Page 167 - Big data - Concept and application for telecommunications
P. 167

Big data - Concept and application for telecommunications                       4


            11      Security functions for big data analytics in mobile Internet services

            This clause describes some of the security functions that may be used to meet security requirements for big
            data analytics in mobile Internet services. They are:
            –       authentication;
            –       authorization;
            –       digital signature;
            –       encipherment;
            –       event detection;

            –       key exchange;
            –       security audit trail;
            –       security recovery; and
            –       user reminder.

            11.1    Authorization

            The authorization function may use the authenticated identity of a user or information about the user (such
            as membership within a known set of users) or the capabilities of the user, in order to determine and enforce
            the access rights of the user. If the user attempts to use an unauthorized resource or an authorized resource
            with an improper type of access, then the access control function will reject the attempt and may additionally
            report the incident for the purposes of generating an alarm or recording it as part of a security audit trail.
            The access control function may be based on the use of the following items:

            a)      access  control  information  bases,  where  the  access  rights  of  peer  entities  are  maintained  in  a
                    database;
            b)      authentication  information,  such  as  passwords, the  possession  and  subsequent  presentation of
                    which is evidence of the accessing user's authorization;
            c)      capabilities, the possession and subsequent presentation of which is evidence of the access right to
                    the user or resource defined by the capability;
            d)      security labels, which, when associated with a user, may be used to grant or deny access, usually
                    according to a security policy;
            e)      time of attempted access;
            f)      route of attempted access;
            g)      duration of access; and
            h)      physical location of attempted access.

            The access control function may be applied to the data analysis entity and the data application entity.

            11.2    Authentication

            Some of the security technologies that may be applied include the following:
            –       the use of authentication information, such as passwords supplied by a sending user and checked
                    by the receiving user;
            –       cryptographic technologies; and
            –       the use of characteristics or possessions of the user and single sign on.

            The authentication function may be incorporated in order to provide communicating user authentication. If
            the function fails in authenticating the user, this will result in the rejection or termination of the connection
            and may cause a user to show up on the security audit trail and/or a report to a security management centre.





                                                                   Security, privacy and data protection   159
   162   163   164   165   166   167   168   169   170   171   172