Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Fluid sovereignty: state-nature relations in the Hasbani Basin, southern Lebanon

The concept of fluid sovereignty denotes configurations of state authority in which flows of living and non-living things, within and across borders, render insecure claims of unconditional territorial control. Loss of monopoly control of the means of violence within a territory conventionally signals weak political sovereignty. Bordering Israel (including the occupied Golan Heights) and Syria, the Hasbani Basin, southern Lebanon, seems to exemplify such sovereign failings: over decades, rival security providers have provoked political instability and conflict in the region. However, fluid sovereignty brings to the fore state-nature relations neglected in scholarship on “fragile” or “failing” states. Informed by geographical work on hybrid sovereignties and vital materialism, we show how sovereign claims over the Hasbani Basin extend to (sub)terranean water sources and rainfall-dependent agricultural lands, both of which are deeply securitized. Incomplete centralization and territorialization by Lebanon of the Hasbani Basin evinces fractured state nature—the inability of the state to realize volumetric control of, and authority over, basin waters. This state nature is coproduced by the fluid materiality of the waters themselves, whose hydro-climatic circulation and contingencies are at odds with territorial designs for volumetric control. For rural communities in the Hasbani Basin economically dependent on access to agricultural water, field research reveals a practical experience of fluid sovereignty, both in adapting to water variability and also navigating use of agricultural borderlands subject to conflict-related dangers. Recent conflict spillovers from the Syrian war have reinforced, for the majority Druze population, the low legitimacy of Lebanese state nature

Supporting authorize-then-authenticate for wi-fi access based on an electronic identity infrastructure

Federated electronic identity systems are increasingly used in commercial and public services to let users share their electronic identities (eIDs) across countries and providers. In Europe, the eIDAS Regulation and its implementation-the eIDAS Network-allowing mutual recognition of citizen’s eIDs in various countries, is now in action. We discuss authorization (before authentication), named also authorize-then-authenticate (AtA), in services exploiting the eIDAS Network. In the eIDAS Network, each European country runs a national eIDAS Node, which transfers in other Member State countries, via the eIDAS protocol, some personal attributes, upon successful authentication of a person in his home country. Service Providers in foreign countries typically use these attributes to implement authorization decisions for the requested service. We present a scenario where AtA is required, namely Wi-Fi access, in which the service provider has to implement access control decisions before the person is authenticated through the eIDAS Network with his/her national eID. The Wi-Fi access service is highly required in public and private places (e.g. shops, hotels, a.s.o.), but its use typically involves users’ registration at service providers and is still subject to security attacks. The eIDAS Network supports different authentication assurance levels, thus it might be exploited for a more secure and widely available Wi-Fi access service to the citizens with no prior registration, by exploiting their national eIDs. We propose first a model that discusses AtA in eIDAS-based services, and we consider different possible implementation choices. We describe next the implementation of AtA in an eIDAS-based Wi-Fi access service leveraging the eIDAS Network and a Zeroshell captive portal supporting the eIDAS protocol. We discuss the problems encountered and the deploy-ment issues that may impact on the service acceptance by the users and its exploitation on large scale

Network service federated identity (NS-FId) protocol for service authorization in 5G network

Fifth generation mobile network (5G) will make network services available anywhere from multiple Service Providers (SP) and its provisioning raises security concerns. The users will require seamless connectivity and secure access to these services. Mobile Network Operator (MNO) will want to provide services to users and be able to share infrastructure resources with other MNOs. This requires robust authentication and authorization mechanisms that can provide secure access and provisioning of service to multiple users and providers in heterogeneous network. Therefore, Federated Identity (FId) with Single Sign On (SSO) could be used for seamless access and provisioning to network services in 5G. So, we propose Network Service Federated Identity (NS-FId) protocol, a federated protocol that provides secure access to services from multiple SPs and provides SSO to users. We formally verify and analyse the proposed NSFId protocol using ProVerif. We also conduct a security analysis of the protocol’s security properties

Electronic Identity in Europe: Legal challenges and future perspectives (e-ID 2020)

This deliverable presents the work developed by the IPTS eID Team in 2012 on the large-encompassing topic of electronic identity. It is structured in four different parts: 1) eID: Relevance, Le-gal State-of-the-Art and Future Perspectives; 2) Digital Natives and the Analysis of the Emerging Be-havioral Trends Regarding Privacy, Identity and Their Legal Implications; 3) The "prospective" use of social networking services for government eID in Europe; and 4) Facial Recognition, Privacy and Iden-tity in Online Social Networks.JRC.J.3-Information Societ

Dependability engineering in Isabelle

In this paper, we introduce a process of formal system development supported by interactive theorem proving in a dedicated Isabelle framework. This Isabelle Infrastructure framework implements specification and verification in a cyclic process supported by attack tree analysis closely inter-connected with formal refinement of the specification. The process is cyclic: in a repeated iteration the refinement adds more detail to the system specification. It is a known hard problem how to find the next refinement step: this problem is addressed by the attack based analysis using Kripke structures and CTL logic. We call this cyclic process the Refinement-Risk cycle (RR-cycle). It has been developed for security and privacy of IoT healthcare systems initially but is more generally applicable for safety as well, that is, dependability in general. In this paper, we present the extensions to the Isabelle Infrastructure framework implementing a formal notion of property preserving refinement interleaved with attack tree analysis for the RR-cycle. The process is illustrated on the specification development and privacy analysis of the mobile Corona-virus warning app

Casting votes digitally: examining the Latvian national position on Internet voting

The following dissertation aims to examine the Latvian national position on Internet voting through the prism of governmental and non-governmental actors’ perspectives. Drawing upon the theoretical framework of the i-voting pre-conditions outlined in Kotka’s et al. analysis (2015) as well as the Estonian National Electoral Committee’s report E-System Overview (2005), the dissertation adopts the content analysis method to identify the main underpinnings of the governmental and non-governmental actors’ position on the issue as well as the factors that shape the national discourse. Through examination of 34 documents of the relevant actors issued in the period between February 2012 and December 2015, the dissertation proposes a framework of determining the national position by estimating and comparing the indexes of average connotations (IAC) for governmental and non-governmental actors. Relying on empirical findings emerging from the coding scheme framework, the study argues that the national position is influenced by concerns over trust and security factors and suffers from a high degree of incoherence due to discrepancies and mismatches in the governmental and non-governmental actors’ ways of forming their judgments in regard to the vital i-voting pre-conditions. Taking into account that there are currently no studies that analyse in-depth the i-voting situation in Latvia, the following dissertation brings both academic and policy-oriented contributions by laying out a new theoretical approach of looking at the issue of i-voting through the lens of the pre-conditions and their impact on forming the national position as well as providing recommendations on the future direction and prospects of the i-voting strategy in Latvia. Moreover, the study puts forward a model that could be tested and applied further in other EU Member States to verify the state of the development and readiness of the i-voting pre-conditions.http://www.ester.ee/record=b4578751*es

Providing Login and Wi-Fi Access Services With the eIDAS Network: A Practical Approach

The digital identity (or electronic identity) of a person is about being able to prove upon authentication who one is on the Internet, with a certain level of assurance, such as by means of some attributes obtained from a trustworthy Identity Provider. In Europe, the eIDAS Network allows the citizens to authenticate securely with their national credentials and to provide such personal attributes when getting access to Service Providers in a different European country. Although the eIDAS Network is more and more known, its integration with real operational services is still at an initial phase. This paper presents two eIDAS-enabled services, Login with eIDAS and Wi-Fi access with eIDAS , that we have designed, implemented, deployed, and validated at the Politecnico di Torino in Italy. The validation study involved several undergraduate students, who have run the above services with their authentication credentials and platforms and with minimal indications on their usage. The results indicate that the services were beneficial. Several advantages exist both for the users and for the Service Providers, such as resistance to some security attacks and the possibility to adopt the service without prior user registration ( e.g. for short meetings, or in public places). However, some students expressed doubts about exploiting their national eID for Wi-Fi access, mainly in connection with usability and privacy issues. We discuss also these concerns, along with advantages and disadvantages of the proposed services