The European Union's digital assertiveness

The European institutions and EU member states are pushing hard for closer digital integration. In view of the diverse challenges -from protecting critical infrastructure and safeguarding civil liberties to the creation of common markets- "positive integration", that is targeted EU regulatory action, is the way to tackle market failure within and beyond Europe. Draft regulations at the EU level are to take effect inside and outside the internal market: the Digital Single Market Strategy (DSM), the General Data Protection Regulation (GDPR) and the Directive on Network and Information Security (NIS). Digital integration is a precondition for establishing European standards and norms effectively, especially in international politics. (Autorenreferat

Development of secured algorithm to enhance the privacy and security template of biometric technology

A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Mathematical and Computer Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyThe security of information and personal privacy are the growing concerns in today’s human life worldwide. The storage of biometric data in the database has raised the prospect of compromising the database leading to grave risks and misuse of the person’s privacy such as growth in terrorism and identity fraud. When a person’s biometric data stored is revealed, their security and privacy are being compromised. This research described a detailed evaluation on several outbreaks and threats associated with the biometric technology. It analyzed the user’s fear and intimidations to the biometric technology alongside the protection steps for securing the biometric data template in the database. It is known that, when somebody’s biometric data template is compromised from the database that consequently might indicate proof of identity robbery of that person. Mixed method to compute and articulate the results as well as a new tactic of encryption-decryption algorithm with a design pattern of Model View Template (MVT) are used for securing the biometric data template in the database. The model managed information logically, the view indicated the visualization of the data, and the template directed the data migration into pattern object. Factors influencing fear of biometric technology such as an exposer of personal information, improper data transfer, and data misuse are found. Strong knowledge of the ideal technology like the private skills of the biometric technology, data secrecy and perceived helpfulness are established. The fears and attacks along the technology like a counterfeit of documents and brute-force attack are known. The designed algorithm based on the cryptographic module of the Fernet keys instance are utilized. The Fernet keys are combined to generate a multiFernet key, integrated with biometric data to produce two encrypted files (byte and text file). These files are incorporated with Twilio message and firmly stored in the database. The storage database has security measures that guard against an impostor’s attack. The database system can block the attacker from unauthorized access. Thus, significantly increased individual data privacy and integrity

Mitigating Electoral Discontents in Nigeria: A Case for SMS Enabled Vote-Casting System

Two decades into the 4th Republic has witnessed 6 elections fraught with varying kinds of anomalies that all 3 electoral reforms within the period have been unable to subdue. Electoral violence has summarily led to countless loss of lives and continued low voter turnout. Borrowing however from the resounding success of e-banking the country can rewardingly procure an e-resuscitation of the electoral sector that is not only guilty of consistent fraud but also liable for continued loss of lives. Nigeria ranked atop as the most improved country in Sub-Saharan Africa in the Mobile Connectivity Index as at 2019 and the seventh most improved globally. This progress was driven by a range of improvements like enabling regulatory framework espoused by the country in this direction and as a result the country now has one of the most affordable handset costs in the world besides a mobile penetration of 187 million active cell phone users of the country’s 212 million population as of 2021. In addition, up from 31% in 2014 to 52% in 2019, Nigeria’s Online Service Index score for e-government shows glaringly that the country is robustly ready for an SMS enabled vote casting system and would do well to rapidly implement same. SMS voting is premised on familiar technology and the use of a single ballot box (single computer Server) is not only fraud-proof but also guarantees eradication of violence and frequent loss of lives associated conventional vote-casting system while also improving political participation and voter turnout

Eesti elektrooniline ID-kaart ja selle turvaväljakutsed

Eesti elektrooniline isikutunnistust (ID-kaart) on üle 18 aasta pakkunud turvalist elektroonilist identiteeti Eesti kodanikele. Avaliku võtme krüptograafia ja kaardile talletatud privaatvõti võimaldavad ID-kaardi omanikel juurde pääseda e-teenustele, anda juriidilist jõudu omavaid digiallkirju ning elektrooniliselt hääletada. Käesolevas töös uuritakse põhjalikult Eesti ID-kaarti ning sellega seotud turvaväljakutseid. Me kirjeldame Eesti ID-kaarti ja selle ökosüsteemi, seotud osapooli ja protsesse, ID-kaardi elektroonilist baasfunktsionaalsust, seotud tehnilisi ja juriidilisi kontseptsioone ning muid seotud küsimusi. Me tutvustame kõiki kasutatud kiipkaardiplatforme ja nende abil väljastatud isikutunnistuste tüüpe. Iga platformi kohta esitame me detailse analüüsi kasutatava asümmeetrilise krüptograafia funktsionaalsusest ning kirjeldame ja analüüsime ID-kaardi kauguuendamise lahendusi. Lisaks esitame me süstemaatilise uurimuse ID-kaardiga seotud turvaintsidentidest ning muudest sarnastest probleemidest läbi aastate. Me kirjeldame probleemide tehnilist olemust, kasutatud leevendusmeetmeid ning kajastust ajakirjanduses. Käesoleva uurimustöö käigus avastati mitmeid varem teadmata olevaid turvaprobleeme ning teavitati nendest seotud osapooli. Käesolev töö põhineb avalikult kättesaadaval dokumentatsioonil, kogutud ID-kaartide sertifikaatide andmebaasil, ajakirjandusel,otsesuhtlusel seotud osapooltega ning töö autori analüüsil ja eksperimentidel.For more than 18 years, the Estonian electronic identity card (ID card) has provided a secure electronic identity for Estonian residents. The public-key cryptography and private keys stored on the card enable Estonian ID card holders to access e-services, give legally binding digital signatures and even cast an i-vote in national elections. This work provides a comprehensive study on the Estonian ID card and its security challenges. We introduce the Estonian ID card and its ecosystem by describing the involved parties and processes, the core electronic functionality of the ID card, related technical and legal concepts, and the related issues. We describe the ID card smart card chip platforms used over the years and the identity document types that have been issued using these platforms. We present a detailed analysis of the asymmetric cryptography functionality provided by each ID card platform and present a description and security analysis of the ID card remote update solutions that have been provided for each ID card platform. As yet another contribution of this work, we present a systematic study of security incidents and similar issues the Estonian ID card has experienced over the years. We describe the technical nature of the issue, mitigation measures applied and the reflections on the media. In the course of this research, several previously unknown security issues were discovered and reported to the involved parties. The research has been based on publicly available documentation, collection of ID card certificates in circulation, information reflected in media, information from the involved parties, and our own analysis and experiments performed in the field.https://www.ester.ee/record=b541416

Bits of Life: Leveraging Emerging Technologies to Improve the Livelihoods of Refugees

This thesis examines the role of Information and Communication Technologies (ICTs) in improving the livelihoods and employment opportunities of refugees. The ongoing Syrian refugee crisis is considered not only as a humanitarian crisis, but through the lens of human rights. “Bits of Life” argues that improving the livelihoods of refugees is in accordance with refugees’ rights to work, based on the International Covenant on Economic, Social, and Cultural Rights and the 1951 Refugee Convention. Furthermore, this thesis explores how access to reliable and affordable Internet serves as a crucial tool to help fulfill refugees’ efforts to obtain independent employment and economic security. Although access to the Internet has not yet been recognized as a basic human right, it plays a significant role in fulfilling refugees’ rights to freedom of expression and their rights to development. Issues surrounding the availability and utility of Internet access among refugees also raise important concerns regarding the right to privacy. By surveying existing technology-based humanitarian livelihood programs, notably Iraq Re:Coded, “Bits of Life” analyzes the successes and failures of existing initiatives and offers recommendations to improve the adaptability and effectiveness of future applications of ICTs in the field of refugees’ rights and livelihoods

Active security vulnerability notification and resolution

The early version of the Internet was designed for connectivity only, without the consideration of security, and the Internet is consequently an open structure. Networked systems are vulnerable for a number of reasons; design error, implementation, and management. A vulnerability is a hole or weak point that can be exploited to compromise the security of the system. Operating systems and applications are often vulnerable because of design errors. Software vendors release patches for discovered vulnerabilities, and rely upon system administrators to accept and install patches on their systems. Many system administrators fail to install patches on time, and consequently leave their systems vulnerable to exploitation by hackers. This exploitation can result in various security breaches, including website defacement, denial of service, or malware attacks. The overall problem is significant with an average of 115 vulnerabilities per week being documented during 2005. This thesis considers the problem of vulnerabilities in IT networked systems, and maps the vulnerability types into a technical taxonomy. The thesis presents a thorough analysis of the existing methods of vulnerability management which determine that these methods have failed to mange the problem in a comprehensive way, and show the need for a comprehensive management system, capable of addressing the awareness and patch deploymentp roblems. A critical examination of vulnerability databasess tatistics over the past few years is provided, together with a benchmarking of the problem in a reference environment with a discussion of why a new approach is needed. The research examined and compared different vulnerability advisories, and proposed a generic vulnerability format towards automating the notification process. The thesis identifies the standard process of addressing vulnerabilities and the over reliance upon the manual method. An automated management system must take into account new vulnerabilities and patch deploymentt o provide a comprehensives olution. The overall aim of the research has therefore been to design a new framework to address these flaws in the networked systems harmonised with the standard system administrator process. The approach, known as AVMS (Automated Vulnerability Management System), is capable of filtering and prioritising the relevant messages, and then downloading the associated patches and deploying them to the required machines. The framework is validated through a proof-of-concept prototype system. A series of tests involving different advisories are used to illustrate how AVMS would behave. This helped to prove that the automated vulnerability management system prototype is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain.The Saudi Government and the Network Research Group at the University of Plymouth

Smart Grid Metering Networks: A Survey on Security, Privacy and Open Research Issues

Smart grid (SG) networks are newly upgraded networks of connected objects that greatly improve reliability, efficiency and sustainability of the traditional energy infrastructure. In this respect, the smart metering infrastructure (SMI) plays an important role in controlling, monitoring and managing multiple domains in the SG. Despite the salient features of SMI, security and privacy issues have been under debate because of the large number of heterogeneous devices that are anticipated to be coordinated through public communication networks. This survey paper shows a brief overview of real cyber attack incidents in traditional energy networks and those targeting the smart metering network. Specifically, we present a threat taxonomy considering: (i) threats in system-level security, (ii) threats and/or theft of services, and (iii) threats to privacy. Based on the presented threats, we derive a set of security and privacy requirements for SG metering networks. Furthermore, we discuss various schemes that have been proposed to address these threats, considering the pros and cons of each. Finally, we investigate the open research issues to shed new light on future research directions in smart grid metering networks

Design of a cross-platform mobile application for sharing self-collected health data securely with health services

There is a need for sharing and integrating patients’ self-collected health data with electronic health records used by clinicians. A cross-platform mobile application has been developed in order to meet this need. It shares health data securely and is compatible with the Norwegian Centre for E-health Research’s FullFlow architecture. The application’s design and its components are studied in order to find out which technologies are suited for this type of application to ensure usability, integration with the Norwegian healthcare infrastructure, and confidentiality and integrity of health data.Masteroppgave i informatikkINF399MAMN-INFMAMN-PRO