77 research outputs found

    Selbstbestimmung, Privatheit und Datenschutz

    Get PDF
    In diesem Open-Access-Sammelband werden die aktuelle Herausforderungen für Privatheit und Datenschutz aufgezeigt, die durch die zunehmende Digitalisierung entstehen. Die Beitragsautoren analysieren, wie diese durch Governancemechanismen adressiert werden können. Als Alternative zu einem rein profitorientierten Digitalkapitalismus bzw. Digitalautoritarismus wird für einen eigenständigen europäischen Weg beim Datenschutz argumentiert, der auf eine gemeinwohlorientierte Technikentwicklung abzielt. Insbesondere befassen sich die Beiträge mit den Möglichkeiten für die Stärkung der Selbstbestimmung in der Datenökonomie und mit algorithmischen Entscheidungssystemen

    Modelling escalation of attacks in federated identity management

    Get PDF
    PhD ThesisFederated Identity Management (FIM) is an increasingly prevalent method for authenticating users online. FIM offloads the authentication burden from a Service Provider (SP) to an Identity Provider (IdP) that the SP trusts. The different entities involved in the FIM process are referred to as stakeholders. The benefits of FIM to stakeholders are clear, such as the ability for users to use Single Sign-On. However, the security of FIM also has to be evaluated. Attacks on one point in a FIM system can lead to other attacks being possible, and detecting those attacks can be hard just from modelling the functionality of the FIM system. Attacks in which the effect of one attack can become the cause for another attack are referred to in this thesis as escalating attacks. The overall research question this thesis revolves around: how can we model escalating attacks to detect attacks which are possible through an adversary first launching another attack, and present causality of attacks to the FIM stakeholders involved? This thesis performs a survey of existing attacks in FIM. We categorise attacks on FIM using a taxonomy of our own design. This survey is the first attempt at categorising attacks that target FIM using a taxonomy. Some attacks can have an effect that causes another attack to be possible in ways that are difficult to predict. We consider a case study involving OAuth 2.0 (provided by existing literature), as a basis for modelling attack escalation. We then seek to present a language for modelling FIM systems and attacker manipulations on those systems. We find that FIM systems can be generalised for the purpose of a programmatic logical analysis. In addition, attacker manipulations on a system can be broken down using an existing conceptual framework called Malicious and Accidental Fault Tolerance (MAFTIA). Using a generalised FIM system model and MAFTIA, we can express a complex interlinking of attacks informed by case studies in FIM security analysis. This is the first attempt to model FIM systems generally and apply logical analysis to that model. Finally, we show how causality of attacks can be analysed using attack trees. We find that any solutions to an escalating attack can be expressed using a tree model which conforms to existing research on attack trees. Our approach is the first attempt of modelling attacks on FIM systems through the use of attack trees. We consider stakeholder attribution and cost analysis as concrete methods for analysing attack trees

    PROFILING - CONCEPTS AND APPLICATIONS

    Get PDF
    Profiling is an approach to put a label or a set of labels on a subject, considering the characteristics of this subject. The New Oxford American Dictionary defines profiling as: “recording and analysis of a person’s psychological and behavioral characteristics, so as to assess or predict his/her capabilities in a certain sphere or to assist in identifying a particular subgroup of people”. This research extends this definition towards things demonstrating that many methods used for profiling of people may be applied for a different type of subjects, namely things. The goal of this research concerns proposing methods for discovery of profiles of users and things with application of Data Science methods. The profiles are utilized in vertical and 2 horizontal scenarios and concern such domains as smart grid and telecommunication (vertical scenarios), and support provided both for the needs of authorization and personalization (horizontal usage).:The thesis consists of eight chapters including an introduction and a summary. First chapter describes motivation for work that was carried out for the last 8 years together with discussion on its importance both for research and business practice. The motivation for this work is much broader and emerges also from business importance of profiling and personalization. The introduction summarizes major research directions, provides research questions, goals and supplementary objectives addressed in the thesis. Research methodology is also described, showing impact of methodological aspects on the work undertaken. Chapter 2 provides introduction to the notion of profiling. The definition of profiling is introduced. Here, also a relation of a user profile to an identity is discussed. The papers included in this chapter show not only how broadly a profile may be understood, but also how a profile may be constructed considering different data sources. Profiling methods are introduced in Chapter 3. This chapter refers to the notion of a profile developed using the BFI-44 personality test and outcomes of a survey related to color preferences of people with a specific personality. Moreover, insights into profiling of relations between people are provided, with a focus on quality of a relation emerging from contacts between two entities. Chapters from 4 to 7 present different scenarios that benefit from application of profiling methods. Chapter 4 starts with introducing the notion of a public utility company that in the thesis is discussed using examples from smart grid and telecommunication. Then, in chapter 4 follows a description of research results regarding profiling for the smart grid, focusing on a profile of a prosumer and forecasting demand and production of the electric energy in the smart grid what can be influenced e.g. by weather or profiles of appliances. Chapter 5 presents application of profiling techniques in the field of telecommunication. Besides presenting profiling methods based on telecommunication data, in particular on Call Detail Records, also scenarios and issues related to privacy and trust are addressed. Chapter 6 and Chapter 7 target at horizontal applications of profiling that may be of benefit for multiple domains. Chapter 6 concerns profiling for authentication using un-typical data sources such as Call Detail Records or data from a mobile phone describing the user behavior. Besides proposing methods, also limitations are discussed. In addition, as a side research effect a methodology for evaluation of authentication methods is proposed. Chapter 7 concerns personalization and consists of two diverse parts. Firstly, behavioral profiles to change interface and behavior of the system are proposed and applied. The performance of solutions personalizing content either locally or on the server is studied. Then, profiles of customers of shopping centers are created based on paths identified using Call Detail Records. The analysis demonstrates that the data that is collected for one purpose, may significantly influence other business scenarios. Chapter 8 summarizes the research results achieved by the author of this document. It presents contribution over state of the art as well as some insights into the future work planned

    Security and Privacy Enablers for Future Identity Management Systems

    Get PDF
    Abstract: In recent years, Identity Management (IdM) has gained a lot of attention in industry, standardisation and academia. In particular, a couple of research projects, like Daidalos or Prime, have invested considerable effort to bring IdM forward, to take advantage of features like improved usability and security. Nevertheless, there are important issues that have not been addressed so far. The SWIFT project leverages IdM as a key technology of the Future Internet, tackling problems like the integration of the network and application layer from an IdM perspective as well as the use of electronic identity cards. Moreover, aspects like the integration of several user devices, backward compatibility and a new access control infrastructure are required by future IdM solutions. We consider all these aspects by extending existing IdM solutions with six new security and privacy enablers that are part of the overall SWIFT framework. These enablers have been partially implemented towards a new IdM architecture. First evaluation results of the implementation are promising to pave the way towards future IdM solutions

    A Dynamic Access Control Model Using Authorising Workfow and Task Role-based Access Control

    Get PDF
    Access control is fundamental and prerequisite to govern and safeguard information assets within an organisation. Organisations generally use Web enabled remote access coupled with applications access distributed across various networks. These networks face various challenges including increase operational burden and monitoring issues due to the dynamic and complex nature of security policies for access control. The increasingly dynamic nature of collaborations means that in one context a user should have access to sensitive information, whilst not being allowed access in other contexts. The current access control models are static and lack Dynamic Segregation of Duties (SoD), Task instance level of Segregation, and decision making in real time. This thesis addresses these limitations describes tools to support access management in borderless network environments with dynamic SoD capability and real time access control decision making and policy enforcement. This thesis makes three contributions: i) Defining an Authorising Workflow Task Role Based Access Control (AW-TRBAC) using existing task and workflow concepts. This new workflow integrates dynamic SoD, whilst considering task instance restriction to ensure overall access governance and accountability. It enhances existing access control models such as Role Based Access Control (RBAC) by dynamically granting users access rights and providing access governance. ii) Extension of the OASIS standard of XACML policy language to support dynamic access control requirements and enforce access control rules for real time decision making. This mitigates risks relating to access control, such as escalation of privilege in broken access control, and insucient logging and monitoring. iii) The AW-TRBAC model is implemented by extending the open source XACML (Balana) policy engine to demonstrate its applicability to a real industrial use case from a financial institution. The results show that AW-TRBAC is scalable, can process relatively large numbers of complex requests, and meets the requirements of real time access control decision making, governance and mitigating broken access control risk

    Aspects of internet security: identity management and online child protection

    Get PDF
    This thesis examines four main subjects; consumer federated Internet Identity Management (IdM), text analysis to detect grooming in Internet chat, a system for using steganographed emoticons as ‘digital fingerprints’ in instant messaging and a systems analysis of online child protection. The Internet was never designed to support an identity framework. The current username / password model does not scale well and with an ever increasing number of sites and services users are suffering from password fatigue and using insecure practises such as using the same password across websites. In addition users are supplying personal information to vast number of sites and services with little, if any control over how that information is used. A new identity metasystem promises to bring federated identity, which has found success in the enterprise to the consumer, placing the user in control and limiting the disclosure of personal information. This thesis argues though technical feasible no business model exists to support consumer IdM and without a major change in Internet culture such as a breakdown in trust and security a new identity metasystem will not be realised. Is it possible to detect grooming or potential grooming from a statistical examination of Internet chat messages? Using techniques from speaker verification can grooming relationships be detected? Can this approach improve on the leading text analysis technique – Bayesian trigram analysis? Using a novel feature extraction technique and Gaussian Mixture Models (GMM) to detect potential grooming proved to be unreliable. Even with the benefit of extensive tuning the author doubts the technique would match or improve upon Bayesian analysis. Around 80% of child grooming is blatant with the groomer disguising neither their age nor sexual intent. Experiments conducted with Bayesian trigram analysis suggest this could be reliably detected, detecting the subtle, devious remaining 20% is considerably harder and reliable detection is questionable especially in systems using teenagers (the most at risk group). Observations of the MSN Messenger service and protocol lead the author to discover a method by which to leave digitally verifiable files on the computer of anyone who chats with a child by exploiting the custom emoticon feature. By employing techniques from steganography these custom emoticons can be made to appear innocuous. Finding and removing custom emoticons is a non-trivial matter and they cannot be easily spoofed. Identification is performed by examining the emoticon (file) hashes. If an emoticon is recovered e.g. in the course of an investigation it can be hashed and the hashed compared against a database of registered users and used to support non-repudiation and confirm if an individual has indeed been chatting with a child. Online child protection has been described as a classic systems problem. It covers a broad range of complex, and sometimes difficult to research issues including technology, sociology, psychology and law, and affects directly or indirectly the majority of the UK population. Yet despite this the problem and the challenges are poorly understood, thanks in no small part to mawkish attitudes and alarmist media coverage. Here the problem is examined holistically; how children use technology, what the risks are, and how they can best be protected – based not on idealism, but on the known behaviours of children. The overall protection message is often confused and unrealistic, leaving parents and children ill prepared to protect themselves. Technology does have a place in protecting children, but this is secondary to a strong and understanding parent/child relationship and education, both of the child and parent

    E-Ágora: El impacto de las nuevas tecnologías sobre el desarrollo del derecho. La participación electrónica directa del ciudadano en el proceso legislativo

    Get PDF
    Mención Internacional en el título de doctor"Una plaza - Ágora - en la que todos los ciudadanos pueden ser consultados para participar en la vida democrática de la ciudad (Rousseau)”, esta era la aspiración de los teóricos originales de la Democracia Directa. El sistema de democracia directa perfecciona, si no supera, el sistema de Democracia representativa generalizado a lo largo de la historia en diferentes partes del mundo. Para los teóricos defensores o propulsores del sistema de democracia directa este era el único sistema democrático donde se respetan al máximo los derechos de la ciudadanía, con la consecuencia del máximo de felicidad colectiva. Para alcanzar y desarrollar esta teoría política se han planteado a lo largo del tiempo diferentes propuestas. El presente trabajo de investigación estudia y reflexiona sobre como la nueva revolución tecnológica de internet y la adecuada utilización de las nuevas tecnologías pueden facilitar alcanzar la democracia directa, en cuanto tienen o crean un espacio o un "mercado virtual”, el E-ágora, tan grande que engloba a toda la ciudadanía, en cuanto cualquier ciudadano puede participar en tiempo real en la vida política de su entorno comunitario y político, y a todos los niveles. La idea básica de la tesis es que el gran cambio que supone internet, con sus múltiples redes de comunicación y conocimiento, y las nuevas tecnologías pueden influir en el proceso democrático y en los procesos legislativos de modo destacado, mejorando y profundizando la democracia. Sin embargo, para llegar a esta conclusión, el concepto de proceso democrático político y legislativo necesita ser redefinido. Se ha partido de un estudio de la idea histórica original de la Democracia “Ágora”, desarrollada en la antigüedad en la época de la Atenas democrática con Pericles. A lo largo de la historia, para los pensadores precursores de la democracia, el referente es estableció en el sistema político de la democracia de la Grecia clásica y Atenas; y su práctica y ejercicio en el espacio ciudadano de libertad que era el “ágora”. Ágora, vista como una institución del sistema político democrático y del derecho, de la historia del derecho natural, más precisamente, se entiende como el espacio o lugar físico donde el pueblo delibera y aprueba normas y toma decisiones, pero también como la base de la democracia contemporánea. Con independencia del concepto y de su camino histórico recorrido la idea de ágora significa democracia, o sea participación política del pueblo, de manera directa o indirecta a través de la fórmula de la representación. Como resultado de la importancia de lo que es y significa la democracia y su sistema de libertades y derechos es por lo que se justifica este trabajo de investigación y como se puede mejorar con la aportación de las nuevas tecnología e internet. Se ha destacado por los estudiosos el gran cambio que ha supuesto en la vida de todos la aparición de internet y las nuevas tecnologías. Esta influencia es fundamental en la sociedad actual e influye a todos los niveles. También se discute se esa influencia es beneficiosa o significa también peligros para las personas y para la sociedad. Ágora vs. E Ágora. El Ágora clásico griego tenía dos funciones, el de espacio o entorno físico en el que se reunían los ciudadanos, y el de espacio o momento ciudadano común para participar, deliberar, debatir y tomar acuerdos con eficacia para el buen gobierno de la ciudad. También el E ágora, o ágora moderna de internet, permite o da la posibilidad de encuentro y convergencia de la ciudadanía en el espacio virtual de las redes y con la utilización de las nuevas tecnologías, para debatir y decidir sobre los asuntos de su interés. Con la idea de proponer o hacer líneas de demarcación de investigación progresivas y comparativas entendemos que la fórmula de la participación de la ciudadanía en la democracia se hace en dos tipos de ágoras. El ágora espacio físico donde se reúnen en asamblea deliberativa y decisoria toda la ciudadanía y el E-ágora o espacio virtual donde se participa, delibera y toman acuerdos. De esta manera ágora representa a las comunidades fuera de línea y e- ágora es el espacio virtual donde se reúnen, deliberan y toman decisiones en línea las comunidades virtuales. La ventaja de comunidades virtuales E-ágora es que permite organizar mejor a la comunidad política en cuanto a la forma de participación y toma de acuerdos porque no tiene las limitaciones de tener que limitarse a un espacio o lugar físico de reunión. Con las nuevas tecnologías e internar la participación en los procesos democráticos electorales y de otro tipo es más rápida, ágil, barata e integradora. Un segundo análisis es el de la fuente de discusión. En este sentido, partimos de la necesidad primordial de la participación, el diálogo y la integración. En la comunidad política se realizan encuentros y se comparten intereses o se producen colisión de intereses, esto obliga a crear espacio y lugares para la posibilidad de diálogo, según los diferentes supuestos y casos específicos que faciliten la socialización o la integración del conflicto. La socialización es la forma en que una persona entiende dirigirse a otra persona o grupo para satisfacer su necesidad de comunicación, y la justificación y la integración es la respuesta dada por el interlocutor, el sujeto de la socialización. Centrándonos en esta temática y dentro de la terminología ya establecida por la doctrina científica, se puede concluir que el objetivo a alcanzar con el espacio virtual e Ágora es el miso que el que se intentaba alcanzar con la antigua institución del ágora griega clásica, o sea la participación en el sistema político democrático. Con respecto al concepto o definición del sistema político democrático, la idea clave es la participación junto con la idea de democracia. De las dos formas de democracia, la democracia representativa y la directa o participativa, la utilización de la idea o concepto de E-ágora permite encaminarse a un tipo de democracia o sistema político democrático más participativo o de democracia directa. La posibilidad de mayor participación a través del sistema que perfecciona el E-ágora facilita una política más favorable a las mayorías, frente a las controles o limitaciones que pueden establecer las minorías detentadoras del poder oligárquico. Con base en lo anterior, podemos resumir esta tesis con las siguientes palabras clave y frases de comunicación: comunidades en línea, Ágora de la democracia, espacio virtual de participación y de opinión pública, espacio o lugar de encuentro de la ciudadanía libre, lugar de la nueva tecnología y del espacio de relaciones y comercio electrónico. Se puede pensar en este estudio y análisis que abordamos, que para alcanzar la idea ultima de la democracia o gobierno del pueblo, que era el ideal del Ágora de la Grecia clásica, como lugar idóneo de encuentro y manifestación de la voluntad popular, era necesario que apareciera algo nuevo en el futuro. Podemos concluir que esto ha ocurrido y que el ideal de la democracia como gobierno del pueblo es ahora más fácil de alcanzar. Las limitaciones espaciales y materiales del ágora clásica son eliminadas en el nuevo E-ágora o espacio virtual de la democracia.Programa de Doctorado en Derecho por la Universidad Carlos III de MadridPresidente: Santiago Areal Ludeña; Secretario: María Pilar Trinidad Núñez; Vocal: Radu Car

    Data portability as a new means of data protection? Examining the right to data portability in the EU General Data Protection Regulation

    Get PDF
    On 25 May 2018, the General Data Protection Regulation (GDPR) came into effect across the European Union. This new Regulation has a number of innovations, notably including a new right for the data subject to port personal data out of a processing system and reuse it elsewhere. Data portability has an immediate impact on data flows across systems and has been sought as a catalyst for competition, consumer welfare, innovation and institutional efficiency. The issue of how data portability furthers the objective of data protection appears not straightforward. This thesis primarily examines the legitimacy, coherence and added value of the right to data portability in the EU data protection regime. In recognition of its wide-ranging implications, it also explores how the GDPR right interacts with many other areas of law and ‘interfaces’ with user-centric technologies devised to better protect our personal data. The thesis is divided into six chapters. Before analysing the GDPR right, Chapter 1 first maps a wide array of similar schemes that have emerged over two decades (1995-2019), whether they be industry-initiated projects, government-led initiatives or statutory schemes. Particular attention is paid to the legacy of early attempts that predate the GDPR, as well as the recent developments in the wake of the GDPR. Chapters 2 provides a detailed account of the right to data portability in the GDPR. It inquires whether the new right can legitimately sit within the EU data protection framework, act in harmony with other components, and bring added value to the imperative of data protection. The EU data protection regime has a dual purpose, that is, the protection of personal data and the free movement of personal data in the EU. Whereas Chapter 2 examines the right through the lens of data protection, Chapter 3 ventures to explore the right’s link to the free flow of personal data. Beyond data protection, the GDPR right may also have an impact on the economic welfare of the data subject. This is especially the case when data protection, consumer protection and competition law converge around the objective of promoting individual welfare. Chapter 3 examines whether the GDPR right may legitimately pursue consumer welfare (an overarching goal pursued by consumer protection and competition law), and how it interacts with similar schemes recently developed in those interrelated areas of law. Chapter 4 focuses on the potential barriers to individual-led data flows, resulting from a set of information rights relating to intellectual property, trade secrets, and database protection. The extent to which the GDPR right contributes to data protection depends upon the applicability and effects of these counteracting rules. It is argued that a rough line exists between different types of data to which the data protection and information rights respectively apply. That said, grey areas do exist at the boundaries of data taxonomies, and Chapter 4 examines the rules developed for balancing the rights in conflict. To ensure that datasets smoothly flow between systems and are well adapted to a new environment, the GDPR lays down some requirements concerning data interoperability. Chapter 5 draws knowledge from the field of data science and builds a conceptual model of interoperability to elucidate those legal requirements. Since data interoperability relies upon layers of specifications, this chapter reconstruct the EU Guidelines accordingly in order to clarify the legal issues associated with each layer of interoperability. The GDPR right’s impact on data transmission and reuse is immediately noticeable; its contribution to data protection is, however, not. Basically, this right promotes data protection by channelling data into alternative systems where our data is supposedly better protected. Chapter 6 surveys the user-centric technological systems that have emerged over the last two decades (1999-2019). By revealing their attributes, development and potential interplay with the legal rights examined above, this chapter considers the extent to which a joint effort of law and technology could make a difference to our quest for data protection
    corecore