Etude du concept de confiance pour les infrastructures à clés publiques

Les infrastructures à clés publiques (ICPs) constituent à ce jour un élément majeur de la construction d’espaces sécurisés dans les environnements numériques. L’ICP se base sur un modèle de confiance composé de trois entités, à savoir les autorit´es de certification (ACs), les porteurs de certificat et les entités d´ependantes (EDs). Historiquement, ce modèle de confiance a été conçu pour des cas où les porteurs de certificat et les EDs ont des relations directes avec les ACs (par exemple tous font partie de la même entreprise). Aujourd’hui dans Internet, les EDs n’ont aucune relation directe avec les ACs. Cette nouvelle situation nécessite donc une définition plus précise de la notion de la confiance entre les ACs et les EDs. Nous montrons que l’évaluation de la confiance selon cette définition nécessite des expertises juridiques et techniques. Nous proposons donc de modifier le modèle de confiance à trois entités en ajoutant le rôle de l’expert technique et juridique qui aide les EDs à prendre des décisions sur les certificats

Should We Rush to Implement Password-less Single Factor FIDO2 based Authentication?

© 2020 IEEE. Fast Identity Online (FIDO) Alliance and W3C have defined a set of specifications (called FIDO2) that allows a user to replace the password based authentication system. However, none of the high profile web sites have implemented FIDO2 yet as password-less single factor (SF) authentication (password-less SF). In this paper, we analyze the set of factors that make websites reluctant to adopt password-less FIDO SF authentication. We start by comparing the threat models of password-less FIDO SF authentication with password-based SF authentication. Our analysis shows that although password-based authentication is less secure than FIDO SF authentication, other factors related to the usability of FIDO security keys and FIDO based authentication system, the non-consideration of enterprise requirements and the lack of specifications regarding account recovery/deletion and suspension are the main obstacles to the adoption of password-less FIDO SF authentication

Which Virtualization Technology is Right for My Online IT Educational Labs?

Many IT labs require virtualization technology as students need to learn several software tools and operating systems. In an online setting, students sometimes are expected to fill the role of an IT lab architect by installing, configuring, deploying lab tasks on their personal computers, and deciding the virtualization technology needed. This can be intimidating and time-consuming for many students. Further, students often use traditional virtualization technology that is neither needed nor justified costing students significant time, effort, and computing resources. Existing studies discuss virtualization technology appropriateness in the context of industrial applications. This study, however, explores potential virtualization technologies that can be utilized in an academic setting by means of case studies that reflect our experience in transforming the labs of one of our courses. This study assesses virtualization technology suitability in online academic labs in terms of networking, setup time, feasibility, storage, and performance

How to Design and Deliver Courses for Higher Education in the AI Era: Insights from Exam Data Analysis

In this position paper, we advocate for the idea that courses and exams in the AI era have to be designed based on two factors: (1) the strengths and limitations of AI, and (2) the pedagogical educational objectives. Based on insights from the Delors report on education [1], we first address the role of education and recall the main objectives that educational institutes must strive to achieve independently of any technology. We then explore the strengths and limitations of AI, based on current advances in AI. We explain how courses and exams can be designed based on these strengths and limitations of AI, providing different examples in the IT, English, and Art domains. We show how we adopted a pedagogical approach that is inspired from the Socratic teaching method from January 2023 to May 2023. Then, we present the data analysis results of seven ChatGPT-authorized exams conducted between December 2022 and March 2023. Our exam data results show that there is no correlation between students' grades and whether or not they use ChatGPT to answer their exam questions. Finally, we present a new exam system that allows us to apply our pedagogical approach in the AI era

G-Cloud on Openstack : Adressing access control and regulation requirements

It is well known that e-Government applications bring several benefits to citizens in terms of efficiency, accessibility and transparency. Today, most of governments tend to propose cloud computing based e-services to their citizens. A key component in these services is the access control management issue. In this paper, we present our research works for building an access control system for the Djiboutian e-Government project that is built using Openstack framework. Specifically, we demonstrate the limitation of the integrated access control system in Openstack for the Djiboutian e-Government access control requirements and for the compliance to the related regulation. Thus, we propose to extend the existing access control system of Openstack by integrating the features of the XACML V3 to the Openstack framework

RootAsRole: a security module to manage the administrative privileges for Linux

Today, Linux users use sudo/su commands to attribute Linux’s administrative privileges to their programs. These commands always give the whole list of administrative privileges to Linux programs, unless there are pre-installed default policies defined by Linux Security Modules(LSM). LSM modules require users to inject the needed privileges into the memory of the process and to declare the needed privileges in an LSM policy. This approach can work for users who have good knowledge of the syntax of LSM modules’ policies. Adding or editing an existing policy is a very time-consuming process because LSM modules require adding a complete list of traditional permissions as well as administrative privileges. We propose a new Linux module called RootAsRole that is dedicated to the management of administrative privileges. RootAsRole is not proposed to replace LSM modules but to be used as a complementary module to manage Linux administrative privileges. RootAsRole allows Linux administrators to define a set of roles that contain the administrative privileges and restrict their usage to a set of users/groups and programs. Finally, we conduct an empirical performance study to compare RootAsRole tools with sudo/su commands to show that the overhead added by our module remains acceptable

Cloud-based online social network

International audienceOnline social media network has become part of human life by transforming the way users create new social relations or relate with family and friends. Online social network (OSN) has drastically increased the rate at which people interact with each other by simplifying the means of communication. However, privacy is raising a serious concern. All user generated data within the OSN system need to be protected against unauthorized friends or hackers or even against the provider of OSN. Many research works are going on to encounter the privacy issues in OSN. This paper analyses the limitations of the recent work being done in this field and proposes an efficient abstract solution to them

Improved Identity Management with Verifiable Credentials and FIDO

We describe how FIDO and W3C VCs can overcome the problems of existing identity management systems. We describe our conceptual model and architecture, and the protocol we used by extending FIDO’s UAF in order to provide both strong authentication and strong authorization. We built a pilot implementation for U.K. NHS patients to validate our implementation. Patients were able to use a mobile phone with a fingerprint reader to access restricted NHS sites in order to make and cancel appointments and order repeat prescription drugs. Our initial user trials with 10 U.K. NHS patients found the system to be easy to use, and fingerprints to be preferable to using usernames and passwords for authentication