Biometric Systems Private by Design: Reasoning about privacy properties of biometric system architectures

International audienceThe goal of the work presented in this paper is to show the applicability of the privacyby design approach to biometric systems and the benefit of using formal methods to this end. Webuild on a general framework for the definition and verification of privacy architectures introducedat STM 2014 and show how it can be adapted to biometrics. The choice of particular techniques andthe role of the components (central server, secure module, biometric terminal, smart card, etc.) in thearchitecture have a strong impact on the privacy guarantees provided by a biometric system. Somearchitectures have already been analysed but on a case by case basis, which makes it difficult to drawcomparisons and to provide a rationale for the choice of specific options. In this paper, we describethe application of a general privacy architecture framework to specify different design options forbiometric systems and to reason about them in a formal way

Protection de la vie privée dès la phase de conception: application à la vérification de propriétés d'architectures de systèmes biométriques

The goal of the work presented in this paper is to show the applicability of the privacy by design approach to biometric systems and the benefit of using formal methods to this end. We build on a general framework for the definition and verification of privacy architectures introduced at STM 2014 and show how it can be adapted to biometrics. The choice of particular techniques and the role of the components (central server, secure module, biometric terminal, smart card, etc.) in the architecture have a strong impact on the privacy guarantees provided by a biometric system. Some architectures have already been analysed but on a case by case basis, which makes it dicult to draw comparisons and to provide a rationale for the choice of specific options. In this paper, we describe the application of a general privacy architecture framework to specify di↵erent design options for biometric systems and to reason about them in a formal way

Cybersecurity: Past, Present and Future

The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-

Biometric Based Intrusion Detection System using Dempster-Shafer Theory for Mobile Ad hoc Network Security

In wireless mobile ad hoc network, mainly, two approaches are followed to protect the security such as prevention-based approaches and detection-based approaches. A Mobile Ad hoc Network (MANET) is a collection of autonomous wireless mobile nodes forming temporary network to interchange data (data packets) without using any fixed topology or centralized administration. In this dynamic network, each node changes its geographical position and acts as a router for forwarding packets to the other node. Current MANETs are basically vulnerable to different types of attacks. The multimodal biometric technology gives possible resolves for continuous user authentication and vulnerability in high security mobile ad hoc networks (MANETs). Dempster’s rule for combination gives a numerical method for combining multiple pieces of data from unreliable observers. This paper studies biometric authentication and intrusion detection system with data fusion using Dempster–Shafer theory in such MANETs. Multimodal biometric technologies are arrayed to work with intrusion detection to improve the limitations of unimodal biometric technique

THaW publications

In 2013, the National Science Foundation\u27s Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project\u27s bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials and abstracts and associates each work with a URL where it may be found, cluster (category), several content tags, and a brief annotation summarizing the work\u27s contribution. For more information about THaW, visit thaw.org

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes

Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elämme, on muovautunut teknologian kehityksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tämän kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenäisen viestinnän ennennäkemättömässä mittakaavassa. Internet on muovautunut ehkä keskeisimmäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän olemassaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työkalut eivät vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettä, vaan myös vaarantavat kaiken Internet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltaisia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnallisesta näkökulmasta. Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia ratkaisuja ja avauksia eri näkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistä turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkökulmasta työssä esitetään suunnitteluvuo kryptografisia primitiivejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetuviiille järjestelmille, analysoidaan biometrisiin passeihin, kansainväliseen passijärjestelmään, sekä sähköiseen äänestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehitetään menetelmiä parempaan tietoturvaopetukseen kaikilla koulutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen merkitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license