Internet




          What are the benefits                                                                A LITTLE PROGRAMMING
            of using AJAX?                         What are the dangers?
                                                                                          Communication with a server using Java-
 The main idea in AJAX is asyn-           AJAX, however, is not just benefits. When      Script requires creating a class instance with
chronous communication with the          introducing new technologies, one needs         the required functionality. In Internet Explo-
server. Data is sent and processed       to know the dangers and limitations they        rer, it is an ActiveX object called XMLHTTP,
in the background. This offers enor-     entail. AJAX abounds in surprises that          while Mozilla and Safari have the XMLHtt-
mous advantages over the standard        could discourage a programmer who is only       pRequest class. A simplified version of code
Internet application model, where        beginning to work with the technology:          used to create an XMLHTTP instance that
data is sent synchronously:                   Comprehensive knowledge of JavaScript      works with various browsers looks like this:
    Better performance and effecti-      – building and managing an AJAX-based
veness – AJAX’s biggest advantage        application requires knowledge of JavaScript.    if (window.XMLHttpRequest) { // Mozilla,
is increasing the performance of         Script debugging tools are also necessary.       Safari , Opera...
web applications by sending small             Page state management – without an ade-         http_request = new XMLHttpRequest();
portions of information. A request       quate page state saving mechanism, the page      } else {     // IE
sent to the server contains only         will go back to its initial version each time        http_reguest = newActiveXObject
necessary parameters, and the            it is reloaded. All changes will be lost (for    (“Microsoft.XMLHTTP”);
data returned from the server con-       example, shopping items added to a cart).        }
tains only the response.                      A new approach to the webpage concept
       Reduced wait time – only frag-    – AJAX requires a new approach to what           To send a request to the server, the open()
ments of a web page are updated;         a webpage is. The term “page” is no             and send() HTTP class methods should be
consequently, the time required for      longer appropriate. An “Internet applica-       used:
the changes is shorter.                  tion” seems to be a better choice, because
     Improved sensitivity to user        data is not stored on the page. This requ-       http_request.open(’GET’,’http://
actions – the asynchronous mode          ires taking into account additional issues,      www.polska.pl/form.htm’,true);
of sending requests to the server        for example the implementation of the            http_request.send(null);
allows multitasking. The user does       return functionality.
not need to wait for one action               Accessibility – JavaScript support must     The first parameter of the open() method
to complete before performing ano- be enabled for AJAX to work correctly.                specifies the HTTP request method, for
ther one.                                However, not all browsers interpret Java-       example GET or POST. The second parame-
       Richer interface – as the amo-    Script properly, and some users might not       ter specifies the URL of the page to which
unt of transferred data is signi-        wish to enable it. That would rule out the      the request is to be sent. Please note that
ficantly reduced, creating applica-      use of AJAX.                                    JavaScript makes it impossible to query
tions that are richer in graphics             Learning a new interface – getting users   pages in external domains. The third para-
and multimedia is possible. This         accustomed to the new possibilities that        meter specifies whether the request is to
allows building an interface that        Internet applications bring. Initially, users   be synchronous. If the value is set to true,
would in fact be no different from       might be mistrustful of something that goes     the JavaScript function will continue to be
the GUI of applications run directly     beyond their understanding of a webpage.        called.
on users’ machines.                           A problem for advertisers – it will be      The send() method parameter can be any
       Better usability – all the abo-   difficult to count users’ actions. A user       data in the format used by the request
vementioned features make an             could make a number of clicks but the           string:
AJAX-based Internet application          server logs will only show information abo-
more user friendly.                      ut the initial page view.                        name=value1&email=value2&id=value3


NASK   Review 2006
                                                                                                                                  29
          Internet




     An example of using AJAX to browse products            Using AJAX to create a remote spreadsheet
     from the Amazon catalogue www.yapura.net               www.editgrid.com




      For the AJAX engine to work correctly, it is
     necessary to receive the server response and                       Examples of the AJAX Technology
     update the webpage data. In order to do so,                        Google Maps – http://maps/google.com/
     JavaScript must be informed about the function                     Gmail – http://gmail.com/
     that will be processing the result. This can                       BBC News RSS Reader – http://www.nigel-
     be achieved by setting the onreadystatechange                      crawley.co.uk/bbc/
     property:                                                          Annonces – http://annonces.com/
                                                                        Annonces – http://annonces.com/
      http_request.onreadystatechange = Function                        Yapura – http://yapura.net/
      Name;

       Apart from processing data, the function that
     handles the server response should check the              More about AJAX
     response status and the server response code.             http://www.ajaxgoals.com/
     Correct AJAX engine code should also handle               http://www.xul.fr/en-xml-ajax.html
     irregularities in MIME headers and support                http://pl.wikipedia.org/wiki/AJAX
     various browser versions and errors that can              http://www.telerik.com/default.aspx?pageid=2692
     appear while processing data.                             http://developer.mozilla.org/pl/docs/AJAX
                                                               http://www.adaptivepath.com/publications/essays/archi-
                      USING AJAX                               ves/000385.php
      The possibilities offered by AJAX are huge and
     the scope of application is very broad:
      n Highly interactive applications – Internet appli-               n Form validation – before AJAX came into
     cations that require ongoing interaction with the                 use, the validation of entered data could only
     user. Google Maps is a good example. AJAX                         occur after the page was reloaded. AJAX allows
     makes navigation smooth and fast – it is very                     validating data on an ongoing basis.
     much like viewing a picture in an imaging pro-                     n Data and file visualisation – displaying tabular
     gram.                                                             data, sorting or scrolling can be done instantly,

30
                                                                                             Research




                                                          NASK Biometric Laboratories are part of the
                                                          NASK Research Department. It has been
                                                          established as a result of cooperation between
                                                          NASK and the Warsaw University
                                                          of Technology.




Managing files on the Polska.pl site.
Fragments of the FCKEditor code were
used in building the application                          Biometric
 without having to wait for the page to be reloa-
 ded. This also applies to viewing content from
                                                          Methods
 remote servers, folders, files, images and mul-          Andrzej Pacut, Adam Czajka, Joanna Putz-
 timedia.                                                 -Leszczyńska, Łukasz Stasiak, Rafał Wardziński
   n Intranet – internal, e.g. corporate, networks
 often provide a large amount of remote data.
 Transferring large chunks of information is not
 necessary, because at any given moment an                 In this paper, we would like to introduce to
 employee can update only a small part of it. In such     the readers the results of efforts carried out at
 situations, AJAX is an ideal solution for improving      the NASK Biometric Laboratories that deal with
 the performance of Internet applications.                biometric systems design. The main focus of
   n The ASP (Application Service Provider) model         our attention has to do with the specific nature
 – the application service concept involves cen-          of systems created. In the paper following, we
 tral application servers and data centres. The           discuss the question of security for the designed
 development of AJAX brings back the idea of the          systems.
 “thin client”, i.e. a simple working terminal equ-
 ipped with only necessary software like a web                         IRIS CHARACTERISTICS
 browser.                                                   The fundamental role of the iris is to maintain control
   AJAX is gaining more and more supporters.              over the intensity of light that penetrates the interior of
 Google Maps, Google Suggest or BBC News are              the eye ball by contraction and relaxation of the musc-
 paving the way in the quest for a future Internet.       les of the iris. Together with the lens, it participates
 The Polska.pl portal run by NASK is committed            in the adjustment of the shape of the eye, ensuring
 to following the latest trends and achievements          sharp perception of objects. The process of creation
 in Internet applications, and it uses AJAX to            of the muscles of the iris is very complex and almost
 manage the site effectively.                             independent of our genetic makeup. The uniqueness of
                                                          the design of the iris, its unchanging structure throu-
    The author is an Internet application programmer in   ghout the human lifespan, unproblematic measurement
                      the Polska.pl portal run by NASK    and natural protection by the transparent cornea,

 NASK   Review 2006
                                                                                                                 31
          Research




     make the use of the iris in biometrics increasin-
     gly important.
       The measurement. Capture of the eye image of
     sufficient resolution in a way that is comfortable
     for a human being requires the design of an
     appropriate system. In the apparatus designed at
     the Laboratory (fig. 1), the eye is photographed
     in a safe infrared light from a distance of about
     30 cm. The system analyzes the images from
     the camera in real time, locating the iris and
     judging the quality of the images taken. “Raw”
     image of the eye contains many elements that
     obstruct recognition (eyelashes, eyelids, light
     reflexes etc.). The image undergoes the process
     of elimination of occlusions and is then conver-
     ted to a shape identical to either eye, regardless
     of the degree of dilation of the pupil and the
     scale of the object within the image.

                                                          Fig. 2. Iris verification system diagram

                                                          (meaning, among others, the quality of the ima-
                                                          ge). Selection of the iris encoding methodology
                                                          may be also dependent on the individual person.
                                                          Some of the encoding parameters are used only
                                                          once, creating a defense mechanism against iris
                                                          template theft, and especially against a biome-
                                                          tric replay attack using the unauthorized iris
                                                          template. Stolen code is useless and cannot be
                                                          reused. The above security measures are inde-
                                                          pendent of cryptography, which can also be used
                                                          as an additional degree of protection.
                                                            The system consists of methods of iris registra-
     Fig. 1. Optical setup of the iris biometric system   tion and verification that employ image quality
                                                          control, verification of integrity of component
       Encoding the characteristics of the iris in the    elements of the obtained template, as well as
     system built by the Biometric Laboratories (fig.     compensation for the rotation of the eyeball. The
     2) uses the Zak-Gabor transformation, breaking       enrollment process lasts about half a minute
     down the basic converted image of the iris into      while verification is carried out in less than three
     iris features. It is a better approach than – com-   seconds. Testing the system with the use of,
     monly used in commercial systems – filtering of      among others, own biometric database BioBase
     the iris image. Automatic selection of the iris      (containing measurements of about 200 individu-
     features allows for the adaptation of the coding     als) has shown a much better accuracy than other
     methodology to the image acquisition method          popular, commercial iris biometric systems.

32
                                                                                                  Research




                                                                        collection terminal (fig. 3) allows for the regi-
 Iris biometrics software system for the pur-
                                                                        stration of the signature that takes into account
 pose of developing access control systems
                                                                        not only the visual characteristics (two-dimen-
 n     Original identity verification method using
                                                                        sional image), but also the way in which it was
 the iris.
                                                                        written meaning the dynamics of pen movement,
 n Three unique and independent methods                                 pressure on the paper, method of gripping the
 of detecting the aliveness of the eye in order
                                                                        pen etc. Every signature collected is represented
 to protect against artificial object presenta-
                                                                        by a string of vectors that contains the sequence
 tion.
                                                                        of chosen values during the signing.
 n Possibility of direct implementation in
 various optical systems which capture iris
 images in accordance with the ISO/IEC
 19794-6 standard.
 n Additional possibility to adapt software for
 use with iris images of quality lesser than
 that recommended by the ISO (i.e. made using
 mobile equipment such as the mobile phone)
 n Original, independent of cryptography,
 methods of protection of iris templates aga-
 inst theft.
 n Possibility to expand the system with the         Fig. 3. Handwritten signature
                                                     verification system schematics
 use of cryptography with the aim of additional
 iris template protection.
 n Iris verification times not exceeding 4 secs.
 n Solution verified, among others, by the                               Dynamic time warping (DTW) is a technique of
 European BioSec project, in development of
                                                                        function comparison. At its foundation lies the
 a remote access system with the use of bio-
                                                                        observation that a direct comparison between
 metric technologies, as well as the biometric
                                                                        the functions of time f and f’ for consecutive
 smart-card-based system.
                                                                        discreet moments in time may not be adequate, if
                                                                        the time of each function “passes unevenly”, even
                                                                        though the order of events may be preserved. It
          HANDWRITTEN SIGNATURE                                         can therefore be assumed that “individual time”
  Handwritten signature biometrics employs an                           is a function g of “real time” t. This family of
identity verification solution used by mankind                          warping functions that maintains the sequence
for ages. It is, therefore, readily accepted as                         of moments in time is created by continuous
a biometric method. Systems for signature mea-                          and non-decreasing functions. The measure of
surements can examine signatures that have                              relative proximity of examined function f’ and
already been submitted, but the higher degree of                        the template f (meaning the difference between
security is provided by measuring systems that                          the signature being examined and the real one)
“observe” the signature as it is being written. We                      is the adequate measurement of distance between
would like to present the second method.                                time warping functions. Usually, it is assumed
                                                                        for the sake of simplicity that the time of the
 Measurement. Using an appropriate graphical                            original signature is not warped. For discrete
tablet as part of the structure of the signature                        time problems the warping function may be illu-

NASK   Review 2006
                                                                                                                     33
          Research




     strated as a sequence of points on the plane, the     Signature verification from scanned
     so called warping path. The shape of this path        documents
     may differ for every signature. The condition
     of proximity for the warping functions can be         n    Verification of authenticity of handwritten signature scan-
     pared down to a request that the warping paths        ned from documents.
     do not lead “too far” in the horizontal or vertical   n Four independent image processing and signature authen-
     direction, and that the final discreet time events    ticity verification algorithms.
     do not differ from each other “dramatically”.         n Possibility to integrate a few methods in or-der to adjust
       Our research of biometric signatures shows          the system operating parameters.
     that attempts at signature forgery usually con-       n Accuracy of verification comparable to that of the other
     centrate around reproduction of the depiction         commercial methods.
     of the original signature. This suggests that the
     first stage of signature matching should consist      On-line signature verification
     of mapping a warping function based on the            n   Employing the dynamics of the handwritten signature, not
     sequence of geometric coordinates of the signa-       just its appearance.
     ture in time. The measure of distance between         n Original methods of signature authenticity verification
     signatures should then take into account the          developed at the Biometric Laboratories.
     distance between the remaining signature coor-        n Verification accuracy comparable to the best commercial
     dinates mapped according to the optimum time          signature biometric systems.
     warp during the first stage of matching. The          n Verification times comparable to those of password-based
     system constructed at the Biometric Laborato-         authentication.
     ries according to the above specifications was        n Possibility of using the biometric template already existing
     tested using data from our own biometric data-        in the central database or available on a secure carrier (i.e.
     base BioBase and is characterized by the false        the biometric smart card).
     acceptance rate (FAR) at the level of 0.23 per-
     cent, while keeping a rate of false alarms (FRR)
     at the 3.63 percent level.                                            The measurement device consists of a panel, on
                                                                         which the user places the palm, and a camera
                 HAND GEOMETRY                                           that captures the hand image. The panel itself is
               AND THERMOGRAPHY                                          outfitted with special positioning elements that
       Biometric systems employing measurements                          make it easier to properly place the hand, as well
     of geometrical characteristics of the hand are                      as additional mirrors that enable observation of
     technologically simple and relatively easy to use                   the side of the hand and the thumb. Based on
     tools that ensure a high level of security with si-                 the image of the palm (fig. 4a) hand features are
     multaneous user comfort, if identity verification                   retrieved such as the width and height of the
     (not identification) is the only requirement. The                   fingers and the width and thickness (height)
     method of measurement does not raise many                           of the hand (ill. 4b). Features obtained in this
     objections of psychological nature and the ease                     way are classified by methods that use neural
     of use makes the hand biometric systems achieve                     networks and SVM (Support Vector Machines).
     one of the lowest false recognition rates (FRR)                     The equal error rate (EER) values for the system
     among all biometric methods. Those characte-                        built at the NASK Biometric Laboratories are
     ristics make the hand biometric systems the                         less than 1 percent, which makes it a result
     most accepted biometric access control systems                      competitive with widely used commercial biome-
     among users.                                                        tric systems.

34
                                                                                                     Research




  NASK Biometric Laboratories also                                         mined based on the Akaike criterion. In this
carry out research on hand thermo-                                         way the measured data were converted to vec-
graphy (fig. 4c) applications in identi-                                   tors representing model parameters.
ty verification and identification with
the special focus on hand aliveness                                         Classification. Using the AR model parame-
control.                                                                   ters based on two sessions per person, classi-
                                                                           fiers were created (based on the Mahalanobis
  ELECTROENCEPHALOGRAPH                      a                             distance), the main purpose of which was
  At the Biometric Laboratories we                                         to answer the question whether the new AR
are investigating an emerging biome-                                       parameter vector belonged to the person clas-
tric method that is person identification                                  sified or not. Parameter vectors used in tests
based on the EEG brainwaves. Because                                       were based on measurement sessions not
of the character of the received signals                                   applied in the classifier creation process. The
this is a potentially highly interesting                                   achieved result of correct recognition at the
modality, and the early results point to                                   88 percent level suggests that the hypothesis
the possibility of finding characteristics                                 of the existence of individual and time-inva-
unique to the individual person within       b                             riant characteristics within the EEG signal
the EEG signal.                                                            may be correct.

 Measurement. Early research was based                                                 FACE BIOMETRICS
on measurements taken at the EEG                                             The face is the most important visual charac-
Laboratory at the Psychiatric Clinic at                                    teristic of every person, used in the process of
Nowowiejska Street in Warsaw. For 10                                       their recognition by others. However, from the
people in three sessions separated by                                      technical standpoint every stage of the automa-
a few months period, measurements            c                             ted face recognition process is a complicated
based on recording of brain activity                                       engineering task requiring the application of
states were conducted over periods of          Fig. 4. Image of the hand   specific methods.
around 20 minutes each. Applied data           (a) and geometric featu-      At the NASK Biometric Laboratories, rese-
collection frequency was 240Hz while           res (b) and a hand ther-    arch on face-tracking algorithms is conducted
for the purpose of analysis the data were      mogram (c) based on it.     in video sequences, accounting for head pose
“downsampled” to 60Hz frequency and                                        estimation and interference caused by environ-
the measured signals were divi-                                            mental changes in illumination. Application of
ded into fragments of 16 seconds                                           the sequence of images is characterized by the
in length. Presently, the Labora-                                          fact that it puts at our disposal a collection of
tory has its own EEG wave mea-                                             many images of the face (one person, as well
suring equipment (fig. 5) which                                            as many), usually low in quality, which have to
allows for conducting various                                              be processed in real time (as opposed to the
measuring experiments.                                                     existing systems based on singular photographs
  Research on both linear and                                              of the face). Proper identification requires the
non-linear models of measured                                              development of mechanisms that combine the
signal was conducted. Particular-                                          information collected based on single frames of
ly, the linear autoregressive (AR)                                         the sequence, taking into account the studied
model with multiple delays was                                             persons movement, through the application of
used. The model order was deter-        Fig. 5. EEG measuring equipment    appropriate prediction mechanisms.

NASK   Review 2006
                                                                                                                         35
          Research




     At the NASK Biometric Laboratories, new methods of biocryptography are created
     based on own biometric systems (iris, hand), as well as employing commercial
     solutions (fingerprinting).




 Biometric Systems                           Andrzej Pacut, Adam Czajka,
                                                                           of a specially prepared artificial eye, fake iris
                                                                           (i.e. with the use of appropriate contact lenses),
                                                                           or even forcing the person to submit to the
                                                                           biometric identification. It is easy to see how
                                                                           important the question of aliveness testing has
                             Przemysław Strzelczyk, Marcin Chochowski      become.
                                                                             Three original eye aliveness verification methods
                                                                           were designed at the Laboratory. The simplest
       This paper discusses aspects of security                            one, using the iris image frequency spectrum,
     related to designing biometric systems and                            analyzes the same iris image which is the basis
     applications of biometrics in remote access                           of identity verification. The advantage of this
     systems, as well as in smart card-based                               method is that it does not require modifications
     systems. Much like in the first part of the                           or expansion of the already existing equipment.
     paper, this part contains specific proposals                          The second method, based on the analysis of
     for systems designed at the NASK Biometric                            stimulated infrared reflections, uses the struc-
     Laboratories.                                                         tural characteristics of the eye in the aliveness
                                                                           test. The third of the methods developed, and the
                 ALIVENESS TESTING                                         most advanced, relies on iris dynamics analysis.
       Most biometric systems do not employ aliveness                      This method, by judging the degree of adjustment
     analysis of objects measured. Tests of popular                        of the iris contraction model to the current mea-
     commercial iris biometric systems conducted at the                    surement, is the most sensitive to the uncharac-
     Laboratory have shown                                                 teristic behavior of the imaging eye.
     that such equipment will
     accept as much as 85                                                              BIOCRYPTOGRAPHY
     percent of forgeries with                                              Cryptographic methods applied thus far, altho-
     the use of paper prin-                                                ugh algorithmically advanced, are usually ren-
     tout images of the eye                                                dered useless in the situation where the key is
     using resolution of aro-                                              stolen. A well developed cryptographic system
     und 600 dpi. However,                                                 should then recognize the situation when the
     eye printout is the sim-                                              key is being used against the will of the owner.
     plest method of forgery.                                              The solution lies in the marriage of cryptography
     We can expect the use                                                 with biometric verification methods, allowing
                                                                           a connection to be established between the key
     Fig. 1. An example of the printout of the eye used in                 and its owner.
     tests of commercial systems and methods developed                      One of the methods of realizing this idea is the
     at the Laboratory                                                     so called system with key release. Such a system

36
                                                                                                      Research




 Fig. 2. Diagram of biometric verification realized with the use of a smart card


employs biometric verification instead of a PIN.              Biometric smart card for the purpose of access
Another, far more interesting solution, is a system           control, hardware and software security
with key generation, in which a cryptographic                 Characteristics of the proposed solution:
key of appropriate length is generated based on               n     Application of biometrics (iris biometrics and hand
biometric data. This kind of a solution requires the          geometry methods developed at the NASK Biometric Labo-
development of methods which allow the acquisi-               ratories), smart card and password as a three-factor method
tion of a stable key from data which, because of              of authentication for purposes of access control, hardware
their nature, are different for each measurement.             and software security.
Another solution is a key reconstruction system.              n     Process of identity verification conducted within the
In this case, biometric data are treated as noise             secure environment of the card (match-on-token technology)
added to the key, which we would like to pass                 or within the terminal after reading the biometric template
on securely. Before that we expand the key using              off the card (match-off-token technology).
a correction code. The reconstruction process                 n     Compliance with international standards: BioAPI, Java-
relies on the subtracting the new realization of              Card, PS/SC, GlobalPlatform.
the biometric signal from data modified in this               n     Card personalization process in accordance with the
way, as a result of which we obtain the original,             EMV 2000 standard.
“noise-polluted” version of the key. The noise then           n     Triple-sided authentication (card-user-terminal) coupled
                                                              with encryption of transferred data (DES, AES with 56,
has to be removed with the use of the previously
                                                              128 and 256 byte algorithms) ensuring the highest level of
entered correction codes.
                                                              security currently available in commercial solutions.
  At the NASK Biometric Laboratories, new
                                                              n     Support for aliveness testing methods (meaning tests
methods of biocryptography are created based
                                                              for checking whether the biometric data were artificially
on own biometric systems (iris, hand), as well as
                                                              generated); proprietary solution for iris biometrics.
employing commercial solutions (fingerprinting).
                                                              n     Interactive authentication methods (system decides

        THE BIOMETRIC SMART CARD                              whether to verify using the eye or the hand).
                                                              n     Application of parameter-adjusted biometric methods
  The implementation of single-factor methods                 preventing unauthorized use of biometric template over the
of verification is becoming insufficient: systems             Internet (biometric replay-attack prevention).
based solely on passwords, PIN codes or identifi-             n     Possibility to expand the solution using additional biome-
cation cards offer an inadequate level of securi-             tric methods (i.e. face, handwritten signature, fingerprint).
ty. To meet the arising needs, NASK Biometric                 n     Support for multi-modality – many biometric methods
Laboratories offer two- and three-factor authen-              can be used together or independently in order to ensure the
                                                              highest level of security.
NASK   Review 2006
                                                                                                                           37
          Research




     tication, which brings together the
     advantages of biometrics, crypto-
     graphy and smart cards.
       Solutions implemented by us use
     innovative algorithms for biometric
     individual recognition based on the
     iris and hand geometry in connec-
     tion with the smart card and – as an
     option – password. Biometric tem-
     plates are stored in the safe envi-
     ronment of the card. The system
     uses two approaches. In the first,
     the so called match-off-card, after
     mutual authentication between the
     card and the terminal (and optional
     password entry), the template is
     read off the card in order to con-                              Fig. 3. Various solutions of biometric authentication in remote
     duct the verification of the user                              access control systems
     outside of the card environment. In
     the second approach, known as the
     match-on-card, the process of mat-
     ching of biometric characteristics
     with the template is realized enti-
     rely within the card environment.
     This means that the biometric tem-
     plate never leaves the card. This         Various solutions of biometric authentication in remote access control systems
     approach ensures the highest degree
     of security and privacy.                                                      ratories, along with its partners, developed a new
       The system prototype was built based on a card                              biometric authentication protocol BEAP. It is
     with a simplified version of Java virtual machine                             based on a very widespread and continually
     installed, thanks to which the obtained solution can                          gaining in appreciation, especially in wireless
     be transferred to any smart card and operating                                networks, family of extensible authentication pro-
     system which supports JavaCard™ technology.                                   tocols EAP.
                                                                                     Making use of our knowledge in the field of
                  REMOTE ACCESS                                                    biometrics, as well as network security, we have
       The use of biometrics in access control to remo-                            proposed an approach which solves a series of
     te resources (private and public networks) is not                             problems tied to security and privacy. Application
     a novel idea, although the problem has not been                               of the public key infrastructure (PKI) resolved
     fully solved yet. Up until the year 2005, the                                 the problem of mutual trust between both sides
     only attempt at developing a method of remote                                 involved in the user verification process. Biome-
     access taking biometrics into account as a way                                tric data sent during the authentication process
     of verifying the user was originated as part of                               are secured both at the strictly electronic level
     the European BioSec project. As part of the                                   (encryption and electronic signature), as well
     framework of that project, NASK Biometric Labo-                               as through mechanisms arising from the use of

38
                                                  Research




Biometric identification for telecommunication networks
Four solutions proposed, among many possibilities of expanding
telecommunication networks with the use of biometric identifi-
cation, are adapted to the network architecture, as well as the
needs arising from the use of central biometric database.
 BiomVPN
Biometric verification of the user’s rights during connection to
the virtual private network (VPN) with the use of the central
biometric template database.
 BiomSmartVPN
BiomVPN solution enriched by the biometric smart card, i.e.
a secure carrier and a processor of biometric data. In this
solution biometric data are not stored centrally or transferred
over the network.
 BiomWireless
Biometric authentication for wireless networks with the use of
central biometric template database.
 BiomSmartWireless
BiomWireless solution enriched by the biometric smart card.
Similarly as in extending the BiomVPN solution to BiomSmar-
tVPN proposition, BiomSmartWireless solution does not use
a central biometric template database.



biometrics enriched by the mechanisms of algorithm
parameter adjustment and multimodality. The protocol               Information
                                                                   Bulletin of NASK
also foresees the use of aliveness tests, enabling
                                                                   – the Research and Academic
verification of biometric data authenticity.                       Computer Network
  In the basic solution, biometric templates are stored
                                                                   Address:
in a secure central biometric database. However, if
                                                                   18 Wąwozowa St.,
the use of such a database is impossible (e.g. due                 02-796 Warsaw, Poland
to reasons of privacy protection) we propose joining               tel. (48 22) 38 08 200
the use of such a solution with smart cards with                   e-mail: biuletyn@nask.pl

match-on-token technology implemented (biometric
                                                                   Managing editor:
verification takes place directly on the card). This               Maria Baranowska
solution was tested in cooperation between NASK
and Telefonica I+D. Users in Spain and Poland were                 Editorial support:
                                                                   Małgorzata Dygas, Anna Maj,
granted access to resources located in a few places                Anna Rywczyńska
throughout Europe. In these tests, fingerprint biome-
trics, as well as iris biometrics developed at our                 Photos: from editor’s
                                                                   collection
Laboratory, were used.
       The authors represent the NASK Biometric Laboratories,      Layout and DTP:
             which Andrzej Pacut, PhD., D.Sc. is the Manager of    Pauzewicz & Płuciennik

NASK   Review 2006
                                                                                              39

								
To top