Blockchain in Energy Communities, A proof of concept

This report aims at exploring the use of the distributed ledger paradigm to incentive the participation of the citizen to a truly free, open and interoperable energy market, producing a feasibility study and a first demo testbed, taking also into consideration privacy, cybersecurity and big-data issues of the smart-home in the Energy market context. This study is intended to support point 4.1, 4.2 and 4.3 of the DSM (COM(2015)192) and point 2.2 of the Energy Union package (COM(2015)80.JRC.E.3-Cyber and Digital Citizens' Securit

Feasibility study and prototyping of a blockchain-based transport-service pricing and allocation platform

This report summarizes the activity and findings of the JRC Proof of Concept Project Ridechain. The project investigated the applicability and market potential of blockchain technology for asset sharing in the road transport sector. The project comprised two principal activities. The first activity was market research and analysis to support the development of a new service concept and business model for blockchain-powered shared mobility. Specifically, the research resulted in the definition of a novel technology platform that leverages blockchain, cloud services, and in-car technology to enhance trust, streamline coordination and improve information exchange in P2P car sharing ecosystems. The second activity was technology prototyping to demonstrate the technical feasibility of the novel service concept using state of the art blockchain and IoT frameworks. These two activities provided answers to two respective research questions. First, what would be a high-value transport sector market to which a blockchain-powered technology product could offer a high-value solution? Second, how could this technology product be realized?JRC.C.4-Sustainable Transpor

Cybersecurity, our digital anchor: A European perspective

The Report ‘Cybersecurity – Our Digital Anchor’ brings together research from different disciplinary fields of the Joint Research Centre (JRC), the European Commission's science and knowledge service. It provides multidimensional insights into the growth of cybersecurity over the last 40 years, identifying weaknesses in the current digital evolution and their impacts on European citizens and industry. The report also sets out the elements that potentially could be used to shape a brighter and more secure future for Europe’s digital society, taking into account the new cybersecurity challenges triggered by the COVID-19 crisis. According to some projections, cybercrime will cost the world EUR 5.5 trillion by the end of 2020, up from EUR 2.7 trillion in 2015, due in part to the exploitation of the COVID-19 pandemic by cyber criminals. This figure represents the largest transfer of economic wealth in history, more profitable than the global trade in all major illegal drugs combined, putting at risk incentives for innovation and investment. Furthermore, cyber threats have moved beyond cybercrime and have become a matter of national security. The report addresses relevant issues, including: - Critical infrastructures: today, digital technologies are at the heart of all our critical infrastructures. Hence, their cybersecurity is already – and will become increasingly – a matter of critical infrastructure protection (see the cases of Estonia and Ukraine). - Magnitude of impact: the number of citizens, organisations and businesses impacted simultaneously by a single attack can be huge. - Complexity and duration of attacks: attacks are becoming more and more complex, demonstrating attackers’ enhanced planning capabilities. Moreover, attacks are often only detected post-mortem . - Computational power: the spread of malware also able to infect mobile and Internet of Things (IoT) devices (as in the case of Mirai botnet), hugely increases the distributed computational power of the attacks (especially in the case of denial of services (DoS)). The same phenomenon makes the eradication of an attack much more difficult. - Societal aspects: cyber threats can have a potentially massive impact on society, up to the point of undermining the trust citizens have in digital services. As such services are intertwined with our daily life, any successful cybersecurity strategy must take into consideration the human and, more generally, societal aspects. This report shows how the evolution of cybersecurity has always been determined by a type of cause-and-effect trend: the rise in new digital technologies followed by the discovery of new vulnerabilities, for which new cybersecurity measures must be identified. However, the magnitude and impacts of today's cyber attacks are now so critical that the digital society must prepare itself before attacks happen. Cybersecurity resilience along with measures to deter attacks and new ways to avoid software vulnerabilities should be enhanced, developed and supported. The ‘leitmotiv’ of this report is the need for a paradigm shift in the way cybersecurity is designed and deployed, to make it more proactive and better linked to societal needs. Given that data flows and information are the lifeblood of today’s digital society, cybersecurity is essential for ensuring that digital services work safely and securely while simultaneously guaranteeing citizens’ privacy and data protection. Thus, cybersecurity is evolving from a technological ‘option’ to a societal must. From big data to hyperconnectivity, from edge computing to the IoT, to artificial intelligence (AI), quantum computing and blockchain technologies, the ‘nitty-gritty’ details of cybersecurity implementation will always remain field-specific due to specific sectoral constraints. This brings with it inherent risks of a digital society with heterogeneous and inconsistent levels of security. To counteract this, we argue for a coherent, cross-sectoral and cross-societal cybersecurity strategy which can be implemented across all layers of European society. This strategy should cover not only the technological aspects but also the societal dimensions of ‘behaving in a cyber-secure way’. Consequently, the report concludes by presenting a series of possible actions instrumental to building a European digital society secure by design.JRC.E.3-Cyber and Digital Citizens' Securit

Security System for Mobile Commerce Applications

QC 20131115</p

Generic, secure and modular (GSM) methodology for design and implementation of secure mobile applications

The generic, secure and modular methodology, described in this paper, provides a generic approach for the design and development of secure mobile applications. It is applicable to multiple mobile phone platforms and mobile operating environments. This approach treats a mobile application in a holistic way and structures it into four groups of modules: user interface modules, communication modules, security modules, and business logic modules. These four groups of modules can be designed and implemented independently and finally be integrated together. This approach not only simplifies the process of design and development of mobile applications, but also improves the reusability and robustness of mobile applications. In addition, this paper proposes a trusted layer model for designing the security modules of mobile applications, which provides generic application interfaces and comprehensive data protection. The paper finally gives an example of a secure mobile application, called SAFE Mobile Wallet, which was designed and implemented using GSM methodology.This paper won the Best Paper Award at the conference.http://www.iaria.org/conferences2012/awardsSECURWARE12/securware2012_a1.pdfQC 20130322</p

Secure and Trusted Mobile Commerce System based on Virtual Currencies

With the widespread usage of mobile devices and their applications, many areas of innovation have created a multitude of opportunities for mobile technologies to be deployed with very interesting effects. One such new area that emerged in the last few years is mobile commerce. It represents a system where various entities create real–life or digital assets, distribute information about them to interested consumers, execute transactions, accept various types of compensation methods, and finally deliver these assets; all of it in a secure and trusted manner, respecting users’ privacy. Since mobile devices are increasingly used for m-commerce, it is important to ensure that users’ data on such devices are kept secure. Mobile devices contain many of our personal and private data and information, since we nowadays use them for all kind of activities, both personal and professional. However, such data and information are not always treated in a secure and privacy friendly way. The goal of this thesis is to identify and provide solutions to security related problems found on mobile devices, such as communications, storage and mobile application design, and with the use of cryptocurrencies to combine the findings in the design of a secure mobile commerce system. As a result, this thesis describes a design and architecture of a secure e-commerce system, called eAgora, primarily exploiting mobile technology. The system is innovative as it treats digital goods, classified and called mobile commerce objects. Based on the attributes and anticipated use of such specific m–commerce objects, different security and privacy measures for each of them are needed and enforced. The goal was to design a system that deals with mobile commerce in a secure and privacy friendly way in all the lifecycle of the transactions. As users are mostly using mobile devices to connect to the proposed services, research first focused on mobile device security and privacy issues, such as insecure storage on the mobile device, insecure handling of user credentials and personal information, and insecure communications. Issues not only coming from the device itself but also from the nature of it; being mobile it is used in a different way that the classical desktop computers. Mobile devices are used in public, in an environment that cannot be controlled, and are interfacing a variety of networks that are not under the mobile device user’s control. Potential attackers’ interest was analysed in different mobile commerce scenarios in order to understand the needs for security enhancements. After having analyzed the possible threats, a methodology for mobile application development that would allow many common development errors to be avoided and security and privacy mechanisms to be considered by design was specified. Moreover, in order to provide secure storage and guard against active and passive intruder attacks, a secure Mobile Crypto Services Provider facility that allows storage of data on the UICC cards was designed and implemented. In order to secure communications, a secure e-mail application was designed and implemented. The application provides a user-friendly way to encrypt and sign e-mails, using the users’ already working e-mail accounts. The security functionality is completely transparent to users and ensures confidentiality and integrity of e-mail exchange. For the mobile commerce system, an architecture that enables exchange of m-commerce objects between different merchants, customers and retailers is proposed. Inthe architecture, policy enforcement and the feature to detect suspicious events that may be illegal and to cooperate with law enforcement was embedded. The newly defined technology of virtual currencies is used as a payment facilitator within the proposed architecture. Many of its innovative features are adopted but some are also extended, such as the secure use of the user wallet files, i.e. the files that link the user with the virtual currencies and enable payment transactions between customers and merchants. Although there is no distinction between different virtual currencies, Bitcoin is used as an example of a market valued trading currency to validate and evaluate the proposed secure e-commerce architecture and the findings have been applied on it. The thesis provides detailed use cases that demonstrate how the proposed architecture of eAgora functions in different complicated e-trading circumstances and how different security related mechanisms are used. The thesis concludes with the analysis of the research results and with proposed directions for future research and development works.QC 20150521</p

The MobiLeak Project: Forensics Methodology for Mobile Application Privacy Assessment

When talking about privacy, we talk about infor- mation, about data. There are several aspects that have to be considered when aiming to assess the privacy level of an application. These aspects are the states in which data can exist: data at rest, data in use and data in transit. Each of these require different methodologies and technologies in order to be properly addressed. This paper focuses on the state where data are at rest. It will be shown how common mobile forensics methodologies and tools can be used to assess the privacy level of mobile applications, and therefore how mobile applications store and manage personal information.JRC.G.7-Digital Citizen Securit

Trust in Mobile Commerce

This paper describes how a citizen, in our case a user of a mobile phone, is confronted with several aspects of trust when he/she uses different mobile commercial objects in a digital world. In particular, the topic of m-commerce and how a client mitigates trust all the way from his/her mobile device to the merchant is dealt with. To assess the trust chain, especially in respect to privacy and data protection, objects (for example a voucher) are used to model the mobile commerce domain.QC 20130423</p

Trust in Mobile Commerce

This paper describes how a citizen, in our case a user of a mobile phone, is confronted with several aspects of trust when he/she uses different mobile commercial objects in a digital world. In particular, the topic of m-commerce and how a client mitigates trust all the way from his/her mobile device to the merchant is dealt with. To assess the trust chain, especially in respect to privacy and data protection, objects (for example a voucher) are used to model the mobile commerce domain.QC 20130423</p

Trust in Mobile Commerce

This paper describes how a citizen, in our case a user of a mobile phone, is confronted with several aspects of trust when he/she uses different mobile commercial objects in a digital world. In particular, the topic of m-commerce and how a client mitigates trust all the way from his/her mobile device to the merchant is dealt with. To assess the trust chain, especially in respect to privacy and data protection, objects (for example a voucher) are used to model the mobile commerce domain.QC 20130423</p