Study and development of a remote biometric authentication protocol

This paper reports the phases of study and implementation of a remote biometric authentication protocol developed during my internship at the I.i.t. of the C.n.r. in Pisa. Starting from the study of authentication history we had a look from the first system used since the 60ies to the latest technology; this helped us understand how we could realize a demonstration working protocol that could achieve a web remote authentication granting good reliability: to do this we choosed to modify the SSL handshake with biometric tests and we decided to use smart-cards a secure vault for the sensible biometric data involved. In the first chapter you will find a brief definition of authentication and an introduction on how we can achieve it, with a particular focus on new biometric techniques. In the second chapter there\u27s the history of authentication from the very first password system to actual ones: new token and smart card technolgies are longer stressed in order to introduce the reader to the last chapter. In the third chapter you will find the project framework, the development of our implementation choiches and the source code of the demo project

Privacy Concerns Regarding the Use of Biometrics in Trusted Traveler Programs

One of the objectives of the U.S. government is to balance the individual’s right to privacy and national security interests. Trusted Traveler programs create a risk-based security model where the traveling public is categorized into low or high risk. There are, however, some privacy concerns related to the acceptance of the use of biometric technology in the adoption of expedited security screening procedures in commercial airports. The theoretical construct of this case study of the TSA Pre-Check Program is based on Ajzen and Fischbein’s theory of reasoned action, specifically through Davis’ technology acceptance model. The purpose of this case study was to explore the perceptions of the traveling public regarding the protection of privacy and the use of biometric technologies. Data for this study included 325 social media postings, 50 privacy complaints reported to the Department of Homeland Security between 2009 and 2014, and publicly available data from the Government Accountability Office about expedited screening for the years 2011 – 2014. Data were coded into a priori themes and then subjected to a content analysis procedure. Findings indicate that the traveling public generally support expedited security screening and consent to waiving certain privacy rights in order to facilitate expedited screening. Complaints from travelers were also primarily related to wait times and secondary screening, and not privacy concerns. The positive social change implications stemming from this study include recommendations to the TSA to expand the Trusted Traveler programs such that the primary concern of the traveling public, reduction of wait time is balanced against privacy concerns about the collection of biometric data as part of a measured response to aviation security

A Tale of Two Administrations: A Comparison between the George W. Bush and the Barack H. Obama Administrations on Border Security

Border security remains a prominent political issue in 2018. During the 2016 presidential campaign, candidates from the Republican and Democratic parties referred to the effectiveness, or lack thereof, of policies about border security that were implemented by the Bush and Obama Administrations. This article analyzes the policies implemented by both administrations and compares them in order to assess the validity of claims about these policies made by presidential candidates from both parties during the 2016 campaign. In addition, this article quantitatively analyzes data from immigration and border enforcement policies for both the Bush and Obama administrations and offers possible policy considerations for securing U.S. borders

Towards internet voting in the state of Qatar

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Financial inclusion of the elderly : exploring the role of mobile banking adoption

The extant literature highlights that mobile banking offers various benefits for consumers. However, there is only a limited number of studies that investigate mobile banking adoption by the elderly. This study investigates the factors influencing the adoption of mobile banking by the elderly in a developing country context. The authors explore the enablers, barriers and perceptions of the elderly towards mobile banking adoption. Data were collected through interviews and focus group sessions with respondents from KwaZulu Natal Province in South Africa. The study relies on the Actor-Network Theory as a lens through which to understand the interrelated factors that influence the elderly’s perception and adoption of mobile banking. The results reveal a low adoption of mobile banking by the elderly. In addition, it was evident that the barriers that influence the adoption of mobile banking by the elderly include a lack of information and understanding, security and trust issues, demographic factors, language, the complexity of mobile banking applications, and resistance to change. The identified important enablers towards the adoption of mobile banking include convenience, unlimited access, cost-effectiveness. The study proposes a mobile banking adoption model for the elderly and highlights the interrelated technical and non-technical factors influencing mobile banking adoption. Additionally, it offers design guiding principles aligned to the elderly’s needs and perceptions of mobile banking.https://aip.vse.czpm2021Informatic

Continuous Identity Verification in Cloud Computing Services

Cloud computing has become a hugely popular new paradigm for hosting and delivering services over the internet for individuals and organisations with low cost. However, security is a sensitive issue in cloud computing, as it its services remain accessible to anyone after initial authenticated login and for significant periods. This has led to an increase in the number of attacks on sensitive cus-tomer information. This research identified biometric approaches as a possible solution for security to be maintained beyond the point of entry. Specifically, behaviour profiling has been proposed and applied across various other applications in the area of Transparent Authentication Systems (TAS’s) and Intrusion Detection Systems (IDS’s) to detect account misuse. However, little research has sought to imple-ment this technique within cloud computing services to detect misuse. This research proposes a novel continuous identity verification system as a supporting factor to protect cloud users by operating transparently to detect ab-normal access. The research examines the feasibility of applying a behavioural profiling technique on cloud users with respect to Software as a Service (SaaS) and Infrastructure as a Service (IaaS). Two real-life datasets were collected from 30 and 60 users for SaaS and IaaS studies, respectively. A thorough design and investigation of the biometric techniques was undertaken, including description statistics analysis and pattern classification optimisation. A number of factors were analysed to evaluate the impact on system performance, such as volume of data and type of sample selection. On average, using random sampling, the best experimental result achieved an EER (Equal Error Rate) of as low as 5.8%; six users experienced EERs equal to or less than 0.3%. Moreover, the IaaS study achieved a higher performance than the SaaS study with an overall EER of 0.32%. Based on the intensive analysis of the experimental performance of SaaS and IaaS studies, it has been identified that changes in user behaviour over time can negatively affect the performance of the suggested technique. Therefore, a dy-namic template renewal procedure has been proposed as a novel solution to keep recent user behaviour updated in the current users’ templates. The practi-cal experimental result using the more realistic time-series sampling methodolo-gy has shown the validity of the proposed solution with higher accuracy of 5.77 % EER

Public Policy and Technology: Advancing Civilization at the Expense of Individual Privacy

Technological advances have created a new existence, providing an unforeseen level of interaction and transaction between parties that have never physically met. Preliminary thinking was that these advances would create a previously unimaginable level of privacy and anonymity. While a surface examination suggests an abundance of privacy in modern society, a more thorough examination reveals different results. Advances in technology and changes in public policy have produced a world in which a startling amount of information is available regarding a given individual. Rather than experiencing an increase in individual privacy, modern societies suffer from rapidly decreasing individual privacy

Privacy And Security Concerns In Electronic Health Records - A Comparative Study Between India And USA

With the pandemic hitting hard, the realization that India needs to increase investments and improve healthcare sector in the country is sinking in, each passing day. The induction of Information and Communication Technology (ICT) in healthcare system is revolutionizing the healthcare system across the globe by increasing the availability and accessibility of healthcare to the patients. Electronic Medical Record or Electronic Health Record is a fundamental pre-requisite in using ICT in healthcare. It is a digital record that integrates patients' health data and is used for the purposes of education, research, referral, and management of data. Many developed countries including USA have a well-established system of Electronic Health Records in place. Although with numerous benefits, many concerns are raised regarding the protection of the information and privacy of the individuals as it includes sensitive personal data. The Government have proposed two new legislations namely, the Personal Data Protection Bill, 2018 and the Digital Information Security Healthcare Act, 2018, to tackle the setbacks of current law. The objective of the paper is to discuss the issues related to privacy and security of health data and analyse the lacuna in the existing and proposed legislations in India. Furthermore, the paper provides suggestions for improvement in data protection laws in India and highlights those measures that can be borrowed from the federal legislations related to health privacy in USA (HIPAA, 1996 and HITECH Act, 2009). Keywords: Electronic Health Records, Health Information Privacy, DISHA, Data Protection Bill, Aarogya Set