The simplicity project: easing the burden of using complex and heterogeneous ICT devices and services

As of today, to exploit the variety of different "services", users need to configure each of their devices by using different procedures and need to explicitly select among heterogeneous access technologies and protocols. In addition to that, users are authenticated and charged by different means. The lack of implicit human computer interaction, context-awareness and standardisation places an enormous burden of complexity on the shoulders of the final users. The IST-Simplicity project aims at leveraging such problems by: i) automatically creating and customizing a user communication space; ii) adapting services to user terminal characteristics and to users preferences; iii) orchestrating network capabilities. The aim of this paper is to present the technical framework of the IST-Simplicity project. This paper is a thorough analysis and qualitative evaluation of the different technologies, standards and works presented in the literature related to the Simplicity system to be developed

Secure Method Invocation in JASON

We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using SMI. Jason is currently being developed as a middleware layer that securely interconnects an arbitrary number of smart cards, terminals and back-office systems over the Internet

ENHANCING RURAL PUBLIC TRANSPORT ACCESSIBILITY THROUGH IMPLEMENTING A SMART SCAN-ON M-TICKETING SOLUTION: : A UNITED KINGDOM CASE STUDY APPROACH WITHIN RURAL DEREGULATED ENVIRONMENTS

Scott Copsey, Sue Walsh, Liam Fassam, Richard Southern, ‘Enhancing Rural Public Transport Accessibility Through Implementing a Smart Scan-on M Ticketing Solution: A United Kingdom Case Study Approach Within Rural Deregulated Environments’, paper presented at the European Transport Conference, Barcelona, Spain, 5-7 October, 2016.The aim of this paper is to demonstrate how two UK Local Authorities (Hertfordshire and Northamptonshire), the two Universities of Hertfordshire and Northampton and public transport providers have worked in partnership to develop a smart scan-on m-ticketing solution, that integrates into a wider ‘smart city’ solution delivering social good through connected value propositions. Based on the initial success of a Hertfordshire pilot, a specific objective of this work is to establish smart integrated multi-operator/modal solutions. This pilot is subsequently being collaboratively expanded upon, through the UK Department for Transport funded ‘Network Northamptonshire Total Transport’ initiative, a transformative project to improve connectivity, integration and accessibility for rural transport networks. This forms part of the recently signed ‘Heart of England’ economic tri-county alliance agreement, which aims to work collaboratively across three local authority regions (Buckinghamshire, Oxfordshire and Northamptonshire), consolidating £3bn of spending. This provides a further future platform for innovative transport solutions being rolled out across wider geographical areas. The initial Hertfordshire demonstrator pilot project explored how a ‘smart’ m-ticketing platform could provide a sustainable financial business model for implementing ticketing solutions for small and medium bus operators within rural Shires, outside of large urban settings. This unique project was the first scan-on bus mobile ticket product used in the UK (outside of London). It offers a partnership model and governance structure for local authorities, commercial operators and other stakeholders with an interest in integrated sustainable transport to take forward, and leads to the possibility of new, socially innovative models for procuring and delivering transport solutions. Initial user reactions have been positive, generating large digital data sets, analysis of which indicates rapid user uptake in comparison to other schemes. This data enables detailed analysis such as precise user geo-spatial distribution, supporting targeted marketing and route-specific promotions to encourage further service uptake. A critical success factor of the project was to target a reduction of on-bus cash handling by five per cent within the first 12 months. This would aid in reducing bus loading times, improve reliability and operator efficiencies. After an initial 16 month operational use, uptake growth in excess of 7 per cent of total revenue has been achieved, on specific routes the transfer to m-ticket has exceeded 12 per cent, with targets of 10 per cent of total cash to mobile conversion predicted by the middle of 2017, likely to be realised. The effectiveness of marketing campaigns, technical development aspects and implementation issues will be reported. These projects have a wider context. Public transport services in rural areas in England are deregulated, and have at present no effective statutory backing or ring-fenced funding. As a result, with reductions in funding to local authorities, funding for non-commercial bus services is being sharply reduced and many authorities are proposing to cease all funding for local bus services (Campaign for Better Transport, 2016). These projects may offer alternative cost-effective ways of providing local transport services in non-metropolitan areas, and thus provide the potential for unique future research opportunities. These include understanding the uptake of smart multi-modal solutions in rural areas to improve accessibility and connectivity through enhanced services for new users and for those with restricted or reduced mobility networks, whilst also offering efficiencies for operators. This research has added importance, because the UK Government is proposing legislation on bus services in England, which would confer significant extra powers on local authorities to intervene in the bus market in various ways. These projects may act as pathfinders for the use of these powers in non-metropolitan areas. Structures supporting a partnership approach involving all those with an interest in public transport are a critical part of improving rural connectivity and accessibility. Through the experience of establishing quality partnership models in Hertfordshire, this paper will go on to detail the subsequent work now underway developing a Social Enterprise model involving local government, universities, operators, health and education services in Northamptonshire, which will form the basis of the transformation of rural integrated sustainable transport delivery.Non peer reviewedSubmitted Versio

Smart cards: State-of-the-art to future directions

The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present

State of Alaska Election Security Project Phase 2 Report

A laska’s election system is among the most secure in the country, and it has a number of safeguards other states are now adopting. But the technology Alaska uses to record and count votes could be improved— and the state’s huge size, limited road system, and scattered communities also create special challenges for insuring the integrity of the vote. In this second phase of an ongoing study of Alaska’s election security, we recommend ways of strengthening the system—not only the technology but also the election procedures. The lieutenant governor and the Division of Elections asked the University of Alaska Anchorage to do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell. State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference

Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201