15 research outputs found
ICT Systems Security and Privacy Protection: 29th IFIP TC 11 International Conference, SEC 2014 Marrakech, Morocco, June 2-4, 2014
International audienceBook Front Matter of AICT 42
Open source intelligence, open social intelligence and privacy by design
PonĂšncia presentada a European Conference on Social Intelligence (ECSI-2014)OSINT stands for Open Source Intelligence, (O)SI for (Open) Social Intelligence, PbD for Privacy by Design. The CAPER project has built an OSINT solution oriented to the prevention of organized crime. How to balance freedom and security? This position paper describes a way to embed the legal and ethical issues raised by the General Data Reform Package (GDRP) in Europe into this kind of surveillance platforms. It focuses on the indirect strategy to flesh out Privacy by Design principles (PbD) through Semantic Web Regulatory Models (SWRM). Institutional design, self-regulatory systems, and the possibility to build up a meta-level rule of law are discussed
CCA Secure encryption supporting authorized equality test on ciphertexts in standard model and its applications
Singapore National Research Foundatio
Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey
Internet usage has changed from its first design. Hence, the current Internet
must cope with some limitations, including performance degradation,
availability of IP addresses, and multiple security and privacy issues.
Nevertheless, to unsettle the current Internet's network layer i.e., Internet
Protocol with ICN is a challenging, expensive task. It also requires worldwide
coordination among Internet Service Providers , backbone, and Autonomous
Services. Additionally, history showed that technology changes e.g., from 3G to
4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes
a long coexistence period between the old and new technology. Similarly, we
believe that the process of replacement of the current Internet will surely
transition through the coexistence of IP and ICN. Although the tremendous
amount of security and privacy issues of the current Internet taught us the
importance of securely designing the architectures, only a few of the proposed
architectures place the security-by-design. Therefore, this article aims to
provide the first comprehensive Security and Privacy analysis of the
state-of-the-art coexistence architectures. Additionally, it yields a
horizontal comparison of security and privacy among three deployment approaches
of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical
comparison among ten considered security and privacy features. As a result of
our analysis, emerges that most of the architectures utterly fail to provide
several SP features including data and traffic flow confidentiality,
availability and communication anonymity. We believe this article draws a
picture of the secure combination of current and future protocol stacks during
the coexistence phase that the Internet will definitely walk across
Lower-Cost â-Private Information Retrieval
Private Information Retrieval (PIR), despite being well studied, is computationally costly and arduous to scale. We explore lower-cost relaxations of information-theoretic PIR, based on dummy queries, sparse vectors, and compositions with an anonymity system. We prove the security of each scheme using a flexible differentially private definition for private queries that can capture notions of imperfect privacy. We show that basic schemes are weak, but some of them can be made arbitrarily safe by composing them with large anonymity systems
Assessment of attribute-based credentials for privacy-preserving road traffic services in smart cities
Smart cities involve the provision of advanced services for road traffic users. Vehicular ad hoc networks (VANETs) are a promising communication technology in this regard. Preservation of privacy is crucial in these services to foster their acceptance. Previous approaches have mainly focused on PKI-based or ID-based cryptography. However, these works have not fully addressed the minimum information disclosure principle. Thus, questions such as how to prove that a driver is a neighbour of a given zone, without actually disclosing his identity or real address, remain unaddressed. A set of techniques, referred to as Attribute-Based Credentials (ABCs), have been proposed to address this need in traditional computation scenarios. In this paper, we explore the use of ABCs in the vehicular context. For this purpose, we focus on a set of use cases from European Telecommunications Standards Institute (ETSI) Basic Set of Applications, specially appropriate for the early development of smart cities. We assess which ABC techniques are suitable for this scenario, focusing on three representative ones—Idemix, U-Prove and VANET-updated Persiano systems. Our experimental results show that they are feasible in VANETs considering state-of-the-art technologies, and that Idemix is the most promising technique for most of the considered use cases.This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You); the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks) and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV - Security mechanisms for fog computing: advanced security for devices). Jose Maria de Fuentes and Lorena Gonzalez were also supported by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid
Uncertainty in runtime verification : a survey
Runtime Verification can be defined as a collection of formal methods for studying the dynamic evaluation of execution traces against formal specifications. Aside from creating a monitor from specifications and building algorithms for the evaluation of the trace, the process of gathering events and making them available for the monitor and the communication between the system under analysis and the monitor are critical and important steps in the runtime verification process. In many situations and for a variety of reasons, the event trace could be incomplete or could contain imprecise events. When a missing or ambiguous event is detected, the monitor may be unable to deliver a sound verdict. In this survey, we review the literature dealing with the problem of monitoring with incomplete traces. We list the different causes of uncertainty that have been identified, and analyze their effect on the monitoring process. We identify and compare the different methods that have been proposed to perform monitoring on such traces, highlighting the advantages and drawbacks of each method
Policy-Driven Adaptive Protection Systems.
PhDThe increasing number and complexity of security attacks on IT infrastructure demands for
the development of protection systems capable of dealing with the security challenges of
todayâs highly dynamic environments. Several converging trends including mobilisation,
externalisation and collaboration, virtualisation, and cloud computing are challenging
traditional silo approaches to providing security.
IT security policies should be considered as being inherently dynamic and flexible enough to
trigger decisions efficiently and effectively taking into account not only the current execution
environment of a protection system and its runtime contextual factors, but also dynamically
changing the security requirements introduced by external entities in the operational
environment.
This research is motivated by the increasing need for security systems capable of supporting
security decisions in dynamic operational environments and advocates for a policy-driven
adaptive security approach.
The first main contribution of this thesis is to articulate the property of specialisation in
adaptive software systems and propose a novel methodological framework for the realisation
of policy-driven adaptive systems capable of specialisation via adaptive policy transformation.
Furthermore, this thesis proposes three distinctive novel protection mechanisms, all three
mechanisms exhibit adaptation via specialisation, but each one presenting its own research
novelty in its respective field. They are:
1. A Secure Execution Context Enforcement based on Activity Detection;
2. Privacy and Security Requirements Enforcement Framework in Internet-Centric Services;
3. A Context-Aware Multifactor Authentication Scheme Based On Dynamic Pin.
3
Along with a comprehensive study of the state of the art in policy based adaptive systems and
a comparative analysis of those against the main objectives of the framework this thesis
proposes, these three protection mechanisms serve as a foundation and experimental work
from which core characteristics, methods, components, and other elements are analysed in
detail towards the investigation and the proposition of the methodological framework
presented in this thesis
Analysis of obligatory disclosure regarding individualâs privacy
Disclosure of personal information online has raised concerns about individualsâ privacy. In order to protect personal information users undertake measures, such as configuring privacy settings and referring to the privacy policies of the organisationâs website before engaging in a transaction. This demonstrates usersâ concerns with the availability of their personal information online. Besides the individuals themselves, organisations are also exposing the personal information of their staff to the general public by publishing it on their official website. The practice of publishing employeesâ information on such websites is nominally to offer better services to customers, and it is one of the steps taken to improve governmental transparency. However, there are only limited studies on individualsâ (i.e. employeesâ) privacy issues in the context of organisational disclosure, and their internal responses to the relevant factors. To date, far too little attention has been paid to the disclosure of personal information by organisational websites. This research addresses this phenomenon, where the issue of third-party disclosure by an entity that has a direct relationship with the individuals is investigated in the Malaysian context. For this purpose, this research introduces âobligatory disclosureâ as a conceptual framework for this study and adds to the knowledge of privacy-in-public in the context of public administration. The results of the study indicate that while obligatory disclosure was commonly believed to be a normal phenomenon, it creates a vulnerable environment for individuals. The study also found that employeesâ concerns with privacy were influenced by the specific context. In addition, low levels of privacy concern and lack of privacy awareness regarding this phenomenon were identified. The study recommends that there is a need for a regulatory approach to protect employeesâ information on organisation websites, and privacy should be incorporated as an important element of obligatory disclosure practice