2,916 research outputs found
A Decentralised Digital Identity Architecture
Current architectures to validate, certify, and manage identity are based on
centralised, top-down approaches that rely on trusted authorities and
third-party operators. We approach the problem of digital identity starting
from a human rights perspective, with a primary focus on identity systems in
the developed world. We assert that individual persons must be allowed to
manage their personal information in a multitude of different ways in different
contexts and that to do so, each individual must be able to create multiple
unrelated identities. Therefore, we first define a set of fundamental
constraints that digital identity systems must satisfy to preserve and promote
privacy as required for individual autonomy. With these constraints in mind, we
then propose a decentralised, standards-based approach, using a combination of
distributed ledger technology and thoughtful regulation, to facilitate
many-to-many relationships among providers of key services. Our proposal for
digital identity differs from others in its approach to trust in that we do not
seek to bind credentials to each other or to a mutually trusted authority to
achieve strong non-transferability. Because the system does not implicitly
encourage its users to maintain a single aggregated identity that can
potentially be constrained or reconstructed against their interests,
individuals and organisations are free to embrace the system and share in its
benefits.Comment: 30 pages, 10 figures, 3 table
On Identities in Modern Networks
Communicating parties inside computer networks use different kind of identifiers. Some of these identifiers are stable, e.g., logins used to access a specific service, some are only temporary, e.g., dynamically assigned IP addresses. This paper tackles several challenges of lawful interception that emerged in modern networks. The main contribution is the graph model that links identities learnt from various sources distributed in a network. The inferred identities result into an interception of more detailed data in conformance with the issued court order. The approach deals with network address translation, short-lived identifiers and simultaneous usage of different identities. The approach was evaluated to be viable during real network testing based on various means to learn identities of users connected to a network
Segurança e privacidade em terminologia de rede
Security and Privacy are now at the forefront of modern concerns, and drive
a significant part of the debate on digital society. One particular aspect that
holds significant bearing in these two topics is the naming of resources in the
network, because it directly impacts how networks work, but also affects how
security mechanisms are implemented and what are the privacy implications
of metadata disclosure. This issue is further exacerbated by interoperability
mechanisms that imply this information is increasingly available regardless of
the intended scope.
This work focuses on the implications of naming with regards to security and
privacy in namespaces used in network protocols. In particular on the imple-
mentation of solutions that provide additional security through naming policies
or increase privacy. To achieve this, different techniques are used to either
embed security information in existing namespaces or to minimise privacy ex-
posure. The former allows bootstraping secure transport protocols on top of
insecure discovery protocols, while the later introduces privacy policies as part
of name assignment and resolution.
The main vehicle for implementation of these solutions are general purpose
protocols and services, however there is a strong parallel with ongoing re-
search topics that leverage name resolution systems for interoperability such
as the Internet of Things (IoT) and Information Centric Networks (ICN), where
these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus-
são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis-
cussão é a forma como atribuímos nomes a recursos na rede, uma escolha
com consequências práticas no funcionamento dos diferentes protocols de
rede, na forma como se implementam diferentes mecanismos de segurança
e na privacidade das várias partes envolvidas. Este problema torna-se ainda
mais significativo quando se considera que, para promover a interoperabili-
dade entre diferentes redes, mecanismos autónomos tornam esta informação
acessível em contextos que vão para lá do que era pretendido.
Esta tese foca-se nas consequências de diferentes políticas de atribuição de
nomes no contexto de diferentes protocols de rede, para efeitos de segurança
e privacidade. Com base no estudo deste problema, são propostas soluções
que, através de diferentes políticas de atribuição de nomes, permitem introdu-
zir mecanismos de segurança adicionais ou mitigar problemas de privacidade
em diferentes protocolos. Isto resulta na implementação de mecanismos de
segurança sobre protocolos de descoberta inseguros, assim como na intro-
dução de mecanismos de atribuiçao e resolução de nomes que se focam na
protecçao da privacidade.
O principal veículo para a implementação destas soluções é através de ser-
viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas
soluções extende-se também a outros tópicos de investigação que recorrem
a mecanismos de resolução de nomes para implementar soluções de intero-
perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na
informação (ICN).Programa Doutoral em Informátic
Cognitive Machine Individualism in a Symbiotic Cybersecurity Policy Framework for the Preservation of Internet of Things Integrity: A Quantitative Study
This quantitative study examined the complex nature of modern cyber threats to propose the establishment of cyber as an interdisciplinary field of public policy initiated through the creation of a symbiotic cybersecurity policy framework. For the public good (and maintaining ideological balance), there must be recognition that public policies are at a transition point where the digital public square is a tangible reality that is more than a collection of technological widgets. The academic contribution of this research project is the fusion of humanistic principles with Internet of Things (IoT) technologies that alters our perception of the machine from an instrument of human engineering into a thinking peer to elevate cyber from technical esoterism into an interdisciplinary field of public policy. The contribution to the US national cybersecurity policy body of knowledge is a unified policy framework (manifested in the symbiotic cybersecurity policy triad) that could transform cybersecurity policies from network-based to entity-based. A correlation archival data design was used with the frequency of malicious software attacks as the dependent variable and diversity of intrusion techniques as the independent variable for RQ1. For RQ2, the frequency of detection events was the dependent variable and diversity of intrusion techniques was the independent variable. Self-determination Theory is the theoretical framework as the cognitive machine can recognize, self-endorse, and maintain its own identity based on a sense of self-motivation that is progressively shaped by the machine’s ability to learn. The transformation of cyber policies from technical esoterism into an interdisciplinary field of public policy starts with the recognition that the cognitive machine is an independent consumer of, advisor into, and influenced by public policy theories, philosophical constructs, and societal initiatives
Internet of Things Strategic Research Roadmap
Internet of Things (IoT) is an integrated part of Future Internet including existing and evolving Internet and network developments and could be conceptually defined as a dynamic global network infrastructure with self configuring capabilities based on standard and interoperable communication protocols where physical and virtual “things” have identities, physical attributes, and virtual personalities, use intelligent interfaces, and are seamlessly integrated into the information network
Privacy and identity selection
Mestrado em Engenharia de Computadores e TelemáticaEste trabalho aborda algumas das tecnologias emergentes, que visam
providenciar modelos com suporte para identidade, sobre a arquitectura
da internet. Enquanto que tais propostas providenciam de facto
modelos de identidade mais adequados para a Web 2.0, ignoram que
a arquitectura sobre a qual assentam hão pode suportar os requisitos
de privacidade necessários. A fim de demonstrar que é necessário
providenciar garantias de privacidade nas camadas inferiores da arquitectura
existentes, este trabalho apresenta uma implementação de
demonstrac¸ ˜ao que explora vulnerabilidades da arquitectura existente
a ataques de privacidade, assim como uma implementação que dá
garantias de privacidade para múltiplas identidades.
ABSTRACT: This work presents some of the technologies, that aim at introducing
user centric identity models over the existing Internet architecture.
While such technologies do provide suitable identity models for theWeb
2.0, they neglect that the underlying Internet architecture does not support
the necessary privacy requirements for such models. As a demonstration
that the underlying network layers must provide some privacy
guarantees, this work presents an implementation that explores privacy
vulnerabilities and proceeds to propose mechanisms that ensure privacy
between multiple identities
Identidade digital federada globaliD
Mestrado em Engenharia de Computadores e TelemáticaO presente texto propõe uma solução para a gestão de identidade digital
online tendo em conta a versatilidade, o anonimato, a privacidade, a
veracidade, a credibilidade e a responsabilidade do utilizador, recorrendo para
isso ao uso do Cartão de Cidadão Electrónico Nacional Português e a outros
meios de autenticação públicos usados diariamente pelos utilizadores. A
dissertação é composta pela apresentação do conceito de identidade e das
suas particularidades, por uma análise aos vários problemas da gestão da
informação pessoal online, uma análise aos vários modelos, mecanismos e
especificações existentes para gerir a identidade digital online (gestão de
identidade digital). Uma solução de gestão de identidade digital baseada no
modelo de identidade federada e associada ao Cartão do Cidadão Electrónico
Nacional Português é apresentada, descrita, analisada, avaliada e comparada
com outras soluções existentes.
Por fim um protótipo de um provedor de identidades digitais federadas
baseado na solução de gestão de identidade digital proposta é apresentado.The following text provides a solution for the digital identity management on the
Web regarding the users’ versatility, anonymity, privacy, veracity,
trustworthiness and accountability by using the Portuguese National Electronic
Citizen Identity Card and other publicly available authentication mechanisms
users use daily. The dissertation consists of the presentation of the concept of
identity and its particularities, an analysis to the several problems of managing
personal information online, and an analysis to the several existing models,
mechanisms and specifications for the management of the digital identity online
(digital identity management). A solution for digital identity management based
on the federated identity model and associated to the Portuguese National
Electronic Citizen Identity Card is introduced, described, analyzed, evaluated
and compared to other several existing solutions. Last, a prototype of a
federated digital identity provider based on the purposed solution for digital
identity management is presented
Linked Research on the Decentralised Web
This thesis is about research communication in the context of the Web. I analyse literature which reveals how researchers are making use of Web technologies for knowledge dissemination, as well as how individuals are disempowered by the centralisation of certain systems, such as academic publishing platforms and social media. I share my findings on the feasibility of a decentralised and interoperable information space where researchers can control their identifiers whilst fulfilling the core functions of scientific communication: registration, awareness, certification, and archiving.
The contemporary research communication paradigm operates under a diverse set of sociotechnical constraints, which influence how units of research information and personal data are created and exchanged. Economic forces and non-interoperable system designs mean that researcher identifiers and research contributions are largely shaped and controlled by third-party entities; participation requires the use of proprietary systems.
From a technical standpoint, this thesis takes a deep look at semantic structure of research artifacts, and how they can be stored, linked and shared in a way that is controlled by individual researchers, or delegated to trusted parties. Further, I find that the ecosystem was lacking a technical Web standard able to fulfill the awareness function of research communication. Thus, I contribute a new communication protocol, Linked Data Notifications (published as a W3C Recommendation) which enables decentralised notifications on the Web, and provide implementations pertinent to the academic publishing use case. So far we have seen decentralised notifications applied in research dissemination or collaboration scenarios, as well as for archival activities and scientific experiments.
Another core contribution of this work is a Web standards-based implementation of a clientside tool, dokieli, for decentralised article publishing, annotations and social interactions. dokieli can be used to fulfill the scholarly functions of registration, awareness, certification, and archiving, all in a decentralised manner, returning control of research contributions and discourse to individual researchers.
The overarching conclusion of the thesis is that Web technologies can be used to create a fully functioning ecosystem for research communication. Using the framework of Web architecture, and loosely coupling the four functions, an accessible and inclusive ecosystem can be realised whereby users are able to use and switch between interoperable applications without interfering with existing data.
Technical solutions alone do not suffice of course, so this thesis also takes into account the need for a change in the traditional mode of thinking amongst scholars, and presents the Linked Research initiative as an ongoing effort toward researcher autonomy in a social system, and universal access to human- and machine-readable information. Outcomes of this outreach work so far include an increase in the number of individuals self-hosting their research artifacts, workshops publishing accessible proceedings on the Web, in-the-wild experiments with open and public peer-review, and semantic graphs of contributions to conference proceedings and journals (the Linked Open Research Cloud).
Some of the future challenges include: addressing the social implications of decentralised Web publishing, as well as the design of ethically grounded interoperable mechanisms; cultivating privacy aware information spaces; personal or community-controlled on-demand archiving services; and further design of decentralised applications that are aware of the core functions of scientific communication
LabKey Server: An open source platform for scientific data integration, analysis and collaboration
<p>Abstract</p> <p>Background</p> <p>Broad-based collaborations are becoming increasingly common among disease researchers. For example, the Global HIV Enterprise has united cross-disciplinary consortia to speed progress towards HIV vaccines through coordinated research across the boundaries of institutions, continents and specialties. New, end-to-end software tools for data and specimen management are necessary to achieve the ambitious goals of such alliances. These tools must enable researchers to organize and integrate heterogeneous data early in the discovery process, standardize processes, gain new insights into pooled data and collaborate securely.</p> <p>Results</p> <p>To meet these needs, we enhanced the LabKey Server platform, formerly known as CPAS. This freely available, open source software is maintained by professional engineers who use commercially proven practices for software development and maintenance. Recent enhancements support: (i) Submitting specimens requests across collaborating organizations (ii) Graphically defining new experimental data types, metadata and wizards for data collection (iii) Transitioning experimental results from a multiplicity of spreadsheets to custom tables in a shared database (iv) Securely organizing, integrating, analyzing, visualizing and sharing diverse data types, from clinical records to specimens to complex assays (v) Interacting dynamically with external data sources (vi) Tracking study participants and cohorts over time (vii) Developing custom interfaces using client libraries (viii) Authoring custom visualizations in a built-in R scripting environment.</p> <p>Diverse research organizations have adopted and adapted LabKey Server, including consortia within the Global HIV Enterprise. Atlas is an installation of LabKey Server that has been tailored to serve these consortia. It is in production use and demonstrates the core capabilities of LabKey Server. Atlas now has over 2,800 active user accounts originating from approximately 36 countries and 350 organizations. It tracks roughly 27,000 assay runs, 860,000 specimen vials and 1,300,000 vial transfers.</p> <p>Conclusions</p> <p>Sharing data, analysis tools and infrastructure can speed the efforts of large research consortia by enhancing efficiency and enabling new insights. The Atlas installation of LabKey Server demonstrates the utility of the LabKey platform for collaborative research. Stable, supported builds of LabKey Server are freely available for download at <url>http://www.labkey.org</url>. Documentation and source code are available under the Apache License 2.0.</p
- …