Hermes. A framework for cryptographically assured access control and data security

This paper presents Hermes – a practical data security scheme with a reference implementation, which enables distributed sharing and collaboration, enforcing access control with the help of cryptographic methods (public key cryptography and traditional symmetric cryptography)

Blockchain: A Business Model Innovation Analysis

The adoption of blockchain-based technologies by organisations can bring benefits in terms of firms' profitability, productivity and efficiency, making companies rethink their existing business models. However, as the technology is still developing and the research on the implications of the different types of blockchain networks (i.e. public, private, consortium) is scarce, their role in business model innovation requires closer attention. To address this gap, the paper provides a conceptual insight into the role of blockchain technology in companies with different value configurations by examining the technological conditions that can impact business models and probing the role of technology benefits in driving company value. The analysis contributes to the literature by discussing the business implications of innovative technologies and uncovering their positive and negative consequences for the value creation, delivery and capture activities. Such analysis sheds light on the functions of blockchains that have a differentiating impact on business processes. Also, the paper puts forward managerial implications by discussing the paths of business model innovation using blockchain technologies

Revealing the Landscape of Privacy-Enhancing Technologies in the Context of Data Markets for the IoT: A Systematic Literature Review

IoT data markets in public and private institutions have become increasingly relevant in recent years because of their potential to improve data availability and unlock new business models. However, exchanging data in markets bears considerable challenges related to disclosing sensitive information. Despite considerable research focused on different aspects of privacy-enhancing data markets for the IoT, none of the solutions proposed so far seems to find a practical adoption. Thus, this study aims to organize the state-of-the-art solutions, analyze and scope the technologies that have been suggested in this context, and structure the remaining challenges to determine areas where future research is required. To accomplish this goal, we conducted a systematic literature review on privacy enhancement in data markets for the IoT, covering 50 publications dated up to July 2020, and provided updates with 24 publications dated up to May 2022. Our results indicate that most research in this area has emerged only recently, and no IoT data market architecture has established itself as canonical. Existing solutions frequently lack the required combination of anonymization and secure computation technologies. Furthermore, there is no consensus on the appropriate use of blockchain technology for IoT data markets and a low degree of leveraging existing libraries or reusing generic data market architectures. We also identified significant challenges remaining, such as the copy problem and the recursive enforcement problem that-while solutions have been suggested to some extent-are often not sufficiently addressed in proposed designs. We conclude that privacy-enhancing technologies need further improvements to positively impact data markets so that, ultimately, the value of data is preserved through data scarcity and users' privacy and businesses-critical information are protected.Comment: 49 pages, 17 figures, 11 table

Does the online card payment system unwittingly facilitate fraud?

PhD ThesisThe research work in this PhD thesis presents an extensive investigation into the security settings of Card Not Present (CNP) financial transactions. These are the transactions which include payments performed with a card over the Internet on the websites, and over the phone. Our detailed analysis on hundreds of websites and on multiple CNP payment protocols justifies that the current security architecture of CNP payment system is not adequate enough to protect itself from fraud. Unintentionally, the payment system itself will allow an adversary to learn and exploit almost all of the security features put in place to protect the CNP payment system from fraud. With insecure modes of accepting payments, the online payment system paves the way for cybercriminals to abuse even the latest designed payment protocols like 3D Secure 2.0. We follow a structured analysis methodology which identifies vulnerabilities in the CNP payment protocols and demonstrates the impact of these vulnerabilities on the overall payment system. The analysis methodology comprises of UML diagrams and reference tables which describe the CNP payment protocol sequences, software tools which implements the protocol and practical demonstrations of the research results. Detailed referencing of the online payment specifications provides a documented link between the exploitable vulnerabilities observed in real implementations and the source of the vulnerability in the payment specifications. We use practical demonstrations to show that these vulnerabilities can be exploited in the real-world with ease. This presents a stronger impact message when presenting our research results to a nontechnical audience. This has helped to raise awareness of security issues relating to payment cards, with our work appearing in the media, radio and T

Revealing the landscape of privacy-enhancing technologies in the context of data markets for the IoT: A systematic literature review

IoT data markets in public and private institutions have become increasingly relevant in recent years because of their potential to improve data availability and unlock new business models. However, exchanging data in markets bears considerable challenges related to disclosing sensitive information. Despite considerable research focused on different aspects of privacy-enhancing data markets for the IoT, none of the solutions proposed so far seems to find a practical adoption. Thus, this study aims to organize the state-of-the-art solutions, analyze and scope the technologies that have been suggested in this context, and structure the remaining challenges to determine areas where future research is required. To accomplish this goal, we conducted a systematic literature review on privacy enhancement in data markets for the IoT, covering 50 publications dated up to July 2020, and provided updates with 24 publications dated up to May 2022. Our results indicate that most research in this area has emerged only recently, and no IoT data market architecture has established itself as canonical. Existing solutions frequently lack the required combination of anonymization and secure computation technologies. Furthermore, there is no consensus on the appropriate use of blockchain technology for IoT data markets and a low degree of leveraging existing libraries or reusing generic data market architectures. We also identified significant challenges remaining, such as the copy problem and the recursive enforcement problem that - while solutions have been suggested to some extent - are often not sufficiently addressed in proposed designs. We conclude that privacy-enhancing technologies need further improvements to positively impact data markets so that, ultimately, the value of data is preserved through data scarcity and users' privacy and businesses-critical information are protected

Blockchain-Based Digitalization of Logistics Processes—Innovation, Applications, Best Practices

Blockchain technology is becoming one of the most powerful future technologies in supporting logistics processes and applications. It has the potential to destroy and reorganize traditional logistics structures. Both researchers and practitioners all over the world continuously report on novel blockchain-based projects, possibilities, and innovative solutions with better logistic service levels and lower costs. The idea of this Special Issue is to provide an overview of the status quo in research and possibilities to effectively implement blockchain-based solutions in business practice. This Special Issue reprint contained well-prepared research reports regarding recent advances in blockchain technology around logistics processes to provide insights into realized maturity

Persistent Protection in Multicast Content Delivery

Computer networks make it easy to distribute digital media at low cost. Digital rights management (DRM) systems are designed to limit the access that paying subscribers (and non-paying intruders) have to these digital media. However, current DRM systems are tied to unicast delivery mechanisms, which do not scale well to very large groups. In addition, the protection provided by DRM systems is in most cases not persistent, i.e., it does not prevent the legitimate subscriber from re-distributing the digital media after reception. We have collected the requirements for digital rights management from various sources, and presented them as a set of eleven requirements, associated with five categories. Several examples of commercial DRM systems are briefly explained and the requirements that they meet are presented in tabular format. None of the example systems meet all the requirements that we have listed. The security threats that are faced by DRM systems are briefly discussed. We have discussed approaches for adapting DRM systems to multicast data transmission. We have explored and evaluated the security protocols of a unicast distribution model, published by Grimen, et al.\, that provides ``persistent protection''. We have found two security attacks and have provided the solution to overcome the discovered attacks. Then we have proposed a more scalable architecture based on the modified model. We call the resulting architecture persistent protection in multicast content delivery. We present and formally validate the protocol for control and data exchange among the interacting parties of our proposal

Journal of Telecommunications and Information Technology, 2003, nr 4

kwartalni