Public Key Infrastructure based on Authentication of Media Attestments

Many users would prefer the privacy of end-to-end encryption in their online communications if it can be done without significant inconvenience. However, because existing key distribution methods cannot be fully trusted enough for automatic use, key management has remained a user problem. We propose a fundamentally new approach to the key distribution problem by empowering end-users with the capacity to independently verify the authenticity of public keys using an additional media attestment. This permits client software to automatically lookup public keys from a keyserver without trusting the keyserver, because any attempted MITM attacks can be detected by end-users. Thus, our protocol is designed to enable a new breed of messaging clients with true end-to-end encryption built in, without the hassle of requiring users to manually manage the public keys, that is verifiably secure against MITM attacks, and does not require trusting any third parties

Security and collaborative groupware tools usage

This thesis investigates the usage problems of Online Collaborative Groupware (OCG) tools for learning at the University of Bahrain (UOB) in the Kingdom of Bahrain. An initial study revealed that the main problems faced by students when they use OCG tools in the learning process are security and trust. SWFG (Skype, Wiki, Facebook, and Gmail) tools were proposed as being effective and commonly used OCG tools for learning. A quasi-experiment has been done with UOB students to identify the perceptions of the students towards security, privacy and safety relating to use of SWFG tools. Based on this experiment the researcher has derived the following results: Secure Skype has a positive relationship with Skype usage; Private Skype has a positive relationship with Skype trust; Secure Gmail has a negative relationship with Gmail usage and trust; Wiki usage has a negative relationship with trust in Wikis. Additionally, the research revealed that students may be more motivated to use OCG tools if the security and privacy of these tools was to be improved. The thesis also focuses on security and trust within email. In order to evaluate the usage of secure emails, students‘ awareness of the secure email awareness was investigated using quantitative and qualitative methods. The results of this evaluation informed the design of an experiment that was then conducted by tracking secure email usage and gathering information about the students‘ usage and awareness of their secure emails. The aim of this activity was to identify a clear representation of secure email usage over specified periods for both academic and non-academic purposes by students in both the UK and Bahrain. It has been concluded from this experiment that there are differences between the usage of secure email in each country when applied to both academic and non-academic purposes. Finally, based on these results, the researcher developed a framework which derives from the Technology Acceptance Model (TAM) model by testing security and trust effects on the ease of use and on usefulness. A case study has been conducted using a new secure email instructional model in order to validate the research framework. The study found that security provided by webmails and students‘ trust affects the webmail‘s perceived usefulness, and that in turn this leads to ease of use regardless of which type of email client is used. However, it was not proof that usefulness affects the usage of email. Evidence suggests that the model may be a suitable solution for increasing the usefulness of email in Computer Supported Collaborative Learning (CSCL), and can help to strengthen communication between faculty and students. This study has contributed valuable knowledge and information in this particular field of study. It has been able to gather a satisfactory amount of information from both students and teachers in both the University of Bahrain (UOB) and the University of Warwick (UOW). A number of different methods were used in this task – interviews, questionnaires, observations, experiments and student feedback, amongst others. The entire study was conducted in a way that it would empirically evaluate different dimensions of secure Online Collaborative Groupware (OCG) tools usage in the educational environment. The research framework applied in this investigation provided many insights into OCG tools. These new insights and information may be used to test and validate the framework with a large number of students

Cloud computing adoption decision modelling for SMEs: a conjoint analysis

Cloud computing is an emerging technology that promises competitive advantages, cost savings, enhanced business processes and services, and various other benefits to enterprises. Despite the rapid technological advancement, the adoption of cloud computing is still growing slowly among small and mediumsized enterprises (SMEs). This paper presents a model to support the decisionmaking process, using a multi-criteria decision method PAPRIKA for the socio-technical aspects influencing SMEs cloud adoption decision. Due to the multifaceted nature of the cloud computing adoption process, the evaluation of various cloud services and deployment models have become a major challenge. This paper presents a systematic approach to evaluating cloud computing services and deployment models. Subsequently, we have conducted conjoint analysis activities with five SMEs decision makers as part of the distribution process of this decision modelling based on predetermined criteria. With the help of the proposed model, cloud services and deployment models can be ranked and selected

A security analysis of email communications

The objective of this report is to analyse the security and privacy risks of email communications and identify technical countermeasures capable of mitigating them effectively. In order to do so, the report analyses from a technical point of view the core set of communication protocols and standards that support email communications in order to identify and understand the existing security and privacy vulnerabilities. On the basis of this analysis, the report identifies and analyses technical countermeasures, in the form of newer standards, protocols and tools, aimed at ensuring a better protection of the security and privacy of email communications. The practical implementation of each countermeasure is evaluated in order to understand its limitations and identify potential technical and organisational constrains that could limit its effectiveness in practice. The outcome of the above mentioned analysis is a set of recommendations regarding technical and organisational measures that when combined properly have the potential of more effectively mitigating the privacy and security risks of today's email communications.JRC.G.6-Digital Citizen Securit