The Value of User-Visible Internet Cryptography

Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users

After Broadband: A Study of Organizational Use of Broadband in Southwest Alaska

The purpose of this research was to gain a preliminary understanding of how organizations including large and small businesses, Native corporations and organizations, and local and regional governments are using broadband that is now available in much of southwest Alaska. To learn about community access to broadband, interviews were also conducted with library and school staff in communities where broadband had been installed under the OWL (Online with Libraries) program. Further, the study identifies research from other sources that could help to predict what socio-economic impacts the availability and adoption of broadband may have in rural Alaska. Financial institutions use online connections for teller services and credit and debit card processing, and stated that more people in rural communities now have debit cards that they can use for online purchases and bill paying. Large retailers use online services for payroll, for pointof-sale (POS) transactions, and online ordering. Seafood processors rely heavily on connectivity with their head offices (generally in the lower 48) for administrative services including payroll, accounting, shipping and receiving, purchasing, and ERP (enterprise resource planning), and access data base software to track fish tickets. Seafood processors also provide Internet access for their employees, most of whom are seasonal and from other states or countries. Tourism businesses use broadband for online reservation systems and for guests, who increasingly demand connectivity even for remote vacations. Village corporations and tribal councils use online services to help their residents obtain hunting and fishing licenses and fishing permits, to learn about funding opportunities, and to file reports on grants. Local Governments connect online for interoffice communications and for payroll and other administrative functions. Other online applications and services include providing remote desktop access from other agency sites, use of online tools for land management and mapping, training including webinars for workforce development, and providing access to social services for clients. An economic development organization sends newsletters to communities electronically and packets of documents to its board members rather than relying on fax or courier. Websites are important for tourism-related businesses to advertise and promote their businesses and for nonprofits and local governments to provide information about their services. 5 Broadband now plays many roles in rural education. Most students are required to use the Internet for class assignments. High school students can connect to classes in advanced subjects in other communities, and may complete online courses for college credit. Libraries remain important locations for community access, with residents going online to connect with friends on Facebook, as well as to download content for e-books, file income tax, and apply for jobs and government benefits. School and library Wi-Fi provides access inside and near the buildings for residents with smartphones. Despite enthusiasm for broadband and the adoption of many broadband-based applications and services, most organizations interviewed identified problems with broadband, particularly with the pricing, stating that the terrestrial broadband network is too costly for them to take full advantage of online services and applications. While the scope of this study was too limited to estimate long-term benefits, it found that broadband is highly valued and increasingly important to businesses and nonprofit organizations and local governments in southwest Alaska. Broadband helps businesses to be more efficient in their operations and to extend their reach to new customers and suppliers. It also helps to improve the effectiveness of public sector services such as those provided by borough and city governments and extends access to education and training. Broadband is also likely to be an important component of strategies to develop ecotourism and other ecosystem services.Support for this research came from Connect Alaska with funding from the National Telecommunications and Information Administration (NTIA) for the work of the State of Alaska Broadband Task Force, with additional support from GCI.Executive Summary / Introduction / Research Methodology / Technologies and Technical Support / Broadband Applications / Education and Community Access / Health Care / Benefits of Broadband in Southwest Alaska / Problems and Limitations / Potential Long-Term Social and Economic Impacts / Conclusions and Recommendations / Referemce

A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table

Proceedings of the Workshop on web applications and secure hardware (WASH 2013).

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself

Enhancing the governance of information security in developing countries: the case of Zanzibar

A thesis submitted to the University of Bedfordshire, in partial fulfilment of the requirements of the degree of Doctor of PhilosophyOrganisations in the developing countries need to protect their information assets (IA) in an optimal way. This thesis is based upon the argument that in order to achieve fully effective information security management (ISM) strategy, it is essential to look at information security in a socio-technical context, i.e. the cultural, ethical, moral, legal dimensions, tools, devices and techniques. The motivation for this study originated from the concern of social chaos, which results from ineffective information security practices in organisations in the developing nations. The present strategies were developed for organisations in countries where culture is different to culture of the developing world. Culture has been pointed out as an important factor of human behaviour. This research is trying to enhance information security culture in the context of Zanzibar by integrating both social and technical issues. The theoretical foundation for this research is based on cultural theories and the theory of semiotics. In particular, the study utilised the GLOBE Project (House et al, 2004), Competing Values Framework (Quinn and Cameron; 1983) and Semiotic Framework (Liu, 2000). These studies guide the cultural study and the semiotics study. The research seeks to better understand how culture impact the governance of information security and develop a framework that enhances the governance of information security in non-profit organisations. ISO/IEC 27002 best practices in information security management provided technical guidance in this work. The major findings include lack of benchmarking in the governance of information security. Cultural issues impact the governance of information security. Drawing the evidence from the case study a framework for information security culture was proposed. In addition, a novel process model for information security analysis based on semiotics was developed. The process model and the framework integrated both social and technical issues and could be implemented in any non-profit organisation operating within a societal context with similar cultural feature as Zanzibar. The framework was evaluated using this process model developed in this research. The evaluated framework provides opportunities for future research in this area

Portugal: Leapfrogging Digital Transformation

This report is structured as follow: Section 1 presents details about Portugal enabling or inhibiting its digital transformation. Section 2 analyzes the main motivations for the digital transformation strategy; Section 3 summarizes its main challenges, while Section 4 presents the main components of the strategy. Section 5 analyzes the governance model, and Section 6, the legal and regulatory framework. Section 7 discusses critical enablers for the digital transformation of government services. Section 8 introduces 16 key initiatives of the strategy. Section 9 summarizes the lessons learnt, followed by an assessment of the strategy’s impact in Section 10. Section 11 synthesizes lessons for Latin American countries. Finally, Appendix A enumerates main legal and regulatory instruments supporting the digital transformation in Portugal, Appendix B presents a set of 18 sections providing details of the initiatives analyzed in the report1, and Appendix C explains how the digital transformation efforts contributed to face the challenges raised by the COVID-19 pandemics.Fil: Estevez, Elsa Clara. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de La Plata; ArgentinaFil: Fillottrani, Pablo. Provincia de Buenos Aires. Gobernación. Comisión de Investigaciones Científicas; Argentina. Universidad Nacional del Sur; ArgentinaFil: Linares, Sebastián. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Bahía Blanca. Instituto de Investigaciones Económicas y Sociales del Sur. Universidad Nacional del Sur. Departamento de Economía. Instituto de Investigaciones Económicas y Sociales del Sur; ArgentinaFil: Cledou, Maria Guillermina. Universidade do Minho; Portuga

Towards the adoption of E-Tendering in the public sector of the Egyptian construction industry

The construction public sector in Egypt, like most countries in the world, is tendering its projects through the traditional paper-based tendering procedure, which has many weaknesses including bureaucracy and lack of transparency. Due to the considerable volume of projects tendered each year, it was therefore essential to study the possibility of implementing another more efficient procedure that would overcome the inefficiencies of the paper-based tendering procedure. The main aim of this research is to improve the uptake of E-Tendering in Egypt through highlighting the best technical/operational practices that should be adopted, identifying the barriers, challenges and concerns of the Egyptian tenderers and providing solutions to address them. An identification and analysis of the current level of adoption/implementation of E-Tendering in Egypt is carried out through thoroughly examining the literature and through conducting two semi-structured face-to-face expert interviews. The findings show that there is evidence that Egypt is moving steadily but on a slower pace towards adopting E-Tendering within the governmental entities, especially that, so far, few steps/measures were taken in this regard towards the Egyptian tenderers. Hence, the barriers and concerns to the implementation of E-Tendering in many foreign countries have been thoroughly examined through the literature review. 19 challenges are highlighted and categorized into 4 categories: security challenges, user acceptance and staff resistance, accessibility issues and legal barriers. These challenges are then examined and ranked with respect to their importance by a panel of 15 academic and industry experts to identify whether or not they will face the Egyptian tenderers. The most important highlighted barriers are the SMEs access difficulties (Relative Importance Index RII%= 88.33%), the expected technical malfunctioning of the portal (RII% = 86.67%), the reluctance/resistance to change (RII% = 80%), the breach of confidentiality of information (RII% = 76.67%), the electronic signature problems (RII % = 76.67%) and the document tampering (RII% = 75%). In addition, literature is carefully examined to point out/come up with solutions/recommendations to the barriers, challenges and concerns of the tenderers in Egypt. The effectiveness of these solutions/recommendations is thoroughly analyzed by the same panel of experts. The findings showed that the identified barriers are completely neutralized and successfully addressed by the presented solutions/recommendations, hence, they should be adopted and implemented since improving the uptake of E-Tendering in Egypt is only achievable when addressing the needs of its stakeholders and especially the tenderers