A LINDDUN-based framework for privacy threat analysis on identification and authentication processes

© . This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/Identification and authentication (IA) are security procedures that are ubiquitous in our online life, and that constantly require disclosing personal, sensitive information to non-fully trusted service providers, or to fully trusted providers that unintentionally may fail to protect such information. Although user IA processes are extensively supported by heterogeneous software and hardware, the simultaneous protection of user privacy is an open problem. From a legal point of view, the European Union legislation requires protecting the processing of personal data and evaluating its impact on privacy throughout the whole IA procedure. Privacy Threat Analysis (PTA) is one of the pillars for the required Privacy Impact Assessment (PIA). Among the few existing approaches for conducting a PTA, LINDDUN is a very promising framework, although generic, in the sense that it has not been specifically conceived for IA. In this work, we investigate an extension of LINDDUN that allows performing a reliable and systematically-reproducible PTA of user IA processes, thereby contributing to one of the cornerstones of PIA. Specifically, we propose a high-level description of the IA verification process, which we illustrate with an UML use case. Then, we design an identification and authentication modelling framework, propose an extension of two critical steps of the LINDDUN scheme, and adapt and tailor the trust boundary concept applied in the original framework. Finally, we propose a systematic methodology aimed to help auditors apply the proposed improvements to the LINDDUN framework.The authors are thankful for the support through the research project “INRISCO”, ref. TEC2014-54335-C4-1-R, “MAGOS”, TEC2017-84197-C4-3-R, and the project “Sec-MCloud”, ref. TIN2016-80250-R. J. Parra-Arnau is the recipient of a Juan de la Cierva postdoctoral fellowship, IJCI-2016–28239, from the Spanish Ministry of Economy and Competitiveness. J. Parra-Arnau is with the UNESCO Chair in Data Privacy, but the views in this paper are his own and are not necessarily shared by UNESCO.Peer ReviewedPostprint (author's final draft

Nuevo marco de autenticación para tarjetas inteligentes en red. Aplicación al pago electrónico en entornos inalámbricos

En la actualidad, la importancia de la seguridad de la Información y de las Comunicaciones resulta incuestionable. En este contexto, la relevancia de la autenticación fiable entre entidades queda también patente en una diversidad de aspectos cotidianos. Por sus cualidades y ventajas como módulo criptográfico, la tarjeta inteligente ha desarrollado un papel fundamental en la autenticación de usuarios. Esta tesis doctoral estudia el proceso de transformación que está atravesando actualmente y que la convierte en un equipo con conectividad a la red, dentro de la Nueva Generación de Tarjetas Inteligentes. De esta evolución, resultan una variedad de implicaciones, que se expanden transversalmente desde el momento que dicha tarjeta se integra en la red. En el presente trabajo se trata dicha integración exclusivamente desde la perspectiva de los mecanismos de autenticación involucrados. Pero, ¿hacia dónde evoluciona esa red?. Una diversidad de redes de acceso, entre las que destacan las tecnologías inalámbricas y los dispositivos multimodo, van a conformar un panorama global del que las tarjetas inteligentes, actuales y futuras, deberán participar. ¿Se pueden hacer más robustos y seguros los esquemas actuales de autenticación remota para éstas?. ¿En qué medida han sido diseñados para ser adaptados a estas nuevas circunstancias?. Esta tesis aborda la problemática de una forma conjunta, atendiendo al esquema de autenticación extremo-a-extremo y plantea un nuevo Marco de Autenticación para Tarjetas Inteligentes en Red bajo cuyo paraguas podemos modelar, analizar e incluso proponer una arquitectura de protocolos de autenticación remota para las tarjetas inteligentes actuales y venideras. Tras el diseño y la implementación acorde con dicha arquitectura y una evaluación de las funcionalidades previstas, se realiza una aplicación sobre un escenario realista de pago electrónico en entornos inalámbricos; por un lado demostrando la viabilidad de la propuesta y, por otro, incidiendo en su versatilidad, que le permite ser robusta ante la transformación que les conduce hacia esa nueva generación

State of the Art, Trends and Future of Bluetooth Low Energy, Near Field Communication and Visible Light Communication in the Development of Smart Cities

The current social impact of new technologies has produced major changes in all areas of society, creating the concept of a smart city supported by an electronic infrastructure, telecommunications and information technology. This paper presents a review of Bluetooth Low Energy (BLE), Near Field Communication (NFC) and Visible Light Communication (VLC) and their use and influence within different areas of the development of the smart city. The document also presents a review of Big Data Solutions for the management of information and the extraction of knowledge in an environment where things are connected by an “Internet of Things” (IoT) network. Lastly, we present how these technologies can be combined together to benefit the development of the smart city

Towards Enhancing the Capability of IoT Applications by Utilizing Cloud Computing Concept

The emergence of smart and innovative applications in diverse domains has inspired our lives by presenting many state-of-The art applications ranging from offline to smart online systems, smart communication system to tracking systems, and many others. The availability of smart internet enabled systems has made the world as a global village where people can collaborate, communicate, and share information in secure and timely manner. Innovation in information technology focuses on investigating characteristics that make it easier for the people to accept and distribute innovative IT-based processes or products. To provide elastic services and resource the Internet service provider developed cloud computing to support maximal number of users. Cloud computing is a subscription paradigm in which users do not buy various resources permanently, but they purchase it with block chain-driven payment schemes (credit cards). A flexible, on-demand, and dynamically scalable computer infrastructure is offered by cloud providers to its clients on charging some amount of subscription. This research article provides an introduction of cloud computing and the integration of IoT concept, its impacts on crowd and organizations, provision of various services, and analyzing and selecting the appropriate features using probability distribution function for enhancing cloud-based IoT capabilities. In ambiguous and complex situations, decision makers use quantitative techniques combined with traditional approaches to select the appropriate one among a group of features. Probability distribution function is used to evaluate the appropriate features that will enhance the capabilities of cloud-based IoT application

Becoming Artifacts: Medieval Seals, Passports and the Future of Digital Identity

What does a digital identity token have to do with medieval seals? Is the history of passports of any use for enabling the discovery of Internet users\u27 identity when crossing virtual domain boundaries during their digital browsing and transactions? The agility of the Internet architecture and its simplicity of use have been the engines of its growth and success with the users worldwide. As it turns out, there lies also its crux. In effect, Internet industry participants have argued that the critical problem business is faced with on the Internet is the absence of an identity layer from the core protocols of its logical infrastructure. As a result, the cyberspace parallels a global territory without any identification mechanism that is reliable, consistent and interoperable across domains. This dissertation is an investigation of the steps being taken by Internet stakeholders in order to resolve its identity problems, through the lenses of historical instances where similar challenges were tackled by social actors. Social science research addressing the Internet identity issues is barely nascent. Research on identification systems in general is either characterized by a paucity of historical perspective, or scantily references digital technology and online identification processes. This research is designed to bridge that gap. The general question at its core is: How do social actors, events or processes enable the historical emergence of authoritative identity credentials for the public at large? This work is guided by that line of inquiry through three broad historical case studies: first, the medieval experience with seals used as identity tokens in the signing of deeds that resulted in transfers of rights, particularly estate rights; second, comes the modern, national state with its claim to the right to know all individuals on its territory through credentials such as the passport or the national identity card; and finally, viewed from the United States, the case of ongoing efforts to build an online digital identity infrastructure. Following a process-tracing approach to historical case study, this inquiry presents enlightening connections between the three identity frameworks while further characterizing each. We understand how the medieval doctrines of the Trinity and the Eucharist developed by schoolmen within the Church accommodated seals as markers of identity, and we understand how the modern state seized on the term `nationality\u27 - which emerged as late as in the 19th century - to make it into a legal fiction that was critical for its identification project. Furthermore, this investigation brings analytical insights which enable us to locate the dynamics driving the emergence of those identity systems. An ordering of the contributing factors in sequential categories is proposed in a sociohistorical approach to explain the causal mechanisms at work across these large phenomena. Finally this research also proposes historically informed projections of scenarios as possible pathways to the realization of authoritative digital identity. But that is the beginning of yet another story of identity