15,809 research outputs found
Perceived risk and sensitive data on mobile devices
This paper reports on a survey to investigate the behaviour and assumptions of smartphone users, with reference to the security practices adopted by such users. The primary objective was to shed light on the level of information security awareness in smartphone users and determine the extent of sensitive information such users typically hold on these mobile devices
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Managing ubiquitous eco cities: the role of urban telecommunication infrastructure networks and convergence technologies
A successful urban management system for a Ubiquitous Eco City requires an integrated approach. This integration includes bringing together economic, socio-cultural and urban development with a well orchestrated, transparent and open decision making mechanism and necessary infrastructure and technologies. Rapidly developing information and telecommunication technologies and their platforms in the late 20th Century improves urban management and enhances the quality of life and place. Telecommunication technologies provide an important base for monitoring and managing activities over wired, wireless or fibre-optic networks. Particularly technology convergence creates new ways in which the information and telecommunication technologies are used. The 21st Century is an era where information has converged, in which people are able to access a variety of services, including internet and location based services, through multi-functional devices such as mobile phones and provides opportunities in the management of Ubiquitous Eco Cities. This paper discusses the recent developments in telecommunication networks and trends in convergence technologies and their implications on the management of Ubiquitous Eco Cities and how this technological shift is likely to be beneficial in improving the quality of life and place. The paper also introduces recent approaches on urban management systems, such as intelligent urban management systems, that are suitable for Ubiquitous Eco Cities
The State of the Electronic Identity Market: Technologies, Infrastructure, Services and Policies
Authenticating onto systems, connecting to mobile networks and providing identity data to access services is common ground for most EU citizens, however what is disruptive is that digital technologies fundamentally alter and upset the ways identity is managed, by people, companies and governments. Technological progress in cryptography, identity systems design, smart card design and mobile phone authentication have been developed as a convenient and reliable answer to the need for authentication. Yet, these advances ar enot sufficient to satisfy the needs across people's many spheres of activity: work, leisure, health, social activities nor have they been used to enable cross-border service implementation in the Single Digital Market, or to ensure trust in cross border eCommerce. The study findings assert that the potentially great added value of eID technologies in enabling the Digital Economy has not yet been fulfilled, and fresh efforts are needed to build identification and authentication systems that people can live with, trust and use. The study finds that usability, minimum disclosure and portability, essential features of future systems, are at the margin of the market and cross-country, cross-sector eID systems for business and public service are only in their infancy. This report joins up the dots, and provides significant exploratory evidence of the potential of eID for the Single Digital Market. A clear understanding of this market is crucial for policy action on identification and authentication, eSignature and interoperability.JRC.DDG.J.4-Information Societ
A technology white paper on improving the efficiency of social safety net program delivery in low income countries an introduction to available and emerging mobile technologies
This document outlines various available and emerging information and communication technologies (ICTs) and provides a framework to assess how these technologies may be used to improve the efficiency of the delivery of safety net programs. These technologies include: mobile computing, biometrics, satellite communications, simple and smart cards, global positioning systems, radio frequency identification tags, automated teller machines and solar power. Their use in the administration, delivery and monitoring of SSN programs offers numerous advantages including increased accuracy, reliability and timeliness of information, performance measurement and service provider accountability. However, these new and emerging technologies typically require higher initial investment costs that benefit current and future time periods. The optimal solution to design an advanced and efficient delivery system for a safety net program may be a combination of traditional service delivery methods and new technologies that draws on a needs assessment that accounts for local conditions and program characteristics.
Device-Based Isolation for Securing Cryptographic Keys
In this work, we describe an eective device-based isolation
approach for achieving data security. Device-based isolation
leverages the proliferation of personal computing devices to
provide strong run-time guarantees for the condentiality of
secrets. To demonstrate our isolation approach, we show its
use in protecting the secrecy of highly sensitive data that
is crucial to security operations, such as cryptographic keys
used for decrypting ciphertext or signing digital signatures.
Private key is usually encrypted when not used, however,
when being used, the plaintext key is loaded into the memory
of the host for access. In our threat model, the host may
be compromised by attackers, and thus the condentiality of
the host memory cannot be preserved. We present a novel
and practical solution and its prototype called DataGuard to
protect the secrecy of the highly sensitive data through the
storage isolation and secure tunneling enabled by a mobile
handheld device. DataGuard can be deployed for the key
protection of individuals or organizations
- …