Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities using TPM 2.0, to appear in the Proceedings of the 4th international workshop on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale, Arizona, USA, http://dx.doi.org/10.1145/2666141.266614

Security in Ad Hoc Networks and Pervasive Computing

Pervasive computing is an exciting and blooming research field, in which innovative techniques and applications are continuously emerging and aim to provide ambient and personalized services to users with high quality. Ad hoc networks are wireless, self-organizing systems formed by cooperating nodes within communication range of each other that form temporary networks. Their topology is dynamic, decentralized, ever changing and the nodes may move around arbitrarily. The last few years have witnessed a wealth of research ideas on ad hoc networking that are moving rapidly into implemented standards. Technology under development for ad hoc networks and pervasive computing is making important steps toward this end goal possible

Final

The present report reviews the fundamental right to privacy and data protection which shall be assured to individuals and the Directive 95/46/EC which provides more detailed rules on how to establish protection in the case of biometric data processing. The present framework does not seem apt to cope with all issues and problems raised by biometric applications. The limited recent case law of the European Court of Human Rights and the Court of Justice sheds some light on some relevant issues, but does not answer all questions. The report provides an analysis of the use of biometric data and the applicable current legal framework in six countries. The research demonstrates that in various countries, position is taken against the central storage of biometric data because of the various additional risks such storage entails. Furthermore, some countries stress the risks of the use of biometric characteristics which leave traces (such as e.g., fingerprint, face, voice…). In general, controllers of biometric applications receive limited clear guidance as to how implement biometric applications. Because of conflicting approaches, general recommendations are made in this report with regard to the regulation of central storage of biometric data and various other aspects, including the need for transparency of biometric systems

Large-scale Biometrics Deployment in Europe: Identifying Challenges and Threats

With large-scale biometrics deployment in the EU still in its infancy and with stakeholders racing to position themselves in view of the lucrative market that is forecasted, a study to identify challenges and threats that need to be dealt with was launched. This is the result: a report on Biometrics large-scale Deployment in Europe. The report tackles three main issues namely, the status, security / privacy and testing / certification processes. A survey was launched so as to help reveal the actual status of Biometrics large-scale Deployment initiatives in EU. The main outcome of the survey was that an open dissemination of implementation results policy is needed mainly on deployment plans, strategies, barriers and best practices. The security/ privacy challenges study identified a number of issues, the most important of which were related to proportionality and compliance to the existing regulatory framework while at the same time it revealed an important number of related actions aiming at ensuring both data security and privacy. The aim of the Bio Testing Europe study was double: to identify and collect comparable and certified results under different technologies, vendors and environments situations and to feed in this information to animate discussion among the members of a European network which would enhance the European testing and certification capacity. The study presents an integrated picture of the identified issues as well as a number of recommendations. With some of the systems that are being implemented involving millions of individuals as target users it is important for policy makers to adopt some of the options presented so as to address the identified through the study challengesJRC.J.4-Information Societ

Traceability -- A Literature Review

In light of recent food safety crises and international trade concerns associated with food or animal associated diseases, traceability has once again become important in the minds of public policymakers, business decision makers, consumers and special interest groups. This study reviews studies on traceability, government regulation and consumer behaviour, provide case studies of current traceability systems and a rough breakdown of various costs and benefits of traceability. This report aims to identify gaps that may currently exist in the literature on traceability in the domestic beef supply chain, as well as provide possible directions for future research into said issue. Three main conclusions can be drawn from this study. First, there is a lack of a common definition of traceability. Hence identifying similarities and differences across studies becomes difficult if not impossible. To this end, this study adopts CFIA’s definition of traceability. This definition has been adopted by numerous other agencies including the EU’s official definition of traceability however it may or may not be acceptable from the perspective of major Canadian beef and cattle trade partners. Second, the studies reviewed in this report address one or more of five key objectives; the impact of changing consumer behaviour on market participants, suppliers incentive to adopt or participate in traceability, impact of regulatory changes, supplier response to crisis and technical description of traceability systems. Drawing from the insights from the consumer studies, it seems as if consumers do not value traceability per se, traceability is a means for consumers to receive validation of another production or process attribute that they are interested in. Moreover, supply chain improvement, food safety control and accessing foreign market segments are strong incentives for primary producers and processors to participate in programs with traceability features. However the objectives addressed by the studies reviewed in this paper are not necessarily the objectives that are of most immediate relevance to decision makers about appropriate traceability standards to recommend, require, subsidize etc. In many cases the research objectives of previous work have been extremely narrow creating a body of literature that is incomplete in certain key areas. Third, case studies of existing traceability systems in Australia, the UK, Scotland, Brazil and Uruguay indicate that the pattern of development varies widely across sectors and regions. In summary, a traceability system by itself cannot provide value-added for all participants in the industry; it is merely a protocol for documenting and sharing information. Value is added to participants in the marketing chain through traceability in the form of reduced transactions costs in the case of a food safety incident and through the ability to shift liability. To ensure consumer benefit and have premiums returned to primary producers the type of information that consumers value is an important issue for future research. A successful program that peaks consumer interest and can enhance their eating experience can generate economic benefits to all sectors in the beef industry. International market access will increasingly require traceability in the marketing system in order to satisfy trade restrictions in the case of animal diseases and country of origin labelling, to name only a few examples. Designing appropriate traceability protocols industry wide is therefore becoming very important.traceability, institutions, Canada, consumer behaviour, producer behaviour, supply chain, Agricultural and Food Policy, Consumer/Household Economics, Food Consumption/Nutrition/Food Safety, Health Economics and Policy, International Relations/Trade, Livestock Production/Industries, Marketing, Production Economics, D020, D100, D200, Q100,