657 research outputs found
The European Union's digital assertiveness
The European institutions and EU member states are pushing hard for closer digital integration. In view of the diverse challenges -from protecting critical infrastructure and safeguarding civil liberties to the creation of common markets- "positive integration", that is targeted EU regulatory action, is the way to tackle market failure within and beyond Europe. Draft regulations at the EU level are to take effect inside and outside the internal market: the Digital Single Market Strategy (DSM), the General Data Protection Regulation (GDPR) and the Directive on Network and Information Security (NIS). Digital integration is a precondition for establishing European standards and norms effectively, especially in international politics. (Autorenreferat
Development of secured algorithm to enhance the privacy and security template of biometric technology
A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of
Doctor of Philosophy in Mathematical and Computer Science and Engineering
of the Nelson Mandela African Institution of Science and TechnologyThe security of information and personal privacy are the growing concerns in todayâs human
life worldwide. The storage of biometric data in the database has raised the prospect of
compromising the database leading to grave risks and misuse of the personâs privacy such as
growth in terrorism and identity fraud. When a personâs biometric data stored is revealed,
their security and privacy are being compromised. This research described a detailed
evaluation on several outbreaks and threats associated with the biometric technology. It
analyzed the userâs fear and intimidations to the biometric technology alongside the
protection steps for securing the biometric data template in the database. It is known that,
when somebodyâs biometric data template is compromised from the database that
consequently might indicate proof of identity robbery of that person. Mixed method to
compute and articulate the results as well as a new tactic of encryption-decryption algorithm
with a design pattern of Model View Template (MVT) are used for securing the biometric
data template in the database. The model managed information logically, the view indicated
the visualization of the data, and the template directed the data migration into pattern object.
Factors influencing fear of biometric technology such as an exposer of personal information,
improper data transfer, and data misuse are found. Strong knowledge of the ideal technology
like the private skills of the biometric technology, data secrecy and perceived helpfulness are
established. The fears and attacks along the technology like a counterfeit of documents and
brute-force attack are known. The designed algorithm based on the cryptographic module of
the Fernet keys instance are utilized. The Fernet keys are combined to generate a multiFernet
key, integrated with biometric data to produce two encrypted files (byte and text file). These
files are incorporated with Twilio message and firmly stored in the database. The storage
database has security measures that guard against an impostorâs attack. The database system
can block the attacker from unauthorized access. Thus, significantly increased individual data
privacy and integrity
Mitigating Electoral Discontents in Nigeria: A Case for SMS Enabled Vote-Casting System
Two decades into the 4th Republic has witnessed 6 elections fraught with varying kinds of anomalies that all 3 electoral reforms within the period have been unable to subdue. Electoral violence has summarily led to countless loss of lives and continued low voter turnout. Borrowing however from the resounding success of e-banking the country can rewardingly procure an e-resuscitation of the electoral sector that is not only guilty of consistent fraud but also liable for continued loss of lives. Nigeria ranked atop as the most improved country in Sub-Saharan Africa in the Mobile Connectivity Index as at 2019 and the seventh most improved globally. This progress was driven by a range of improvements like enabling regulatory framework espoused by the country in this direction and as a result the country now has one of the most affordable handset costs in the world besides a mobile penetration of 187 million active cell phone users of the countryâs 212 million population as of 2021. In addition, up from 31% in 2014 to 52% in 2019, Nigeriaâs Online Service Index score for e-government shows glaringly that the country is robustly ready for an SMS enabled vote casting system and would do well to rapidly implement same. SMS voting is premised on familiar technology and the use of a single ballot box (single computer Server) is not only fraud-proof but also guarantees eradication of violence and frequent loss of lives associated conventional vote-casting system while also improving political participation and voter turnout
Eesti elektrooniline ID-kaart ja selle turvavÀljakutsed
Eesti elektrooniline isikutunnistust (ID-kaart) on ĂŒle 18 aasta pakkunud turvalist elektroonilist identiteeti Eesti kodanikele. Avaliku vĂ”tme krĂŒptograafia ja kaardile talletatud privaatvĂ”ti vĂ”imaldavad ID-kaardi omanikel juurde pÀÀseda e-teenustele, anda juriidilist jĂ”udu omavaid digiallkirju ning elektrooniliselt hÀÀletada.
KĂ€esolevas töös uuritakse pĂ”hjalikult Eesti ID-kaarti ning sellega seotud turvavĂ€ljakutseid. Me kirjeldame Eesti ID-kaarti ja selle ökosĂŒsteemi, seotud osapooli ja protsesse, ID-kaardi elektroonilist baasfunktsionaalsust, seotud tehnilisi ja juriidilisi kontseptsioone ning muid seotud kĂŒsimusi. Me tutvustame kĂ”iki kasutatud kiipkaardiplatforme ja nende abil vĂ€ljastatud isikutunnistuste tĂŒĂŒpe. Iga platformi kohta esitame me detailse analĂŒĂŒsi kasutatava asĂŒmmeetrilise krĂŒptograafia funktsionaalsusest ning kirjeldame ja analĂŒĂŒsime ID-kaardi kauguuendamise lahendusi. Lisaks esitame me sĂŒstemaatilise uurimuse ID-kaardiga seotud turvaintsidentidest ning muudest sarnastest probleemidest lĂ€bi aastate. Me kirjeldame probleemide tehnilist olemust, kasutatud leevendusmeetmeid ning kajastust ajakirjanduses. KĂ€esoleva uurimustöö kĂ€igus avastati mitmeid varem teadmata olevaid turvaprobleeme ning teavitati nendest seotud osapooli.
KĂ€esolev töö pĂ”hineb avalikult kĂ€ttesaadaval dokumentatsioonil, kogutud ID-kaartide sertifikaatide andmebaasil, ajakirjandusel,otsesuhtlusel seotud osapooltega ning töö autori analĂŒĂŒsil ja eksperimentidel.For more than 18 years, the Estonian electronic identity card (ID card) has provided a secure electronic identity for Estonian residents. The public-key cryptography and private keys stored on the card enable Estonian ID card holders to access e-services, give legally binding digital signatures and even cast an i-vote in national elections.
This work provides a comprehensive study on the Estonian ID card and its security challenges. We introduce the Estonian ID card and its ecosystem by describing the involved parties and processes, the core electronic functionality of the ID card, related technical and legal concepts, and the related issues. We describe the ID card smart card chip platforms used over the years and the identity document types that have been issued using these platforms. We present a detailed analysis of the asymmetric cryptography functionality provided by each ID card platform and present a description and security analysis of the ID card remote update solutions that have been provided for each ID card platform. As yet another contribution of this work, we present a systematic study of security incidents and similar issues the Estonian ID card has experienced over the years. We describe the technical nature of the issue, mitigation measures applied and the reflections on the media. In the course of this research, several previously unknown security issues were discovered and reported to the involved parties.
The research has been based on publicly available documentation, collection of ID card certificates in circulation, information reflected in media, information from the involved parties, and our own analysis and experiments performed in the field.https://www.ester.ee/record=b541416
Recommended from our members
Bits of Life: Leveraging Emerging Technologies to Improve the Livelihoods of Refugees
This thesis examines the role of Information and Communication Technologies (ICTs) in improving the livelihoods and employment opportunities of refugees. The ongoing Syrian refugee crisis is considered not only as a humanitarian crisis, but through the lens of human rights. âBits of Lifeâ argues that improving the livelihoods of refugees is in accordance with refugeesâ rights to work, based on the International Covenant on Economic, Social, and Cultural Rights and the 1951 Refugee Convention. Furthermore, this thesis explores how access to reliable and affordable Internet serves as a crucial tool to help fulfill refugeesâ efforts to obtain independent employment and economic security. Although access to the Internet has not yet been recognized as a basic human right, it plays a significant role in fulfilling refugeesâ rights to freedom of expression and their rights to development. Issues surrounding the availability and utility of Internet access among refugees also raise important concerns regarding the right to privacy. By surveying existing technology-based humanitarian livelihood programs, notably Iraq Re:Coded, âBits of Lifeâ analyzes the successes and failures of existing initiatives and offers recommendations to improve the adaptability and effectiveness of future applications of ICTs in the field of refugeesâ rights and livelihoods
Active security vulnerability notification and resolution
The early version of the Internet was designed for connectivity only, without the
consideration of security, and the Internet is consequently an open structure. Networked
systems are vulnerable for a number of reasons; design error, implementation, and
management. A vulnerability is a hole or weak point that can be exploited to compromise
the security of the system. Operating systems and applications are often vulnerable because
of design errors. Software vendors release patches for discovered vulnerabilities, and rely
upon system administrators to accept and install patches on their systems. Many system
administrators fail to install patches on time, and consequently leave their systems
vulnerable to exploitation by hackers. This exploitation can result in various security
breaches, including website defacement, denial of service, or malware attacks. The overall
problem is significant with an average of 115 vulnerabilities per week being documented
during 2005.
This thesis considers the problem of vulnerabilities in IT networked systems, and maps the
vulnerability types into a technical taxonomy. The thesis presents a thorough analysis of
the existing methods of vulnerability management which determine that these methods
have failed to mange the problem in a comprehensive way, and show the need for a
comprehensive management system, capable of addressing the awareness and patch
deploymentp roblems. A critical examination of vulnerability databasess tatistics over the
past few years is provided, together with a benchmarking of the problem in a reference
environment with a discussion of why a new approach is needed. The research examined
and compared different vulnerability advisories, and proposed a generic vulnerability
format towards automating the notification process.
The thesis identifies the standard process of addressing vulnerabilities and the over reliance
upon the manual method. An automated management system must take into account new
vulnerabilities and patch deploymentt o provide a comprehensives olution. The overall aim
of the research has therefore been to design a new framework to address these flaws in the
networked systems harmonised with the standard system administrator process. The
approach, known as AVMS (Automated Vulnerability Management System), is capable of
filtering and prioritising the relevant messages, and then downloading the associated
patches and deploying them to the required machines.
The framework is validated through a proof-of-concept prototype system. A series of tests
involving different advisories are used to illustrate how AVMS would behave. This helped
to prove that the automated vulnerability management system prototype is indeed viable,
and that the research has provided a suitable contribution to knowledge in this important
domain.The Saudi Government and the Network Research Group at the University of Plymouth
Smart Grid Metering Networks: A Survey on Security, Privacy and Open Research Issues
Smart grid (SG) networks are newly upgraded networks of connected objects that greatly improve reliability, efficiency and sustainability of the traditional energy infrastructure. In this respect, the smart metering infrastructure (SMI) plays an important role in controlling, monitoring and managing multiple domains in the SG. Despite the salient features of SMI, security and privacy issues have been under debate because of the large number of heterogeneous devices that are anticipated to be coordinated through public communication networks. This survey paper shows a brief overview of real cyber attack incidents in traditional energy networks and those targeting the smart metering network. Specifically, we present a threat taxonomy considering: (i) threats in system-level security, (ii) threats and/or theft of services, and (iii) threats to privacy. Based on the presented threats, we derive a set of security and privacy requirements for SG metering networks. Furthermore, we discuss various schemes that have been proposed to address these threats, considering the pros and cons of each. Finally, we investigate the open research issues to shed new light on future research directions in smart grid metering networks
Design of a cross-platform mobile application for sharing self-collected health data securely with health services
There is a need for sharing and integrating patientsâ self-collected health data with electronic health records used by clinicians. A cross-platform mobile application has been developed in order to meet this need. It shares health data securely and is compatible with the Norwegian Centre for E-health Researchâs FullFlow architecture. The applicationâs design and its components are studied in order to find out which technologies are suited for this type of application to ensure usability, integration with the Norwegian healthcare infrastructure, and confidentiality and integrity of health data.Masteroppgave i informatikkINF399MAMN-INFMAMN-PRO
- âŠ