Service Security and Privacy as a Socio-Technical Problem: Literature review, analysis methodology and challenge domains

Published online September 2015 accepted: 15 September 2014Published online September 2015 accepted: 15 September 2014The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research in security protocol design and analysis. By contrast, it entails much broader dimensions pertaining to how users approach technology and understand the risks for the data they enter. For example, users may express cautious or distracted personas depending on the service and the point in time; further, pre-established paths of practice may lead them to neglect the intrusive privacy policy offered by a service, or the outdated protections adopted by another. The approach that sees the service security and privacy problem as a socio-technical one needs consolidation. With this motivation, the article makes a threefold contribution. It reviews the existing literature on service security and privacy, especially from the socio-technical standpoint. Further, it outlines a general research methodology aimed at layering the problem appropriately, at suggesting how to position existing findings, and ultimately at indicating where a transdisciplinary task force may fit in. The article concludes with the description of the three challenge domains of services whose security and privacy we deem open socio-technical problems, not only due to their inherent facets but also to their huge number of users

Commonwealth Games: friendly rivalry

This paper looks back at how the Commonwealth Games came to be, Australia’s experience of staging the event and contemplates how the Gold Coast will deal with that legacy and surmount perceived and unexpected complications that will inevitably surface before the 2018 Games’ Opening Ceremony.Executive summary Elite athletes from the Commonwealth meet every four years to compete in the multi-sport event known as the Commonwealth Games.While the Commonwealth Games boasts many similarities to the Olympics, it differs in the more relaxed and ‘friendly’ spirit of competition, which is a highlight of most events. The spirit of friendship has not always prevailed, however, and there have been serious rifts between Commonwealth nations that have manifested themselves in boycotts of the Games. While these have threatened at times to dissolve, or seriously weaken the Commonwealth, solutions have always been found and the Commonwealth and its Games have endured. Australia was one of a group of nations that first participated in competition between Britain and its colonies in 1911; it has participated in the Games in all its forms since that time. It is acknowledged as the most successful of the Commonwealth nations in this sporting competition—winning over 200 more medals than its nearest rival. Australian cities have hosted the Games four times. While there have been some hiccoughs in the staging of each event—some social, and some economic—Sydney, Perth and Brisbane have all received accolades and Melbourne was praised as ‘the best’ following the 2006 Games. In 2018 Australia will host another Commonwealth Games—on Queensland’s Gold Coast. This paper looks back at how the Games came to be, Australia’s experience of staging the event and contemplates how the Gold Coast will deal with that legacy and surmount perceived and unexpected complications that will inevitably surface before the 2018 Games’ Opening Ceremony

Evolving Bitcoin Custody

The broad topic of this thesis is the design and analysis of Bitcoin custody systems. Both the technology and threat landscape are evolving constantly. Therefore, custody systems, defence strategies, and risk models should be adaptive too. We introduce Bitcoin custody by describing the different types, design principles, phases and functions of custody systems. We review the technology stack of these systems and focus on the fundamentals; key-management and privacy. We present a perspective we call the systems view. It is an attempt to capture the full complexity of a custody system, including technology, people, and processes. We review existing custody systems and standards. We explore Bitcoin covenants. This is a mechanism to enforce constraints on transaction sequences. Although previous work has proposed how to construct and apply Bitcoin covenants, these require modifying the consensus rules of Bitcoin, a notoriously difficult task. We introduce the first detailed exposition and security analysis of a deleted-key covenant protocol, which is compatible with current consensus rules. We demonstrate a range of security models for deleted-key covenants which seem practical, in particular, when applied in autonomous (user-controlled) custody systems. We conclude with a comparative analysis with previous proposals. Covenants are often proclaimed to be an important primitive for custody systems, but no complete design has been proposed to validate that claim. To address this, we propose an autonomous custody system called Ajolote which uses deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a model of its state dynamics, a privacy analysis, and a risk model. We propose a threat model for custody systems which captures a realistic attacker for a system with offline devices and user-verification. We perform ceremony analysis to construct the risk model.Comment: PhD thesi

A Peered Bulletin Board for Robust Use in Verifiable Voting Systems

The Web Bulletin Board (WBB) is a key component of verifiable election systems. It is used in the context of election verification to publish evidence of voting and tallying that voters and officials can check, and where challenges can be launched in the event of malfeasance. In practice, the election authority has responsibility for implementing the web bulletin board correctly and reliably, and will wish to ensure that it behaves correctly even in the presence of failures and attacks. To ensure robustness, an implementation will typically use a number of peers to be able to provide a correct service even when some peers go down or behave dishonestly. In this paper we propose a new protocol to implement such a Web Bulletin Board, motivated by the needs of the vVote verifiable voting system. Using a distributed algorithm increases the complexity of the protocol and requires careful reasoning in order to establish correctness. Here we use the Event-B modelling and refinement approach to establish correctness of the peered design against an idealised specification of the bulletin board behaviour. In particular we show that for n peers, a threshold of t > 2n/3 peers behaving correctly is sufficient to ensure correct behaviour of the bulletin board distributed design. The algorithm also behaves correctly even if honest or dishonest peers temporarily drop out of the protocol and then return. The verification approach also establishes that the protocols used within the bulletin board do not interfere with each other. This is the first time a peered web bulletin board suite of protocols has been formally verified.Comment: 49 page