Enhancing FIDO Transaction Confirmation with Structured Data Formats

In paper

Browser as a Service (BaaS): Security and Performance Enhancements for the Rich Web

Abstract This paper introduces an architectural approach to access the Web via a virtual Web browser executed within a secure Cloud environment

Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example

Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside of online banking. Relying on password authentication alone, however, is not an option in light of recent attack patterns such as credential stuffing. Risk-Based Authentication (RBA) can serve as an interim solution to increase password-based account security until better methods are in place. Unfortunately, RBA is currently used by only a few major online services, even though it is recommended by various standards and has been shown to be effective in scientific studies. This paper contributes to the hypothesis that the low adoption of RBA in practice can be due to the complexity of implementing it. We provide an RBA implementation for the open source cloud management software OpenStack, which is the first fully functional open source RBA implementation based on the Freeman et al. algorithm, along with initial reference tests that can serve as a guiding example and blueprint for developers

Security and Privacy Enhancing Multi-Cloud Architectures

Security challenges are still among the biggest obstacles when considering the adoption of cloud services. This triggered a lot of research activities, resulting in a quantity of proposals targeting the various cloud security threats. Alongside with these security issues, the cloud paradigm comes with a new set of unique features, which open the path toward novel security approaches, techniques, and architectures. This paper provides a survey on the achievable security merits by making use of multiple distinct clouds simultaneously. Various distinct architectures are introduced and discussed according to their security and privacy capabilities and prospects

Extraction and Accumulation of Identity Attributes from the Internet of Things

Internet of Things (IoT) devices with wireless communication provide person-relateable information usable as attributes in digital identities. By scanning and profiling these signals against location and time, identity attributes can be generated and accumulated. This article introduces the concept of harvesting identifiable information from IoT. It summarizes ongoing work that aims at assessing the amount of person-relatable attributes that can get extracted from public IoT signals. We present our experimental data collection in Oslo/Norway and discuss systematic harvesting, our preliminary results, and their implications

Extraction and Accumulation of Identity Attributes from the Internet of Things

Internet of Things (IoT) devices with wireless communication provide person-relateable information usable as attributes in digital identities. By scanning and profiling these signals against location and time, identity attributes can be generated and accumulated. This article introduces the concept of harvesting identifiable information from IoT. It summarizes ongoing work that aims at assessing the amount of person-relatable attributes that can get extracted from public IoT signals. We present our experimental data collection in Oslo/Norway and discuss systematic harvesting, our preliminary results, and their implications

Security for XML Data Binding

International audienceThis paper introduces a complementary extension to XML data binding enabling the (selective) protection of structured objects and members. By this contribution, an object can be transformed into a secured object which contains encrypted and/or signed parts according to an assigned security policy. The serialization of secured objects results in XML data which is protected by standard XML security means. Thus, this approach introduces a data-oriented security mechanism which seamlessly integrates into XML data binding and therefore enables cross-platform (de)serialization of secured objects without the need of programming against a specific XML security API. Distinct entities in a distributed processing environment then operate transparently either on plain or secured instances of a class