479 research outputs found
Multidisciplinary perspectives on Artificial Intelligence and the law
This open access book presents an interdisciplinary, multi-authored, edited collection of chapters on Artificial Intelligence (‘AI’) and the Law. AI technology has come to play a central role in the modern data economy. Through a combination of increased computing power, the growing availability of data and the advancement of algorithms, AI has now become an umbrella term for some of the most transformational technological breakthroughs of this age. The importance of AI stems from both the opportunities that it offers and the challenges that it entails. While AI applications hold the promise of economic growth and efficiency gains, they also create significant risks and uncertainty. The potential and perils of AI have thus come to dominate modern discussions of technology and ethics – and although AI was initially allowed to largely develop without guidelines or rules, few would deny that the law is set to play a fundamental role in shaping the future of AI. As the debate over AI is far from over, the need for rigorous analysis has never been greater. This book thus brings together contributors from different fields and backgrounds to explore how the law might provide answers to some of the most pressing questions raised by AI. An outcome of the Católica Research Centre for the Future of Law and its interdisciplinary working group on Law and Artificial Intelligence, it includes contributions by leading scholars in the fields of technology, ethics and the law.info:eu-repo/semantics/publishedVersio
LIPIcs, Volume 251, ITCS 2023, Complete Volume
LIPIcs, Volume 251, ITCS 2023, Complete Volum
Security and Privacy for Modern Wireless Communication Systems
The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks
Human-AI Interaction – Investigating the Impact on Individuals and Organizations
Artificial intelligence (AI) has become increasingly prevalent in consumer and business applications, equally affecting individuals and organizations. The emergence of AI-enabled systems, i.e., systems harnessing AI capabilities that are powered by machine learning (ML), is primarily driven by three technological trends and innovations: increased use of cloud computing allowing large-scale data collection, the development of specialized hardware, and the availability of software tools for developing AI-enabled systems. However, recent research has mainly focused on technological innovations, largely neglecting the interaction between humans and AI-enabled systems. Compared to previous technologies, AI-enabled systems possess some unique characteristics that make the design of human-AI interaction (HAI) particularly challenging. Examples of such challenges include the probabilistic nature of AIenabled systems due to their dependence on statistical patterns identified in data and their ability to take over predictive tasks previously reserved for humans. Thus, it is widely agreed that existing guidelines for human-computer interaction (HCI) need to be extended to maximize the potential of this groundbreaking technology. This thesis attempts to tackle this research gap by examining both individual-level and organizational-level impacts of increasing HAI.
Regarding the impact of HAI on individuals, two widely discussed issues are how the opacity of complex AI-enabled systems affects the user interaction and how the increasing deployment of AI-enabled systems affects performance on specific tasks. Consequently, papers A and B of this cumulative thesis address these issues.
Paper A addresses the lack of user-centric research in the field of explainable AI (XAI), which is concerned with making AI-enabled systems more transparent for end-users. It is investigated how individuals perceive explainability features of AI-enabled systems, i.e., features which aim to enhance transparency. To answer this research question, an online lab experiment with a subsequent survey is conducted in the context of credit scoring. The contributions of this study are two-fold. First, based on the experiment, it can be observed that individuals positively perceive explainability features and have a significant willingness to pay for them. Second, the theoretical model for explaining the purchase decision shows that increased perceived transparency leads to increased user trust and a more positive evaluation of the AI-enabled system.
Paper B aims to identify task and technology characteristics that determine the fit between an individual's tasks and an AI-enabled system, as this is commonly believed to be the main driver for system utilization and individual performance. Based on a qualitative research approach in the form of expert interviews, AI-specific factors for task and technology characteristics, as well as the task-technology fit, are developed. The resulting theoretical model enables empirical research to investigate the relationship between task-technology fit and individual performance and can also be applied by practitioners to evaluate use cases of AI-enabled system deployment.
While the first part of this thesis discusses individual-level impacts of increasing HAI, the second part is concerned with organizational-level impacts. Papers C and D address how the increasing use of AI-enabled systems within organizations affect organizational justice, i.e., the fairness of decision-making processes, and organizational learning, i.e., the accumulation and dissemination of knowledge.
Paper C addresses the issue of organizational justice, as AI-enabled systems are increasingly supporting decision-making tasks that humans previously conducted on their own. In detail, the study examines the effects of deploying an AI-enabled system in the candidate selection phase of the recruiting process. Through an online lab experiment with recruiters from multinational companies, it is shown that the introduction of so-called CV recommender systems, i.e., systems that identify suitable candidates for a given job, positively influences the procedural justice of the recruiting process. More specifically, the objectivity and consistency of the candidate selection process are strengthened, which constitute two essential components of procedural justice.
Paper D examines how the increasing use of AI-enabled systems influences organizational learning processes. The study derives propositions from conducting a series of agent-based simulations. It is found that AI-enabled systems can take over explorative tasks, which enables organizations to counter the longstanding issue of learning myopia, i.e., the human tendency to favor exploitation over exploration. Moreover, it is shown that the ongoing reconfiguration of deployed AI-enabled systems represents an essential activity for organizations aiming to leverage their full potential. Finally, the results suggest that knowledge created by AI-enabled systems can be particularly beneficial for organizations in turbulent environments
Defensa en profundidad en sistemas de control de accesos mediante autenticación continua
La seguridad de los sistemas de información depende, en gran medida, de que el proceso de control de accesos funcione correctamente. Pero, en los modelos clásicos, la identidad del operador sólo se autentica en momentos puntuales. Tras décadas de implantación de dispositivos móviles en la sociedad [2], se encuentran presentes en prácticamente todos los procesos de negocio, pero estos activos sufren de debilidades en la gestión de su seguridad: no se ubican en perímetros de red bien definidos y bastionables, son más susceptibles de ser robados, etc.; y en un modelo clásico de control de accesos, una vez iniciada la sesión, careceríamos de medidas para combatir estas amenazas. Activar el proceso de autenticación periódicamente sería molesto y contraproducente, pero mediante biometría conductual (i.e., caracterizando la identidad de un usuario por cómo se comporta con el sistema), sí podría implementarse un sistema que validase la identidad del operador sin interferir en su sesión de trabajo: un sistema de autenticación continua. En esta tesis se aborda cómo la autenticación continua puede ayudar a mitigar los riesgos comentados, convirtiéndose en una tecnología diferenciadora al implantar medidas de defensa en profundidad en los sistemas de control de accesos. Al no existir un criterio claro para definir la autenticación continua, en primer lugar se ha desarrollado un estudio sistemático de la literatura, que permite caracterizar este área de investigación. En el segundo artículo se plantea un caso de uso, donde se refuerza la seguridad de un sistema distribuido aplicando principios de la autenticación continua; evidenciando al mismo tiempo las carencias de los sistemas dinámicos, y acotando la definición de autenticación continua. Finalmente, se estudia, experimentalmente, el rendimiento de 7 algoritmos supervisados de clasificación en el ámbito de la autenticación continua. Este estudio, junto con los resultados previos, sirve de soporte a la toma de decisiones en la implantación de la autenticación continua. Fija una base homogénea de conocimiento, que permite comparar las particularidades de estos algoritmos en el procesado de datos de biometría conductual, y discute su utilidad en función de los requisitos del sistema de control de accesos. Esta tesis evidencia que el uso de autenticación continua contribuye a la defensa en profundidad de los sistemas de control de accesos, especialmente, aunque exclusivamente, a la de aquellos con un operador cuya sesión de trabajo debe ser autenticada
Jornadas Nacionales de Investigación en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigación en ciberseguridad: Vigo, 21 a 23 de junio de 2023
Jornadas Nacionales de Investigación en Ciberseguridad (8ª. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernización tecnolóxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida
Voluntary sustainability standards to cope with the new European Union Regulation on deforestation-free products: a gap analysis
openThe European Union (EU) recently introduced the EU Deforestation Regulation (EUDR) to tackle global deforestation and forest degradation, with a focus on key commodities such as cattle, cocoa, coffee, oil palm, rubber, soya, and wood. The EUDR mandates that operators exercise due diligence to ensure these commodities are deforestation-free and are produced in accordance with relevant legislation. Voluntary Sustainability Standards (VSS) have been widely adopted by commodity producers and suppliers to promote deforestation-free supply chains. The EUDR recognizes certification and other third-party verified schemes as sources of supplementary information for conducting risk assessments. However, questions persist regarding the extent to which these schemes can aid operators in assessing compliance with the EUDR. Furthermore, the existing literature offers mixed evidence regarding their effectiveness. This study addresses these concerns by developing an assessment framework to evaluate the suitability of schemes in covering the due diligence requirements outlined in the EUDR. The framework adopts a hierarchical structure, organized into 3 principles, 8 criteria, and 24 indicators. These indicators were categorized as fully covered, partially covered, not covered, or not applicable. Five prominent VSS schemes were subjected to this framework: Fairtrade International, Forest Stewardship Council (FSC), Rainforest Alliance, Roundtable on Sustainable Palm Oil (RSPO), and Round Table on Responsible Soy Association (RTRS). The study found that these schemes addressed several indicators outlined in the framework, but gaps in their coverage were evident too. Notably, the schemes lacked comprehensive measures to prevent deforestation and forest degradation. Their requirements primarily concentrated on natural forests, protected areas, high conservation values (HCV), and/or high carbon stock (HCS) forests. Moreover, the schemes permitted exceptions that allowed for deforestation and forest degradation, albeit in limited proportions. The assessment also revealed gaps in the schemes' coverage of the relevant legislation defined by the EUDR. These gaps were more pronounced in standards designed for actors along the supply chain (e.g., traders, processors etc.) compared to those aimed at producers (e.g., farmers and forest managers). Additionally, the schemes allowed for traceability systems where standard-compliant material could be mixed with conventional material. Except for FSC, the targeted VSS schemes did not enforce controls on conventional material entering their supply chains, increasing the risk of non-compliance with the EUDR. Therefore, such systems are not suitable for operators, as they increase the risk that commodities are associated with deforestation and non-compliance with legislation. Another significant observation was the schemes' use of soft mechanisms to address violations of their standards. Operators should ascertain that the verified parties supplying these commodities have not violate any requirements that could potentially lead to non-compliance with the EUDR. This study reinforces that these schemes do not serve as a guaranteed path to compliance with the EUDR. Therefore, operators are obligated to establish a robust due diligence system capable of fulfilling all appliable requirements. Nevertheless, schemes can still offer substantial assistance by providing on-the-ground information supported by an assurance system. For this, operators must devise strategies to address the gaps and challenges identified in this study
LIPIcs, Volume 277, GIScience 2023, Complete Volume
LIPIcs, Volume 277, GIScience 2023, Complete Volum
Measuring and characterizing weak RSA keys across PKI ecosystem
The insecurities of public-key infrastructure on the Internet have been the focus of research for over a decade. The extensive presence of broken, weak, and vulnerable cryptographic keys has been repeatedly emphasized by many studies. Analyzing the security implications of cryptographic keys' vulnerabilities, several studies noted the presence of public key reuse. While the phenomenon of private key sharing was extensively studied, the prevalence of public key sharing on the Internet remains largely unknown. This work performs a large-scale analysis of public key reuse within the PKI ecosystem. This study investigates the presence and distribution of duplicate X.509 certificates and reused RSA public keys across a large collection containing over 315 million certificates and over 13 million SSH keys collected over several years. This work analyzes the cryptographic weaknesses of duplicate certificates and reused keys and investigates the reasons and sources of reuse. The results reveal that certificate and key sharing are common and persistent. The findings show over 10 million certificates and 17 million public keys are reused across time and shared between the collections. Observations show keys with non-compliant cryptographic elements stay available for an extended period of time.
The widespread adoption of Android apps has led to increasing concerns about the reuse of digital certificates. Android app developers frequently depend on digital certificates to sign their applications, and users place their trust in an app when they recognize the owner provided by the same certificate. Although the presence of cryptographic misuse has been acknowledged by several studies, its extent and characteristics are not well understood. This study performs a detailed analysis of code-signing certificate reuse across the Android ecosystem and malware binaries on a collection of over 19 million certificates and over 9 million keys extracted from PE files and Android applications collected over several years. The results reveal that despite the growing nature of the Android ecosystem, the misuse of cryptographic elements is common and persistent. The findings uncover several issues and enable us to provide a series of applicable solutions to the seen security flaws
- …