Search results

The purpose of this paper is to describe personal privacy and data authenticity problems in the cloud and provide solutions to reduce or eliminate them.

This paper reveals issues and applications of anonymity and authenticity in the cloud. It outlines common privacy settings of five web browsers, anonymous browsing on the Tor network and standard methods for verifying the integrity of files obtained in the cloud.

Cloud computing is an emerging technology for libraries which must balance the convenience of ubiquitous access against the potential risks for loss of anonymity and authenticity.

This article contributes to the body of literature on user privacy and data preservation in the cloud and their impact on the library community.

This paper aims to classify different types of “user-visible cryptography” and evaluate the value of user-visible cryptographic mechanisms in typical email and web scenarios for non-expert IT users.

The authors review the existing literature, and then identify user stories typical to their users of interest. They analyse the risks, mitigations of risks and the limits of those mitigations in the user stories.

The scenarios identified suggest that background, opportunistic encryption has value, but more explicit, user-visible cryptographic mechanisms do not provide any further mitigation. Other mechanisms beyond technological mitigations provide the required mitigation for the users.

Further work should be carried out on the trust issues with trusted third parties, as they are intrinsic to global, automated cryptographic mechanisms. The authors suggest that deployed systems should rely on automation rather than explicit user involvement; further work on how best to involve users effectively remains valuable.

Deployed systems should rely on automation rather than explicit user dialogues. This follows from recognised aspects of user behaviour, such as ignoring dialogues and unconsciously making a holistic assessment of risk that is mostly mitigated by social factors.

The user populations concerned rely significantly on the existing legal and social infrastructure to mitigate some risks, such as those associated with e-commerce. Guarantees from third parties and the existence of fallback procedures improve user confidence.

This work uses user stories as a basis for a holistic review of the issues surrounding the use of cryptography. The authors concentrate on a relatively large population (non-expert IT users) carrying out typical tasks (web and email).

The purpose of this paper is to provide an overview of the Sender Policy Framework (SPF) and discuss its merits for adoption as an anti‐phishing mechanism.

All of the active domains in the .se zone were probed to determine if they have an SPF‐policy. This data collection step is combined with a theoretical discussion of the SPF standard and related initiatives.

This paper finds that the adoption ratio is very low. Few seem to be interested in deploying it, despite it being designed for easy adoption and being consistently implemented in several popular anti‐spam solutions.

The paper shows that despite the low adoption‐ratio the standard merits implementation by IT/IS managers and software vendors.

This paper analyzes the adoption ratio, which is valuable both for software vendors and endorsers of the standard. It also provides an overview of the standard itself as an attempt to avoid common misconceptions about the role of the standard and its relation to other anti‐spam initiatives.

The objective of this paper is to investigate the legal and technical reasons why a declaration of will, denoted by a digital signature, can be cancelled and how this cancellation can be technically achieved.

Proposes a technical framework for establishing a signature revocation mechanism based on special data structures, the signature revocation tokens (SRT), and investigates the alternatives for disseminating the signature status information (SSI) to the relying parties.

A relying party has to take into consideration the possible existence of a signature revocation, in order to decide on the validity of a digital signature. A scheme based on a central public repository for the archival and distribution of signature revocation tokens exhibits significant advantages against other alternatives.

Identifies various intrinsic problems of the digital signature creation process that raise several questions on whether the signer performs a conscious and wilful act, although he/she is held liable for this action. The law faces the eventual right of the signer to claim a revocation of a previously made declaration of will, especially in cases of an error, fraud or duress.

The past decade in the area of supply chain management has been characterized by increased emphasis on collaboration between trading partners. The paradigm shift from competition to collaboration has been enabled by the explosive growth of the Internet as the medium for exchange of information between a business and its supply chain partners. However, the information that is communicated between the supply chain partners is among the most critical of an organization’s assets and the Internet as a medium of communication is replete with security loopholes. Presents the design of a security architecture that supply chain practioners may implement for secure, scalable and interoperable communication of information with their trading partners. The security architecture recognizes the implicit diversity in the types of supply chain partnerships that requires different levels of security for the different types of data sharing needs between the supply chain partners.

Aims to investigate the way that the semantic web is being used to represent and process social network information.

The Swoogle semantic web search engine was used to construct several large data sets of Resource Description Framework (RDF) documents with social network information that were encoded using the “Friend of a Friend” (FOAF) ontology. The datasets were analyzed to discover how FOAF is being used and investigate the kinds of social networks found on the web.

The FOAF ontology is the most widely used domain ontology on the semantic web. People are using it in an open and extensible manner by defining new classes and properties to use with FOAF.

RDF data was only obtained from public RDF documents published on the web. Some RDF FOAF data may be unavailable because it is behind firewalls, on intranets or stored in private databases. The ways in which the semantic web languages RDF and OWL are being used (and abused) are dynamic and still evolving. A similar study done two years from now may show very different results.

This paper describes how social networks are being encoded and used on the world wide web in the form of RDF documents and the FOAF ontology. It provides data on large social networks as well as insights on how the semantic web is being used in 2005.

This case is designed for use in JD/MBA programs or in contexts where mutual understanding of legal and financial issues is required. The case focuses on an entrepreneur in the security-software industry who is attempting to raise a first round of financing in October 2000. The firm was unsuccessful in attracting funding from venture capitalists and has relied on a small seed round and bridge loan from angel investors. The angels have now proposed investing $1.4 million in Series A convertible preferred stock. The entrepreneur must decide whether to accept the angel investors' proposal or revisit the issue of seeking venture capital. The case incorporates the Stockholder Agreement for the proposed Series A round, the capitalization of the company after the seed round, and five years of cash-flow projections for the firm. The case can be used in a law-school setting as a contract-drafting exercise and as an introduction to valuation. In a business-school setting, the case can help students understand the complex contract terms associated with a “plain-vanilla” form of venture capital. Valuation can be taught at an introductory level, or it can be made more complex if students are asked to incorporate “what-if” contract conditions into their analysis.

In line with the fast development of information technology, the Internet of Medical Robotic Things (IoMRT) is gaining more ground in health care. Sharing patients' information effectively and securely can improve sensing data usage and confidentiality. Nevertheless, current IoMRT data sharing schemes are lacking in terms of supporting efficient forward secrecy; when secret key for a robotic nurse as a data requester is compromised, all the historically shared data with this robotic nurse will be leaked.

The presented paper suggests an efficient puncturable attribute-based data sharing scheme enabling guaranteed firm security and versatile access control over health sensing data in IoMRT. This scheme integrates attribute-based and puncturable encryption to avail a shared secret key for data sharing that can be encrypted by an access structure over the Data Requester (DR) attributes. Additionally, the establishment of the shared key and the mutual authentication is simultaneously done between the cloud servers and DRs.

The proposed scheme can achieve forward secrecy by adopting the bloom filter technique that efficiently helps the updating of a private key with no need for the key distributor to reissue the key. The security proof illustrates that this scheme adheres to the security model. Besides, the performance evaluation expresses the feasibility of the suggested scheme.

The main goal of designing a puncture algorithm is to devise an updated key from the ciphertext and a secret key, allowing the decryption of all ciphertexts except the one that has been punctured on. This research illustrates the first effort to develop a puncturable attribute-based encryption scheme to achieve efficient finegrained data sharing in IoMRT.

eduroam™ has already been proved to be a scalable, secure and feasible way for universities and research institutions to connect their wireless networks into a WLAN roaming community, but the advantages of eduroam™ have not yet been fully discovered in the wireless community networks aimed at regular consumers. This aim of this paper is to describe how eduroam™ architecture and technologies can be utilised in building these kinds of wireless community networks and to present the experiences gathered in building the Wireless Tampere community network.

The eduroam™ architecture and technologies were chosen as the basis of Wireless Tampere community network architecture because of their scalability and security. Deploying eduroam™ technologies and architecture to a wider user base both confirmed old and revealed new issues and solutions in improving the usability and the deployment effort of eduroam™ and similar technologies.

The eduroam™ technology and architecture can be utilised to build wireless community networks, but additional effort must be allocated in improving the usability and the ease of deployment when consumers, company and other regular users are involved. The improvements achieved would not have been developed if the concept and architecture had not been exposed to consumer and company users. The development of both the eduroam™ and Wireless Tampere concept requires deploying them to a wider audience and improving them iteratively utilising the existing solutions as the basis for new improvements.

The paper presents the issues and problems, which were confronted when applying eduroam™ technologies in building the Wireless Tampere community network. The solutions found and deployment experiences presented can be utilised in improving eduroam™ as well as a basis for developing new, open and inter‐connected wireless community networks.