Government cloud computing and the policies of data sovereignty

Government cloud services are a new development at the intersection of electronic government and cloud computing which holds the promise of rendering government service delivery more effective and efficient. Cloud services are virtual, dynamic and potentially stateless which has triggered governments' concern about data sovereignty. This paper explores data sovereignty in relation to government cloud services and how national strategies and international policy evolve. It concludes that for countries data sovereignty presents a legal risk which can not be adequately addressed with technology or through contractual arrangements alone. Governments therefore adopt strategies to retain exclusive jurisdiction over government information. --cloud computing,electronic government,data sovereignty,data ownership,information assurance,international data transfers

Analysis of security impact of making mShield an IPv4 to IPv6 converter box

info:eu-repo/semantics/acceptedVersio

When mobility is not a choice Problematising asylum seekers’ secondary movements and their criminalisation in the EU. CEPS Paper in Liberty and Security in Europe No. 2019-11, December 2019

The notion of ‘secondary movements’ is commonly used to describe the mobility of third country nationals for the purpose of seeking international protection in an EU member state other than the one of first irregular entry according to the EU Dublin Regulation. Secondary movements are often identified as a major insecurity factor undermining the sustainability of the Schengen regime and the functioning of the EU Dublin system. Consequently, EU policies have focused on their ‘criminalisation’, as testified by the range of sanctions included in the 2016 CEAS reform package, and on a ‘policing’ approach, which has materialised in the expanded access to data stored in the EURODAC database by police authorities, and its future interconnection with other EU databases under the 2019 EU Interoperability Regulations. This Paper shows that the EU notion of secondary movements is flawed and must be reconsidered in any upcoming reform of the CEAS. The concept overlooks the fact that asylum seekers’ mobility may be non-voluntary and thus cannot be understood as a matter of ‘free choice’ or in terms of ‘preferences’ about the member state of destination. Such an understanding is based on the wrong assumption that asylum seekers’ decisions to move to a different EU country are illegitimate, as all EU member states are assumed to be ‘safe’ for people in need of international protectio

The Politics of Exhaustion: Immigration Control in the British-French Border Zone

Within a climate of growing anti-immigration and populist forces gaining traction across Europe, and in response to the increased number of prospective asylum seekers arriving in Europe, recent years have seen the continued hardening of borders and a disconcerting evolution of new forms of immigration control measures utilised by states. Based on extensive field research carried out amongst displaced people in Europe in 2016-2019, this article highlights the way in which individuals in northern France are finding themselves trapped in a violent border zone, unable to move forward whilst having no obvious alternative way out of their predicament. The article seeks to illustrate the violent dynamics inherent in the immigration control measures in this border zone, characterised by both direct physical violence as well as banalised and structural forms of violence, including state neglect through the denial of services and care. The author suggests that the raft of violent measures and micro practices authorities resort to in the French-British border zone could be understood as constituting one of the latest tools for European border control and obstruction of the access to asylum procedures; a Politics of Exhaustion

On the Role of Hash-Based Signatures in Quantum-Safe Internet of Things:Current Solutions and Future Directions

The Internet of Things (IoT) is gaining ground as a pervasive presence around us by enabling miniaturized things with computation and communication capabilities to collect, process, analyze, and interpret information. Consequently, trustworthy data act as fuel for applications that rely on the data generated by these things, for critical decision-making processes, data debugging, risk assessment, forensic analysis, and performance tuning. Currently, secure and reliable data communication in IoT is based on public-key cryptosystems such as Elliptic Curve Cryptosystem (ECC). Nevertheless, reliance on the security of de-facto cryptographic primitives is at risk of being broken by the impending quantum computers. Therefore, the transition from classical primitives to quantum-safe primitives is indispensable to ensure the overall security of data en route. In this paper, we investigate applications of one of the post-quantum signatures called Hash-Based Signature (HBS) schemes for the security of IoT devices in the quantum era. We give a succinct overview of the evolution of HBS schemes with emphasis on their construction parameters and associated strengths and weaknesses. Then, we outline the striking features of HBS schemes and their significance for the IoT security in the quantum era. We investigate the optimal selection of HBS in the IoT networks with respect to their performance-constrained requirements, resource-constrained nature, and design optimization objectives. In addition to ongoing standardization efforts, we also highlight current and future research and deployment challenges along with possible solutions. Finally, we outline the essential measures and recommendations that must be adopted by the IoT ecosystem while preparing for the quantum world.Comment: 18 pages, 7 tables, 7 figure

A Component-Based Approach for Securing Indoor Home Care Applications

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.This work was financed under project DPI2015-68602-R (MINECO/FEDER, UE), UPV/EHU under project PPG17/56 and GV/EJ under recognized research group IT914-16

The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

A closer look at Intrusion Detection System for web applications

Intrusion Detection System (IDS) is one of the security measures being used as an additional defence mechanism to prevent the security breaches on web. It has been well known methodology for detecting network-based attacks but still immature in the domain of securing web application. The objective of the paper is to thoroughly understand the design methodology of the detection system in respect to web applications. In this paper, we discuss several specific aspects of a web application in detail that makes challenging for a developer to build an efficient web IDS. The paper also provides a comprehensive overview of the existing detection systems exclusively designed to observe web traffic. Furthermore, we identify various dimensions for comparing the IDS from different perspectives based on their design and functionalities. We also provide a conceptual framework of an IDS with prevention mechanism to offer a systematic guidance for the implementation of the system specific to the web applications. We compare its features with five existing detection systems, namely AppSensor, PHPIDS, ModSecurity, Shadow Daemon and AQTRONIX WebKnight. The paper will highly facilitate the interest groups with the cutting edge information to understand the stronger and weaker sections of the web IDS and provide a firm foundation for developing an intelligent and efficient system