Report from the Medical Library Association’s InSight Initiative Summit 1: Engaging Users in a Disruptive Era

At the Medical Library Association’s Insight Initiative Summit 1, held March 6–7, 2018, academic and hospital librarians and publishing industry partners came together to discuss their shared role in engaging users of health sciences information in an era in which “disruptors” such as pirate websites, scientific collaboration networks, and preprint servers pose threats to traditional means of access to scholarly content. Through a mixture of keynote talks, themed panel discussions, and small-group problem-solving exercises, the summit program raised important questions, sparked conversation, and provided insight into the need for both libraries and publishing organizations to improve their user experience, lower their barriers to access, and offer value to users that cannot be provided by competitors, including helping authors and students become informed, responsible advocates for and consumers of scholarly publications. The key takeaways from the summit are expected to impact libraries’ and publishers’ strategies and stimulate the cocreation of enduring materials to enhance user engagement in disseminating and discovering scientific and medical information

Design and implementation of secure protocols for practical authentication and fair anonymity systems

Tesis doctoral inédita leída en la Universidad Autónoma de Madrid, Escuela Politécnica Superior, Departamento de Ingeniería Informática. Fecha de lectura, mayo de 2015With the huge growth of information and communication systems, as well as the computing power, privacy has become a main concern for Internet users. Certainly, nowadays users tend to prefer privacy respectful systems and, consequently, companies providing software solutions also need to worry about it. Nevertheless, the privacy provided by current systems many times reduces to the need of placing too much trust into legal protections. Conversely, the contributions by the research community in this directionmany times fail to produce realistic enough solutions, hardly flexible, scalable or deployable in current systems, and thus, impractical. In this thesis, we attempt to bridge this gap between the practical but barely robust systems in the “real world” and the robust but barely practical ones of the “academic counterpart”. Specifically, we base our proposals in currently deployed protocols and systems, but extend them for making them suitable to implement privacy, mainly through fair anonymity. Moreover, our approach for incorporating privacyby- design grows from addressing less complex tasks towards tackling more complex issues based on the composition of the simple ones. This also allows us to establish a flexible framework from which solutions applicable for contexts other than those explored here may be derived. In turn, this helps to reduce the complexity of deploying new systems from scratch which, as stated, is our initial objective. In more detail, in order to ease the design and deployment of privacy respectful systems, we proceed as follows. We first propose a methodology for designing protocols and systems and verifying that they meet the required security properties. This methodology is used to create and verify the protocols and systems proposed afterwards. On the other hand, since we make important use of group signatures for providing privacy through anonymity, and we aim to ease the costs of deploying new systems, we describe an extensible C library that we have implemented and released in an alpha stage, offering a unified API for group signatures. Subsequently, we make use of these global building blocks for creating technology that would most probably be necessary in every privacy respectful system. Specifically, given that the initial problem in any online platform requiring personalized interaction or some kind of authentication is to actually distribute digital identities, we propose SEBIA, a protocol based on EBIA (the typical email-based registration system) that ensures a reasonable level of security for many contexts. Specifically, it allows the distribution of anonymous identities like the ones that are used as a base to create privacy systems in subsequent chapters, and that are based in group signatures. Once having addressed the distribution problem, we extend the widely deployed X.509 PKI in order for it to be suitable for managing anonymous identities. Specifically, we propose extensions to the OCSP and CRLmechanisms, and create a new X.509-like protocol for communicating evidences of misbehavior (which, regrettably, is a problemsometimes derived fromanonymity). With this contributions, we allow the creation of advanced privacy respectful systems based on anonymity. In fact, with the aim of showing it, we design two systems. First, a comprehensive online shopping system that allows anonymous purchases while being also compatible with typical e-commerce benefits, like customer-specific marketing techniques. Secondly, we define an extension to the Tor network which, also based on the same mechanisms for managing anonymity, would allow to shift from full anonymity to fair anonymity. Moreover, for several of the proposals made in this thesis, we have implemented actual prototypes that have enabled us to perform initial profiling tasks. Despite being preliminary versions lacking optimization, the results indicate that our proposals incur in acceptable costsCon el gran auge de los sistemas de la información y las comunicaciones, junto con la capacidad de cómputo, los usuarios han empezado a preocuparse por su privacidad. Por ello, cada vez prefieren más los sistemas que son respetuosos con su información personal, lo cual está llevando a las compañías desarrolladoras de software a preocuparse también por la privacidad de los usuarios. No obstante, las garantías de privacidad en los sistemas actuales normalmente se reducen a mecanismos de protección legal, en los que los usuarios deben confiar. Por el contrario, las contribuciones hechas desde la comunidad académica normalmente consisten en sistemas poco prácticos o realistas y poco adaptables a las infraestructuras actuales. En esta tesis, intentamos reducir esta brecha entre los sistemas prácticos pero poco robustos del “mundo real” y los sistemas robustos pero poco prácticos del “mundo académico”. Para ello, nos basamos en protocolos y sistemas actualmente utilizados en la industria, pero adaptándolos de forma que sean respetuosos con la privacidad a través de primitivas criptográficas avanzadas, proporcionando anonimato justo. En concreto, empezamos abordando tareas más sencillas para luego crear sistemas más complejos. Esto nos permite crear un marco de trabajo flexible, a partir del cual se pueden derivar soluciones aplicables a contextos distintos de los que aquí se muestran. Al mismo tiempo, esto ayuda a reducir la complejidad de desplegar nuevos sistemas desde cero, cumpliendo con nuestro objetivo. Con algo más de detalle, para facilitar el diseño e implementación de sistemas respetuosos con la privacidad, procedemos de la siguiente manera. Primero, proponemos unametodología para diseñar protocolos y sistemas, verificando que cumplen los requisitos de seguridad establecidos. Esta metodología la utilizamos para crear y verificar los protocolos y sistemas propuestos más adelante. Por otro lado, dado que hacemos un uso importante de firmas grupales para proporcionar privacidad a través de anonimato, y nuestra intención es facilitar la creación de nuevos sistemas, presentamos una librería para firmas grupales, escrita en C. Esta librería, aún en fase alfa, es fácilmente extensible, de forma que se pueden añadir nuevos esquemas en caso de ser necesario, manteniendo una API unificada. A continuación, hacemos uso de estos pilares básicos para crear componentes tecnológicos que cualquier sistema respetuoso con la privacidad probablemente requerirá. En concreto, dado que en toda plataforma online la primera operación necesaria es registrarse en la misma, proponemos SEBIA, un protocolo basado en EBIA (el típico sistema de registro basado en emails), pero que proporciona un nivel de seguridad suficiente para muchos escenarios. Este protocolo, concretamente, permite la distribución de identidades digitales anónimas como las usadas en los siguientes capítulos y basadas en firmas grupales. De hecho, una vez distribuidas las identidades, es necesario disponer de mecanismos eficientes para gestionarlas. Para ello, extendemos la infraestructura de clave pública X.509 con el fin de adaptarla para la gestión de identidades anónimas. En concreto, extendemos los mecanismos OCSP y CRL, además de crear un nuevo protocolo que, siguiendo losmismos principios de diseño de X.509, permite la distribución de evidencias de comportamientos ilegítimos (lo cual, desgraciadamente, es un problema que suele acompañar al anonimato). Con estas contribuciones, facilitamos la creación de sistemas avanzados y respetuosos con la privacidad, basados en el anonimato, y al mismo tiempo compatibles con tecnologías actuales. Paramostrarlo, diseñamos un sistema de compras online que permite la realización de compras anónimas y que es además compatible con las técnicas de marketing actuales. Además, proponemos una extensión para la red Tor que, también basándose en los mecanismos presentados, podría permitir la migración de dicha red a un sistema de anonimato justo. Por último, para varias de las propuestas hechas en esta tesis, se han implementado prototipos que nos han permitido realizar un análisis inicial. A pesar de ser versiones preliminares sin optimizar, los resultados indican que nuestras propuestas introducen sobrecostes aceptable

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets

E-Governance: Strategy for Mitigating Non-Inclusion of Citizens in Policy Making in Nigeria

The Nigerian federation that currently has 36 states structure adopted the Weberian Public Administrative system before now as an ideal way of running government, which was characterized with the traditional way of doing things without recourse to the deployment of Information Communication Technology (ICT). Today e-governance is seen as a paradigm shift from the previous way of governance. Research has shown that, the adoption and implementation of e-governance is more likely to bring about effective service delivery, mitigate corruption and ultimately enhance citizens’ participation in governmental affairs. However, it has been argued that infrastructure such as regular electricity power and access to the Internet, in addition to a society with high rate of literacy level are required to effectively implement and realize the potentials of e-governance for improved delivery of services. Due to the difficulties currently experienced, developing nations need to adequately prepare for the implementation of e-governance on the platform of Information Communication Technology (ICT). Hence, this study seeks to examine whether the adoption and implementation of e-governance in the context of Nigeria would mitigate the hitherto non-inclusion of citizens in the formulation and implementation of government policies aimed at enhanced development. To achieve the objective of the study, data were sourced and analyzed majorly by examining government websites of 20 states in the Nigerian federation to ascertain if there are venues for citizens to interact with government in the area of policy making and feedback on government actions, as a way of promoting participatory governance. The study revealed that the adoption and implementation of e-governance in the country is yet to fully take place. This is due to lack of infrastructure, low level of literacy rate and government inability to provide the necessary infrastructure for e-governance to materialize. The paper therefore, recommends among others the need for the Federal Government to involve a sound and clear policy on how to go about the adoption and implementation of egovernance through deliberate effort at increasing budgetary allocation towards infrastructural development and mass education of citizens

The Impact of e-Democracy in Political Stability of Nigeria

The history of the Nigerian electoral process has been hitherto characterized by violence stemming from disputes in election outcomes. For instance, violence erupted across some states in Northern Nigeria when results indicated that a candidate who was popular in that part of the country was losing the election leading to avoidable loss of lives. Beside, this dispute in election outcome lingers for a long time in litigation at the electoral tribunals which distracts effective governance. However, the increasing penetrating use of ICTs in Nigeria is evident in the electoral processes with consequent shift in the behavior of actors in the democratic processes, thus changing the ways Nigerians react to election outcomes. This paper examines the trend in the use ICT in the Nigerian political system and its impact on the stability of the polity. It assesses the role of ICT in recent electoral processes and compares its impact on the outcome of the process in lieu of previous experiences in the Nigeria. Furthermore, the paper also examines the challenges and risks of implementing e-Democracy in Nigeria and its relationship to the economy in the light of the socio-economic situation of the country. The paper adopted qualitative approach in data gathering and analysis. From the findings, the paper observed that e-democracy is largely dependent on the level of ICT adoption, which is still at its lowest ebb in the country. It recognizes the challenges in the provision of ICT infrastructure and argues that appropriate low-cost infrastructure applicable to the Nigerian condition can be made available to implement e-democracy and thus arouse the interest of the populace in governance, increase the number of voters, and enhance transparency, probity and accountability, and participation in governance as well as help stabilize the nascent democrac

Digital Business Models

This book provides an overview of how digital players create, exchange and capture value thanks to digital technologies. It describes the key characteristics of various digital business models using different business archetypes. Each chapter is illustrated with examples or mini-case studies and also comprises a toolbox describing strategic tools, canvases and frameworks that help managers analyse a situation and formulate proactive solutions

pHealth 2021. Proc. of the 18th Internat. Conf. on Wearable Micro and Nano Technologies for Personalised Health, 8-10 November 2021, Genoa, Italy

Smart mobile systems – microsystems, smart textiles, smart implants, sensor-controlled medical devices – together with related body, local and wide-area networks up to cloud services, have become important enablers for telemedicine and the next generation of healthcare services. The multilateral benefits of pHealth technologies offer enormous potential for all stakeholder communities, not only in terms of improvements in medical quality and industrial competitiveness, but also for the management of healthcare costs and, last but not least, the improvement of patient experience. This book presents the proceedings of pHealth 2021, the 18th in a series of conferences on wearable micro and nano technologies for personalized health with personal health management systems, hosted by the University of Genoa, Italy, and held as an online event from 8 – 10 November 2021. The conference focused on digital health ecosystems in the transformation of healthcare towards personalized, participative, preventive, predictive precision medicine (5P medicine). The book contains 46 peer-reviewed papers (1 keynote, 5 invited papers, 33 full papers, and 7 poster papers). Subjects covered include the deployment of mobile technologies, micro-nano-bio smart systems, bio-data management and analytics, autonomous and intelligent systems, the Health Internet of Things (HIoT), as well as potential risks for security and privacy, and the motivation and empowerment of patients in care processes. Providing an overview of current advances in personalized health and health management, the book will be of interest to all those working in the field of healthcare today