Building and Delivering the Virtual World: Commercializing Services for Internet Access

This study analyzes the service offerings of Internet Service Providers (ISPs), the commercial suppliers of Internet access in the United States. It presents data on the services of 2089 ISPs in the summer of 1998. By this time, the Internet access industry had undergone its first wave of entry and many ISPs had begun to offer services other than basic access. This paper develops an Internet access industry product code which classifies these services. Significant heterogeneity across ISPs is found in the propensity to offer these services, a pattern with an unconditional urban/rural difference. Most of the explained variance in behavior arises from firm-specific factors, with only weak evidence of location-specific factors for some services. These findings provide a window to the variety of approaches taken to build viable businesses organizations, a vital structural feature of this young market.

Security, Privacy and Economics of Online Advertising

Online advertising is at the core of today’s Web: it is the main business model, generating large annual revenues expressed in tens of billions of dollars that sponsor most of the online content and services. Online advertising consists of delivering marketing messages, embedded into Web content, to a targeted audience. In this model, entities attract Web traffic by offering the content and services for free and charge advertisers for including advertisements in this traffic (i.e., advertisers pay for users’ attention and interests). Online advertising is a very successful form of advertising as it allows for advertisements (ads) to be targeted to individual users’ interests; especially when advertisements are served on users’ mobile devices, as ads can be targeted to users’ locations and the corresponding context. However, online advertising also introduces a number of problems. Given the high ad revenue at stake, fraudsters have economic incentives to exploit the ad system and generate profit from it. Unfortunately, to achieve this goal, they often compromise users’ online security (e.g., via malware, phishing, etc.). For the purpose of maximizing the revenue by matching ads to users’ interests, a number of techniques are deployed, aimed at tracking and profiling users’ digital footprints, i.e., their behavior in the digital world. These techniques introduce new threats to users’ privacy. Consequently, some users adopt ad-avoidance tools that prevent the download of advertisements and partially thwart user profiling. Such user behavior, as well as exploits of ad systems, have economic implications as they undermine the online advertising business model. Meddling with advertising revenue disrupts the current economic model of the Web, the consequences of which are unclear. Given that today’s Web model relies on online advertising revenue in order for users to have access and consume content and services for “free”, coupled with the fact that there are many threats that could jeopardize this model, in this thesis we address the security, privacy and economic issues stemming from this fundamental element of the Web. In the first part of the thesis, we investigate the vulnerabilities of online advertising systems. We identify how an adversary can exploit the ad system to generate profit for itself, notably by performing inflight modification of ad traffic. We provide a proof-of-concept implementation of the identified threat on Wi-Fi routers. We propose a collaborative approach for securing online advertising and Web browsing against such threats. By investigating how a certificate-based authentication is deployed in practice, we assess the potential of relying on certificate-based authentication as a building block of a solution to protect the ad revenue. We propose a multidisciplinary approach for improving the current state of certificate-based authentication on the Web. In the second part of the thesis, we study the economics of ad systems’ exploits and certain potential countermeasures. We evaluate the potential of different solutions aimed at protecting ad revenue being implemented by the stakeholders (e.g., Internet Service Providers or ad networks) and the conditions under which this is likely to happen. We also study the economic ramifications of ad-avoidance technologies on the monetization of online content. We use game-theory to model the strategic behavior of involved entities and their interactions. In the third part of the thesis, we focus on privacy implications of online advertising. We identify a novel threat to users’ location privacy that enables service providers to geolocate users with high accuracy, which is needed to serve location-targeted ads for local businesses. We draw attention to the large scale of the threat and the potential impact on users’ location privacy

Invisible Barriers: Identifying restrictions affecting New Zealanders' access to the Internet

The Internet is an important technology worldwide. People use the Internet for research, communication, shopping, entertainment, etc. In addition to these benefits, the Internet provides access to dangerous or illegal material. Because of this, some content and services may be blocked by governments, Internet Service Providers, organizations, or individuals. This blocking, whether for security or for network efficiency, has significant effects on people’s access to services and information, which may not be considered when implementing restrictions. Although studies have been conducted on Internet blocking in many countries, no one has yet examined what is being blocked in New Zealand. In this thesis, we measured the prevalence of Internet blocking in New Zealand and the reasons leading to a decision to block access to websites or Internet services. Although several different tools existed, they could not be used directly because they either concentrated on a narrow range of services or did not work in an environment where some services they depended upon were blocked. For this reason, we developed our own tool called WCMT based on the issues identified from previous tools. We conducted our study using WCMT in order to identify blocked websites and services in our quantitative analysis, complemented by interviews with key informants in our qualitative analysis

Understanding employee non-malicious intentional and unintentional information security misbehaviors

Digitization has given rise to information system security (ISS) risks since the adoption of new technologies (e.g., IoT and multi-cloud environments) has increased vulnerabilities to ISS threats. The behavioral ISS literature depicts employees within organizations (insiders) as a major information security threat. Previous research extensively investigated insiders' intentional ISS misbehaviors. However, a growing number of security incidents by non-malicious insiders implies that potential factors influencing employees' non-compliance behaviors with information security policies (ISPs) are yet to be addressed. To this end, we conduct four (four essays) to understand why employees violate ISPs. Two studies investigate factors that lead to non-malicious intentional ISP violations. The other two studies explore how and why non-malicious unintentional ISP violations occur. Drawing on the person-technology fit model, essay 1 investigates how employees' interaction with information technology (IT) increases ISS vulnerabilities. This essay sheds light on the impact of one understudied aspect of IT use- technostress, on employees' non-malicious ISP violation intentions. Essay 2 relies on organizational role theory and explains stress resulting from role expectations, including intra-role activities (e.g., job tasks) and extra-role activities (e.g., ISS requirements) could cause ISP non-compliance behaviors. To distinguish non-malicious intentional insiders from unintentional insiders, Essay 3 employs the dual-system theory to describe the mechanism of employees' decision-making process to comply (or not comply) with ISPs and aims to investigate the impact of some personality traits like risk-taking behaviors, impulsivity, and curiosity on employees' ISS misbehaviors. Finally, to explore unknown factors influencing non-compliance behaviors with ISPs (e.g., individual, organizational), essay 4 proposes an in-depth qualitative approach to distinguish non-malicious intentional and unintentional ISS misbehaviors and identify potential causes rooted in each type of misbehavior. Overall, the dissertation highlights the importance of individual differences in perceptions of technostress, role stress, and personality traits. Moreover, it differentiates the nature of ISP violations based on the intents of employees and challenges the existing knowledge and theoretical frameworks regarding insiders' information security behaviors at the workplace. In doing so, proposed theoretical models are assessed empirically by utilizing data (both interviews and online surveys) from a sample of employees from different organizations

Social dimensions of public large-scale wi-fi networks: the cases of a municipal and a community wireless network

Wireless networks play an increasingly important role in today’s mobile and interconnected society. People use mobile devices such as smartphones, tablets or portable game consoles on a regular basis to interact, retrieve and share information, and to orient and entertain themselves. However, in order to be fully performant these devices need to be connected to the Internet. Thanks to very good broadband penetration in Switzerland, this is not so much an issue in private homes and offices where local Wi-Fi networks allow mobile devices to connect to the Internet. Nonetheless, in public spaces, good working wireless networks, even though increasing, are still not very frequent and generally cover only limited areas. Alternative, provider- centered mobile data (3G/4G/LTE) is still expensive especially for visitors because of high roaming rates but also for Swiss people, whose majority still did not have unlimited data contracts in 2016. Public large-scale wireless networks can thus play an important role in providing Internet connectivity to people on the go. This dissertation studies two different approaches to the provision of Wi-Fi broadband connectivity in public spaces: on the one hand, municipalities providing Wi-Fi access in some areas of the city through so-called Municipal Wireless Networks (MWN), and on the other hand, communities with members sharing part of their home broadband connection with other community members, building so-called Community Wireless Networks (CWN). Wireless communities can either be purely self-organized (pure wireless communities) or have a for-profit company managing the community (hybrid communities). While existing studies have analyzed business and ownership models, technical solutions and policy implications of public wireless networks, this research is interested in their social dimensions, focusing on the role of individuals using and contributing to these networks. To do so, two main research goals are addressed: 1) understanding what motivates people to join and actively participate in a hybrid CWN and what hinders them from doing so, and 2) understanding who the users of a MWN are and how they use the network in order to identify various user types and usage practices, which will in turn help municipalities design networks that address the needs of various users. In order to study users’ motivations and concerns for joining and actively participating in a hybrid wireless community, the Fon community (Fon, 2018b) has been analyzed, which at the time of this study was the largest worldwide hybrid CWN. A mixed research approach has been applied. First, an existing model on motivations in pure communities (Bina & Giaglis, 2006a) has been adapted with the help of semi-structured exploratory interviews of 40 Swiss Fon members and then refined through a quantitative online survey addressed to Swiss and foreign Fon members. The resulting model shows which motivations attract members to the community, and which concerns have a dissuasive function. In a second step, 268 valid survey answers have been used for structural equation modeling (SEM) in order to assess which motivations actually result in a higher level of active participation. In order to analyze usage and users of a MWN, the “WiFi Lugano” MWN of the city of Lugano has been chosen. Lugano is located in the Italian-speaking southern part of Switzerland, is a popular tourist destination and the region’s economic capital. In collaboration with the electricity company in charge of implementing the Wi-Fi network (Aziende Industriali Luganesi – AIL), technical network data (log-data) and user-provided information – users were asked to fill-in a short survey after they logged-in to the network – have been collected and analyzed in combination (the two data sets have been merged). In a first step, usage profiles of leisure tourists, business travelers and residents have been created and described applying descriptive statistics to data of three summer months (June – August 2013). In a second step, cluster analysis has been applied to one-year data (June 2013 – May 2014), in order to identify relevant groups of users. Outcomes suggest that in a hybrid CWN, members are motivated to join the community mainly by a mix of utilitarian (e.g. getting free Internet access) and idealistic motivations (reciprocity and altruism), while intrinsic and social motivations are less important. This confirms that motivations are similar to those in pure CWNs but have different weights. In fact, in pure CWNs, intrinsic and social motivations seem to be stronger while in hybrid CWNs, utilitarian motivations prevail. Two types of active participation have been identified in the Fon community, each one driven by a different mix of motivations: “participation by sharing” – putting effort into actively sharing one’s own Internet connectivity – is mainly driven by idealistic motivations related to community values and reciprocity, while “social participation” – being socially involved in the community by interacting with and helping other community members – is driven by social (communicating, learning from each other) and technical reasons (experimenting with technologies). Surprisingly, utilitarian motivations do not have a significant effect on either of the two participation types, even though they are the most relevant ones in attracting new members. With regard to the MWN “WiFi Lugano”, five different usage practices have been identified: two business-oriented ones (“E-mailer” and “Mobile-worker”), two tourism-oriented ones (“Tourism information seeker” and “Always-on traveler”), and one corresponding to the practices of locals (“Local social networker”), each one having different characteristics. The “WiFi Lugano” network thus acts as a business, tourism, and social inclusion enabler, actively favoring various eGovernment relationships: government to business (G2B), government to visitors (G2V), and government to citizens (G2C). Based on these outcomes it has been possible to define a series of suggestions to help cities take advantage of their MWNs and improving them accordingly. Cities could for example provide different landing pages to different publics in order to promote the city in a targeted way, ensure a high quality service of their MWNs, use the Wi-Fi networks to promote tourist attractions and vice-versa (e.g. mark Wi-Fi areas on city maps, build Wi-Fi areas near to tourist attractions, and provide a description of the attraction on the Wi-Fi network’s landing page), share the network with small businesses in the area and extend the reach of the network to relevant areas

Literature review to inform the future digitisation of Jobcentre Plus service delivery

One of the stated priorities for Jobcentre Plus in 2011/12 is to work towards delivering more of its services online and in formats that enable customers to access them by a range of means (Jobcentre Plus, 2010). This review was commissioned to provide Jobcentre Plus with an evidence-based foundation to help it meet this aim. In particular, it aimed to provide help to Jobcentre Plus in its thinking about how it might: • understand and respond to the current and projected levels and means of access to the internet in the UK (see Chapter 2); • improve the ‘customer appetite’ and willingness to use the internet, particularly among its customers who are potentially digitally excluded (see Chapter 3); and • learn lessons from the way in which online services have been provided by ‘leading edge’ organisations and the way in which e-Government has developed internationally and is developing in the UK (see Chapter 4). This summary highlights the key issues emerging from the review and concludes with an indication of some of the possible implications for Jobcentre Plus to consider as it develops its strategy for digitisation over the next few years. The summary is structured thematically in line with the main body of the report

A Comprehensive Survey on the Most Important IPv4aaS IPv6 Transition Technologies, their Implementations and Performance Analysis

As the central public IPv4 address pool has already been exhausted, the deployment of IPv6 has become inevitable. However, the users still require IPv4 Internet access due to some IPv4-only applications. The IPv4aaS (IPv4-as-a-Service) IPv6 transition technologies facilitate that ISPs provide IPv4 service to their customers while using only IPv6 in their access and core networks. This paper discusses the widely used IPv4aaS IPv6 transition technologies in ISP/enterprise networks; we explain their operations, advantages, properties and consider their performances. There are currently many IPv6 transition technologies, nevertheless, in this paper, the five most prominent IPv4aaS IPv6 transition technologies are discussed, namely 464XLAT, Dual-Stack Lite, Lightweight 4over6, MAP-E, and MAP-T. Moreover, the deployment and implementations of these technologies are being analysed and inspected. This paper also overviews the benchmarking methodology for IPv6 transition technologies and surveys several papers that investigated metrics and tools utilized in analysing the performance of different IPv6 transition technologies

Innovation-based competitive differentiation amongst South African fibre to the home (FTTH) operators

A research report submitted to the Wits Business School in the University of the Witwatersrand, in partial fulfilment of the requirements for the degree of Master of Management in the field of Innovation StudiesFibre-to-the-home (FTTH) as an access technology is viewed as vital for economic growth and competitiveness. The deployment of high speed networks and advanced access technologies is essential for continuous development of broadband in South Africa. FTTH is an access technology that has recently been deployed and adopted by different network providers in South Africa. South Africa is one of the developing countries attracting investments in the deployment of infrastructure where industry players are deploying fibre at a high rate with acquisition of smaller players. FTTH operators and service providers are challenged with competitive pressures within the market where competitiveness relies on the capacity to continually develop and implement unique innovative initiatives that will drive competitive advantage over its competitors. Competitive advantage is needed to achieve the organisation’s objectives. These innovative initiatives are required due to intense competition within the market which results in reduction of prices and margins. The purpose of this study is the exploration of innovation-based competitive differentiation from a South African FTTH provider perspective. The study aims to look at potential innovation differentiation amongst South African FTTH providers and how it can be applied in order to obtain a competitive advantage by looking at the factors that influence competitive advantage and barriers for innovation within the market. The study will provide knowledge and insights to develop an understanding of innovation for FTTH providers in a developing country such as South Africa. In this study, realistic data from the different network providers and service providers has been collected utilising a qualitative research method to investigate and conduct an in-depth analysis based on interviews with subject matter experts and managers from FTTH operators and service providers. Some propositions have been suggested as a validation for the proposed framework. The sample for the study has been drawn from the active FTTH network infrastructure operators and service providers based in Gauteng. The research findings indicate that the fibre-to-the-home market is a highly competitive environment with network providers and service providers offering various products and services to customers in order to meet customer needs. However, there are challenges with innovation based competitive differentiation since, currently, 3 competition is primarily based on the price of the broadband product. As a result, prices have been plummeting, leading to some service providers operating and selling their FTTH products with no margins or negative margins. KEYWORDS: Fibre-to-the-Home, FTTH, Innovation, Differentiation, Competition, Network Operators, Competitive Advantage.GR201

Secure message transmission and its applications

In this thesis we focus on various aspects of secure message transmission protocols. Such protocols achieve the secure transmission of a message from a sender to a receiver - where the term “secure” encapsulates the notion of privacy and reliability of message transmission. These two parties are connected using an underlying network in which a static computationally unlimited active adversary able to corrupt up to t network nodes is assumed to be present. Such protocols are important to study as they are used extensively in various cryptographic protocols and are of interest to other research areas such as ad-hoc networks, military networks amongst others. Optimal bounds for the number of phases (communication from sender to receiver or vice versa), connectivity requirements (number of node disjoint network paths connecting sender and receiver - denoted by n), communication complexity (complexity of the number of field elements sent - where F is the finite field used and jFj = q) and transmission complexity (proportion of communication complexity to complexity of secrets transmitted) for secure message transmission protocols have been proven in previous work. In the one-phase model it has been shown that n 3t+1 node disjoint paths are required to achieve perfect communication. In the two phase model only n 2t + 1 node disjoint paths are necessary. This connectivity is also the required bound for almost perfectly secure one-phase protocols - protocols which achieve perfect privacy but with a negligible probability may fail to achieve reliability. In such cases the receiver accepts a different message to that transmitted by the sender or does not accept any message. The main focus of recent research in secure message transmission protocols has been to present new protocols which achieve optimal transmission complexity. This has been achieved through the transmission of multiple messages. If a protocol has a communication complexity of O(n3) field elements, to achieve optimal transmission complexity O(n2) secrets will have to be communicated. This has somewhat ignored the simplification and improvement of protocols which securely transmit a single secret. Such improvements include constructing more efficient protocols with regards to communication complexity, computational complexity and the number of field elements sent throughout the whole protocol. In the thesis we first consider one-phase almost perfectly secure message transmission and present two new protocols which improve on previous work. We present a polynomial time protocol of O(n2) communication complexity which at the time of writing this thesis, is computationally more efficient than any other protocol of similar communication complexity for the almost perfectly secure transmission of a single message. Even though our first almost perfectly secure transmission protocol is of polynomial time, it is important to study other protocols also and improve previous work presented by other researchers. This is the idea behind the second one-phase almost perfectly secure message transmission protocol we present which requires an exponential complexity of field operations but lower (O(n)) communication complexity. This protocol also improves on previous protocols of similar communication complexity, requiring in the order of O(log q) less computation to complete - where q denotes the size of the finite field used. Even though this protocol is of exponential time, for small values of n (e.g. when t = 1, t = 2 or t = 3) it may be beneficial to use this protocol for almost perfectly secure communication as opposed to using the polynomial time protocol. This is because less field elements need to be transmitted over the whole network which connects a sender and a receiver. Furthermore, an optimal almost perfectly secure transmission protocol will be one with O(n) communication complexity and with polynomial computational complexity. We hope that in the future, other researchers will be inspired by our proposed protocol, improve on our work and ideally achieve these optimal results. We also consider multi-phase protocols. By combining various cryptographic schemes, we present a new two-phase perfectly secure single message transmission protocol. At the time of writing this thesis, the protocol is the most efficient protocol when considering communication complexity. Our protocol has a communication complexity of O(n2) compared to O(n3) of previous work thus improving on the communication complexity by an order of O(n) for the perfectly secure message transmission of a single message. This protocol is then extended to a three phase protocol where a multi-recipient broadcast end channel network setting is considered. As opposed to point to point networks where a path from a sender reaches a single receiver, this network model is new in the field of message transmission protocols. In this model each path from a sender reaches multiple receivers, with all receivers receiving the same information from their common network communication channel. We show how the use of this protocol upon such a network can lead to great savings in the transmission and computation carried out by a single sender. We also discuss the importance and relevance of such a multi-recipient setting to practical applications. The first protocols in the field of perfectly secure message transmission with a human receiver are also presented. This is a topic proposed by my supervisor Professor Yvo Desmedt for which I constructed solutions. In such protocols, one of the communicating parties is considered to be a human who does not have access to a computational device. Because of this, solutions for such protocols need to be computationally efficient and computationally simple so that they can be executed by the human party. Experiments with human participants were carried out to assess how easily and accurately human parties used the proposed protocols. The experimental results are presented and these identify how well human participants used the protocols. In addition to the security of messages, we also consider how one can achieve anonymity of message transmission protocols. For such protocols, considering a single-receiver multi-sender scenario, the presence of a t-threshold bounded adversary and the transmission of multiple secrets (as many as the number of sender), once the protocols ends one should not be able to identify the sender of a received message. Considering a passive and active adversary new protocols are presented which achieve the secure and anonymous transmission of messages in the information-theoretic security model. Our proposed solutions can also be applied (with minor alterations) to the dual problem when a single-sender multi-recipient communication setting is considered. The contributions of the thesis are primarily theoretical - thus no implementation of the proposed protocols was carried out. Despite this, we reflect on practical aspects of secure message transmission protocols. We review the feasibility of implementing secure message transmission protocols in general upon various networks - focusing on the Internet which can be considered as the most important communication network at this time. We also describe in theory how concepts of secure message transmission protocols could possibly be used in practical implementations for secure communication on various existing communication networks. Open problems that remain unsolved in the research area of the proposed protocols are also discussed and we hope that these inspire research and future solutions for the design (and implementation) of better and more efficient secure message transmission protocols