The Value of User-Visible Internet Cryptography

Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users

Enhancing and integration of security testing in the development of a microservices environment

In the last decade, web application development is moving toward the adoption of Service-Oriented Architecture (SOA). Accordingly to this trend, Software as a Service (SaaS) and Serverless providers are embracing DevOps with the latest tools to facilitate the creation, maintenance and scalability of microservices system configuration. Even if within this trend, security is still an open point that is too often underestimated. Many companies are still thinking about security as a set of controls that have to be checked before the software is used in production. In reality, security needs to be taken into account all along the entire Software Development Lifecycle (SDL). In this thesis, state of the art security recommendations for microservice architecture are reviewed, and useful improvements are given. The main target is for secure to become integrated better into a company workflow, increasing security awareness and simplifying the integration of security measures throughout the SDL. With this background, best practices and recommendations are compared with what companies are currently doing in securing their service-oriented infrastructures. The assumption that there still is much ground to cover security-wise still standing. Lastly, a small case study is presented and used as proof of how small and dynamic startups can be the front runners of high cybersecurity standards. The results of the analysis show that it is easier to integrate up-to-date security measures in a small company

e-Social Science and Evidence-Based Policy Assessment : Challenges and Solutions

Peer reviewedPreprin

A Review of the Current Level of Support to Aid Decisions for Migrating to Cloud Computing

© 2016 Copyright held by the owner/author(s). Cloud computing provides an innovative delivery model that enables enterprises to reduce operational costs and improve flexibility and scalability. Organisations wishing to migrate their legacy systems to the cloud often need to go through a difficult and complicated decision-making process. This can be due to multiple factors including restructuring IT resources, the still evolving nature of the cloud environment, and the continuous expansion of the services offered. These have increased the requirement for tools and techniques to help the decision-making process for migration. Although significant contributions have been made in this area, there are still many aspects which require further support. This paper evaluates the existing level of support to aid the decision-making process. It examines the complexity of decisions, evaluates the current state of Decision Support Systems in respect of migrating to the cloud, and analyses three models that proposed support for the migration processes. This paper identifies the need for a coherent approach for supporting the whole decision-making process. Further, it explores possible new approaches for addressing the complex issues involved in decision-making for migrating to the cloud

A Survey Study of the Current Challenges and Opportunities of Deploying the ECG Biometric Authentication Method in IoT and 5G Environments

The environment prototype of the Internet of Things (IoT) has opened the horizon for researchers to utilize such environments in deploying useful new techniques and methods in different fields and areas. The deployment process takes place when numerous IoT devices are utilized in the implementation phase for new techniques and methods. With the wide use of IoT devices in our daily lives in many fields, personal identification is becoming increasingly important for our society. This survey aims to demonstrate various aspects related to the implementation of biometric authentication in healthcare monitoring systems based on acquiring vital ECG signals via designated wearable devices that are compatible with 5G technology. The nature of ECG signals and current ongoing research related to ECG authentication are investigated in this survey along with the factors that may affect the signal acquisition process. In addition, the survey addresses the psycho-physiological factors that pose a challenge to the usage of ECG signals as a biometric trait in biometric authentication systems along with other challenges that must be addressed and resolved in any future related research.

Converged Reality: A Data Management Research Agenda for a Service-, Cloud-, and Data-Driven Era

We are accustomed to distinguishing activities that occur on or through the Internet as distinct from activities that occur in the physical world: online versus offline, virtual reality versus reality, and so on. As Internet-based services have evolved, this distinction has continued to blur. We now have a converged reality: the online does not merely augment the offline; rather, the two are increasingly indistinguishable. Mobility, cloud computing, servicedriven technology, cognitive computing, and Big Data analytics are some of the distinct but related innovations driving this shift. Because the shift is happening in pieces across multiple areas and sectors, our converged reality is emergent and grassroots, not a carefully planned joint effort. There are therefore areas that have been and will be slow to acknowledge and adapt to this shift; data management is one of these areas. This paper describes how this converged reality grew from previous research into bridging online and offline worlds, and how it will lead to a cognitive reality. It identifies enablers and dampeners, and describes a data management research agenda specifically for converged reality. The proposed research agenda is intended to spark discussion and engage further work in this area

The Right to Data Portability in practice : Exploring the implications of the technologically neutral GDPR

Key Points The European General Data Protection Regulation (GDPR) introduces one new data subject right, Article 20’s right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services. We investigate the RtDP by making 230 real-world data portability requests across a wide range of data controllers. The RtDP is interesting to study as it operates under a framework that aims to be technologically neutral while requiring specific technologies for implementation. Our objective is to assess the ease of the RtDP process from the perspective of the data subject and to examine the file formats returned by data controllers. From our results, including responses indicating that no personal data were stored, only 172 (74.8 per cent) of RtDP requests were successfully completed. However, compliance with the GDPR varied where not all file formats meet the GDPR requirements. There was also confusion amongst data controllers about data subject rights more generally. Based on our observations, we revisit the current guidance for data portability. We suggest new technical definitions to clarify how data should be made portable and determine the appropriateness of certain file formats for different data types. We suggest recommendations and future work for various stakeholders to address the legal implications derived from our study. This includes discussing possibilities for new data portability standards and codes, conducting further empirical research, and building technological solutions to ensure that the RtDP can be better understood in theory and exercised in practice.PostprintPeer reviewe

DistB-Condo: Distributed Blockchain-based IoT-SDN Model for Smart Condominium

Condominium network refers to intra-organization networks, where smart buildings or apartments are connected and share resources over the network. Secured communication platform or channel has been highlighted as a key requirement for a reliable condominium which can be ensured by the utilization of the advanced techniques and platforms like Software-Defined Network (SDN), Network Function Virtualization (NFV) and Blockchain (BC). These technologies provide a robust, and secured platform to meet all kinds of challenges, such as safety, confidentiality, flexibility, efficiency, and availability. This work suggests a distributed, scalable IoT-SDN with Blockchain-based NFV framework for a smart condominium (DistB-Condo) that can act as an efficient secured platform for a small community. Moreover, the Blockchain-based IoT-SDN with NFV framework provides the combined benefits of leading technologies. It also presents an optimized Cluster Head Selection (CHS) algorithm for selecting a Cluster Head (CH) among the clusters that efficiently saves energy. Besides, a decentralized and secured Blockchain approach has been introduced that allows more prominent security and privacy to the desired condominium network. Our proposed approach has also the ability to detect attacks in an IoT environment. Eventually, this article evaluates the performance of the proposed architecture using different parameters (e.g., throughput, packet arrival rate, and response time). The proposed approach outperforms the existing OF-Based SDN. DistB-Condo has better throughput on average, and the bandwidth (Mbps) much higher than the OF-Based SDN approach in the presence of attacks. Also, the proposed model has an average response time of 5% less than the core model