Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins

Risk-based authentication (RBA) aims to protect end-users against attacks involving stolen or otherwise guessed passwords without requiring a second authentication method all the time. Online services typically set limits on what is still seen as normal and what is not, as well as the actions taken afterward. Consequently, RBA monitors different features, such as geolocation and device during login. If the features' values differ from the expected values, then a second authentication method might be requested. However, only a few online services publish information about how their systems work. This hinders not only RBA research but also its development and adoption in organizations. In order to understand how the RBA systems online services operate, black box testing is applied. To verify the results, we re-evaluate the three large providers: Google, Amazon, and Facebook. Based on our test setup and the test cases, we notice differences in RBA based on account creation at Google. Additionally, several test cases rarely trigger the RBA system. Our results provide new insights into RBA systems and raise several questions for future work

Cloud Computing: A Perspective Study

The Cloud computing emerges as a new computing paradigm which aims to provide reliable, customized and QoS guaranteed dynamic computing environments for end-users. In this paper, we study the Cloud computing paradigm from various aspects, such as definitions, distinct features, and enabling technologies. This paper brings an introductional review on the Cloud computing and provide the state-of-the-art of Cloud computing technologies

Privacy in the internet of Things. Fostering user empowerment fhrough digital literacy

Os dispositivos da Internet das Coisas estão por todo o lado, desde o nascimento da computação ubíqua que se prevê que a vida quotidiana do ser humano contenha milhões de dispositivos que con trolam todos os aspectos da nossa vida. Hoje em dia, temos veículos inteligentes, casas inteligentes, cidades inteligentes, dispositivos vestíveis, entre outros, que utilizam vários tipos de dispositivos e vários tipos de redes para comunicar. Estes dispositivos criam novas formas de recolha e tratamento de dados pessoais de utilizadores e não utilizadores. A maioria dos utilizadores nais nem sequer tem conhecimento ou tem pouco controlo sobre a informação que está a ser recolhida por estes sistemas. Este trabalho adopta uma abordagem holística a este problema, começando por realizar uma revisão da literatura para compilar as soluções actuais, os desa os e as oportunidades de investigação futura. Realizando, em seguida, um inquérito para saber mais sobre o conhecimento geral dos indivíduos acerca da privacidade, da Internet das Coisas e hábitos online e, nalmente, com base na informação recolhida, é proposta uma aplicação móvel que fornece aos utilizadores informações sobre os dispositivos que estão próximos e como proteger os dados que não querem partilhar com estes dispositivos. Os testes com utilizadores revelaram que os participantes val orizam ter acesso a mais informações sobre termos relacionados com a privacidade. Esta aplicação é capaz de detetar que tipo de dispositivos estão próximos, que tipo de dados são recolhidos por esses dispositivos e apresentar opções de privacidade ao utilizador, quando possível, com o objetivo de fornecer aos indivíduos uma ferramenta para tomarem decisões informadas sobre os seus dados privados.Internet of Things devices are everywhere, since the birth of ubiquitous computing, human everyday life is expected to contain millions of devices that control every aspect of our lives. Today we have smart vehicles, smart houses, smart cities, wearables among other things that use various types of devices, and various types of networks to communicate. These devices create new ways of collecting and processing personal data from users, and non-users. Most end users are not even aware or have little control over the information that is being collected by these systems. This work takes a holistic approach to this problem by rst conducting a literature review to compile current solutions, challenges and future research opportunities. Then conducting a survey to learn more about the general knowledge of individuals about privacy, the Internet of Things and online habits, and nally, based on the information gathered, a mobile application is proposed that gives users information about nearby devices, and how to protect the data that they do not want to share with them. User testing revealed that participants valued having access to more information about privacy related terms. This application is capable of detecting what type of devices are nearby, what kind of data is collected by these devices, and displaying privacy options to the user, when it is possible to do so, with the goal of providing individuals a tool to make informed decisions about their private data

The Interplay between National Security and Freedom of Expression Online in the Post-Soviet Countries

For his study, the researcher selected a group of post-Soviet countries. After the collapse of the Soviet Union, the countries morphed into quite different sovereign states, with different centres of global attractions and alliances. In the present work the author tested his hypothesis that regardless of individual historical paths − and despite differences in evolving political and institutional regimes − there exists a commonality of Internet regulation practices that is shared by most of the countries in question. To set the stage, this work presents the research design and methodology before moving on to describe the context in the post-Soviet region. Next, the work takes a detour from the analysis of regional characteristics to introduce the definitions of national security, terrorism, extremism and the interplay of these issues with the principle of freedom of expression. The research further explores the way emerging Internet technologies changed the playing field when it comes to the expression of views that are legally acceptable, however, potentially could be causing a threat to national security. The author then outlines the existing good practices, drawing mostly upon the experiences of the ‘old’ democracies, before moving on to explore case studies conducted in the post-Soviet space. The scope of legislative interventions in the countries of the region is examined through the lens of the legitimisation of disputable practices of curtailing free online expression and the methods employed. It should be noted that the hypothesis involving the commonality of legislative interventions is only partially corroborated. Still, the author identified a number of initiatives that legislators of the countries under scrutiny could implement to align their respective legislature with the best practices of online regulation, based on the premises of legality, legitimacy, and proportionality as regards restrictions to freedom of expression