30 research outputs found

    State of the art in privacy preservation in video data

    No full text
    Aleksic, Slavisa, Colonna, Liane, Dantas, Carina, Fedosov, Anton, Florez-Revuelta, Francisco, Fosch-Villaronga, Eduard, Jevremovic, Aleksandar, Msakniç, Hajer Gahbiche, Ravi, Siddharth, Rexha, Blerim, & Tamò-Larrieux, Aurelia. (2022)

    Securing Web services in a user-to-application model based on certificate private extensions and smartcard technology

    No full text
    Web Services are fundamental building blocks in the move to distributed computing over the Internet. Security and privacy are central issues for the acceptance of Web Services in particular and the growth of the Internet market in general. Public Key Infrastructure and X.509 Certificates have been established as the most trustworthy methods for assuring online security. In this thesis are compared the existing approaches for securing Web Services and proposed new approaches for increasing security by avoiding privacy violation using X.509 certificate private extensions and storing these certificates in smartcards. Adopting the Internet for every possible transaction has lead to a situation where a user has to enter extra information for completing his real profile. The aim of the thesis is to increase user privacy in online transactions. This is achieved through extending certificates with private extensions. Each extension holds encrypted data for user properties, such as: credit card number, insurance number, addresses, etc., and thus each online participant understands the general (public) data on the certificate and one relevant encrypted private extension.Web-Dienste sind die fundamentalen Bausteine für verteilte Applikationen über das Internet. Sicherheit und Privatsphäre haben eine bedeutende Rolle, da von ihnen die Akzeptanz der Web-Dienste, insbesondere das Wachstum des Internet-Marktes, abhängt. Public Key Infrastructure und X.509-Zertifikate sind seit Jahren bewährte Methoden um die Sicherheit der Online Transaktionen zu erhöhen. In dieser Arbeit werden existierende Ansätze über die Sicherheit von Web-Dienste verglichen. Ausserdem werden neue Ansatze vorgestellt, wie die Sicherheit erhöht werden kann, indem die Verletzung der Privatsphäre durch Verwendung der privaten Erweiterungen in X.509 Zertifikaten und speichern dieser Zertifikate in Smartcards vermieden wird. Die Verwendung des Internets für jegliche Transaktionen hat dazu geführt, dass der Benutzer noch zusätzliche Informationen eingeben muss, um sein Benutzerprofil zu vervollständigen. Ziel dieser Arbeit ist es, die Privatsphäre der Benutzer in Online-Transaktionen zu erhöhen. Das wird erreicht durch Hinzufügen von privaten Erweiterungen in das Zertifikat. Jede Erweiterung besteht aus verschlüsselten Benutzereigenschaften wie z.B.: Kreditkartennummer, Versicherungsnummer, Anschrift, usw. Somit versteht jeder Online-Teilnehmer die allgemeinen Daten im Zertifikat und den für ihn dazugehörigen verschlüsselten Anteil

    The prospect of joining the EU and civil service reform in the Republic of North Macedonia

    No full text
    The Republic of North Macedonia, a candidate country in the EU, is continuously subject to conditionality in relation to establishing a professional and effective public administration from the EU institutions and from the civil society. This paper employs the qualitative methodology of process tracing to find out whether the EU conditionality has managed to establish a merit-based civil service. The data are gathered and analyzed for a period of ten years while analyzing the legal and institutional structure of the civil service. The findings identify the factors that hampered or prolonged the implementation of reforms and they offer insights on the conditions necessary for the civil service reforms to take place

    Increasing Trustworthiness of Face Authentication in Mobile Devices by Modeling Gesture Behavior and Location Using Neural Networks

    No full text
    Personal mobile devices currently have access to a significant portion of their user’s private sensitive data and are increasingly used for processing mobile payments. Consequently, securing access to these mobile devices is a requirement for securing access to the sensitive data and potentially costly services. Face authentication is one of the promising biometrics-based user authentication mechanisms that has been widely available in this era of mobile computing. With a built-in camera capability on smartphones, tablets, and laptops, face authentication provides an attractive alternative of legacy passwords for its memory-less authentication process, which is so sophisticated that it can unlock the device faster than a fingerprint. Nevertheless, face authentication in the context of smartphones has proven to be vulnerable to attacks. In most current implementations, a sufficiently high-resolution face image displayed on another mobile device will be enough to circumvent security measures and bypass the authentication process. In order to prevent such bypass attacks, gesture recognition together with location is proposed to be additionally modeled. Gestures provide a faster and more convenient method of authentication compared to a complex password. The focus of this paper is to build a secure authentication system with face, location and gesture recognition as components. User gestures and location data are a sequence of time series; therefore, in this paper we propose to use unsupervised learning in the long short-term memory recurrent neural network to actively learn to recognize, group and discriminate user gestures and location. Moreover, a clustering-based technique is also implemented for recognizing gestures and location

    Using Efficient TRNGs for PSEUDO Profile in National eID Card

    No full text
    Applications that requires true random number generator (TRNG), which uses raw analog data generated from any noise source in nature, must convert the source normal distribution to uniform distribution. Many up to date implementations convert the raw analog data into digital data by employing a comparator or a Schmitt trigger. This method wastes a large amount of random input data, lowering the throughput of the TRNG. In new national electronic identity card (eID) beyond the true identity of his bearer and to address the increasing concern of user privacy while doing business in Internet an additional pseudo profile is set. This pseudo profile uses 20-byte random value generated by database server, using a script during personalization process. In this paper, we present a novel algorithm that enables efficient distribution conversion in low power devices. The low memory requirements and efficient processing make it suitable for implementation low power cryptographic devices but also in complex personalization systems. Furthermore, we compare the random data generated by our efficient TRNG vs. those generated by database server.</jats:p

    CyberNFTs: conceptualising a decentralised and reward-driven intrusion detection system with ML

    No full text
    The rapid evolution of the Internet, particularly the emergence of Web3, has transformed the ways people interact and share data. Web3, although still not well defined, is thought to be a return to the decentralization of corporations\u27 power over user data. Despite the obsolescence of the idea of building systems to detect and prevent cyber intrusions, this is still a topic of interest. This paper proposes a novel conceptual approach for implementing decentralized collaborative intrusion detection networks (CIDN) through a proof-of-concept. The study employs an analytical and comparative methodology, examining the synergy between cutting-edge Web3 technologies and information security. The proposed model incorporates blockchain concepts, cyber non-fungible token (cyberNFT) rewards, machine learning algorithms, and publish/subscribe architectures. Finally, the paper discusses the strengths and limitations of the proposed system, offering insights into the potential of decentralized cybersecurity models.9 pages, 6 figures, 1 table, 1 algorithm, 1 listing, journal articl

    Enhancing Trustworthiness and Interoperability of Electronic Voting Systems through Blockchain Bridges

    No full text
    Decentralized applications leveraging blockchain technology are gaining widespread adoption within the decentralized applications ecosystem. Interoperability, a fundamental concept facilitating seamless data and processing power exchange across diverse blockchain networks, is paramount in this context. The primary objective of this paper is to explore the transformative potential of "blockchain bridges" in facilitating secure and transparent electronic voting processes across multiple blockchain networks. The study employs a comprehensive analysis of various approaches, including atomic exchanges, sidechains, cross-chain bridges, token wrappers, and interledger protocols. The selection of a specific method is guided by the unique requirements and privacy considerations of the electronic voting use case. The application of two distinct blockchains serves as a practical demonstration, illustrating the principles of blockchain bridges in real-world scenarios. The research reveals that blockchain bridges not only streamline the exchange of data between diverse blockchain networks but also establish a dual decentralization paradigm. This paradigm enables the creation of openly maintained, purpose-specific, decentralized ledgers for electronic voting. The integration of blockchain bridges significantly reduces the risk of fraud, instilling greater confidence in the accuracy of election results. Thus, by presenting a comprehensive array of approaches and emphasizing their practical application, this research contributes to advancing the understanding and implementation of blockchain technology in the critical domain of electronic voting. Doi: 10.28991/HIJ-2023-04-04-04 Full Text: PD
    corecore