Design and Implementation Aspects of Mobile Derived Identities

With the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays, due to the widespread use of smartphones, mobile user authentication is often favoured. This naturally supports two-factor authentication schemes (2FA). We use the term mobile derived identity to stress two aspects: a) the identity is enabled for mobile usage and b) the identity is somehow derived from a physical or digital proof of identity. This work reviews 21 systems that support mobile derived identities. One subset of the considered systems is already in place (public or private sector in Europe), another subset is subject to research. Our goal is to identify prevalent design and implementation aspects for these systems in order to gain a better understanding on best practises and common views on mobile derived identities. We found, that research prefers storing identity data on the mobile device itself whereas real world systems usually rely on cloud storage. 2FA is common in both worlds, however biometrics as second factor is the exception

Integrating User Identity with Ethereum Smart Contract Wallet

Esimene suurem rakendusplokiahela tehnoloogias oli krüptovaluuta ja selle vahendamine, praeguseks on aga plokiahela tehnoloogia leidnud kasutust paljudes teistes tööstusvaldkondades nagu energeetika, põllumajandus, tootmine jt. Algne idee, mis hõlmas varade saatmist ühelt anonüümselt kontolt teisele, vajab uuendusi lähtuvalt uute valdkondade vajadustest. Mittefinantssektorites võib vara määratlus olla erinev ning suhtumine kasutajate anonüümsusesse samuti s.t, et kasutaja ja tema rahakott muutuvad sellisel juhul avalikumaks.Peamine probleem seisneb kasutaja anonüümsuses ja varade saatmise üle kontrolli puudumises. Antud lõputöös me ühendame kasutaja identiteedi tema plokiahela rahakotiga selleks, et lubada varade saatmist alles peale digitaalset signeerimist kinnitaja ja kasutaja enda poolt. Lõputöö käigus analüüsitakse Ethereum plokiahela põhimõtteid, erinevaid plokiahela rahakoti kaitselahendusi ja riigi poolt väljastatud identiteedil baseeruvad e-identimise teenuseid. Lõputöö tulemusena esitatakse identiteedi põhise rahakoti ja detsentraliseeritud rakenduse integreerimise spetsifikatsiooni. Töö tulemuse valideerimiseks on kasutatud prototüüpi detsentraliseeritud rakendusest ja plokiahela nutilepingust.The first major application of the blockchain technology was made for cryptocurrencies and by now it is used in numerous industries, including in energy, agriculture, manufacturing, etc. The original idea of transferring assets from one account to another has to be updated for those industries. Non-financial industries have a different definition of an asset and a differ-ing attitude towards the anonymity of the users, i.e. it is necessary for the users and their wallets to become more public.Namely, the main problem is related to the users' anonymity and uncontrolled asset transfers in decentralized applications. In this thesis, the user’s identity is connected with his block-chain wallet to allow asset transfers to take place only with added identity-based signatures of the approver and the user himself. The implementation of the thesis includes the analysis of the Ethereum blockchain principles, different wallet protection solutions and state-level identity services. The thesis proposes a specification of an identity-based wallet integration with Dapp. The solution specification is validated using Dapp and a smart-contract prototype

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects

Selbstbestimmung, Privatheit und Datenschutz

In diesem Open-Access-Sammelband werden die aktuelle Herausforderungen für Privatheit und Datenschutz aufgezeigt, die durch die zunehmende Digitalisierung entstehen. Die Beitragsautoren analysieren, wie diese durch Governancemechanismen adressiert werden können. Als Alternative zu einem rein profitorientierten Digitalkapitalismus bzw. Digitalautoritarismus wird für einen eigenständigen europäischen Weg beim Datenschutz argumentiert, der auf eine gemeinwohlorientierte Technikentwicklung abzielt. Insbesondere befassen sich die Beiträge mit den Möglichkeiten für die Stärkung der Selbstbestimmung in der Datenökonomie und mit algorithmischen Entscheidungssystemen