As organisations move towards infrastructures which are highly dependent on their Web infrastructure, they are now at great risk from external parties who can use a number of motivations, such as for a political agenda, to compromise their activities. This presentation will show a number of recent cases which have resulted in serious loss of business confidence, and outline methods that can be used to support the detection and mitigation of the risks.
The growing spread of misinformation and dis-information has grave political, social, ethical, and privacy implications for society. Therefore, there is an ethical need to combat the flow of fake news. This paper attempts to resolves some of the aspects of this combat by presenting a high-level overview of TRUSTD, a blockchain and collective signature based ecosystem to help news creators getting their news backed by the community, and to help users to judge on the credibility and correctness of these news.
High/ultra-high speed data connections are currently being developed, and by the year 2020, it is expected that the 5th generation networking (5GN) should be much smarter. It would provide great quality of service (QoS) due to low latency, less implementation cost and high efficiency in data processing. These networks could be either a point-to-point (P2P) communication link or a point-to-multipoint (P2M) communication link, which, P2M is also known as multi-casting that addresses multiple subscribers. The P2M systems usually have diverse nodes (also called as 'Things') according to services and levels of security required. These nodes need an uninterrupted network inter-connectivity as well as a cloud platform to manage data sharing and storage. However, the Internet of Things (IoT), with real-time applications like in smart cities, wearable gadgets, medical, military, connected driver-less cars, etc., includes massive data processing and transmission. Nevertheless, integrated circuits (ICs) deployed in IoT based infrastructures have strong constraints in terms of size, cost, power consumption and security. Concerning the last aspect, the main challenges identified so far are resilience of the deployed infrastructure, confidentiality, integrity of exchanged data, user privacy and authenticity. Therefore, well secured and effective cryptographic algorithms are needed that cause small hardware footprints, i.e. Lightweight Cryptography (LWC), also with the provision of robustness, long range transfer of encrypted data and acceptable level of security. In this paper, the implementation, challenges and futuristic applications of LWC algorithms for smart IoT devices have been discussed, especially the performance of Long-Range Wide Area Network (LoRaWAN) which is an open standard that defines the communication protocol for Low-Power Wide Area Network (LPWAN) technology.
Privacy issues are becoming a key focus with software systems. Surveys show that the invasion of privacy is among the things peo-ple fear the most from the coming years. These fears seem to be justified, in the light of recent events involving the UK government. Thus, according to the EU Telecoms Commissioner the UK gov-ernment breach European privacy laws by allowing a group of UK based Internet Service Providers (ISPs) to intercept communications of their users for behavioural advertising purposes. In this case it was complaints from the concerned public that made the EU Commission examine the privacy implications. Yet, on the contrary, popularity of various social networking portals, where users publish their personal and sensitive data publicly, is growing. Therefore, some argue that users should not expect any level of privacy in the digital world. Such claims are backed-up by the fact that majority of Internet users are unconcerned about the digital footprint they leave behind. What is overseen is the control factor. Users want to have the right to decide what information about their lives is in the public domain. Consequently, 'one-size fits all' solution to privacy concerns does not exist, as everybody perceives privacy in a slightly different way. Therefore, parties involved in data-handling, including social networking portals, need to research and implement privacy technologies that can keep their customers happy and make the operation comply with local security and privacy directives in many locations around the globe.This paper gives an insight on how Privacy Enhancing Technologies (PETs) can be used to perform private matching operations in large datasets. These operations can be used by data-holders and individuals to compare or to retrieve information in a private manner in cases where trusted third party does not exist or trusted third party it is used trusted for authentication purposes only. Thus, they can provide users with greater control over how their data is used. They include equality ...
Digital vaccination passports are being proposed by various governments internationally. Trust, scalability and security are all key challenges in implementing an online vaccine passport. Initial approaches attempt to solve this problem by using centralised systems with trusted authorities. However, sharing vaccine passport data between different organisations, regions and countries has become a major challenge. A platform for creating, storing and verifying digital COVID-19 vaccine certifications is presented, making use of InterPlanetary File System (IPFS) to guarantee that there is no single point of failure and to allow data to be securely distributed globally. Blockchain and smart contracts are also integrated into the platform to explicitly determine policies and log access rights to the passport data while ensuring all actions are audited and verifiably immutable. Our proposed platform realises General Data Protection Regulation (GDPR) requirements in terms of user consent, data encryption, data erasure and accountability obligations. We assess the scalability and performance of the platform using IPFS and Blockchain test networks.
The growing trend of sharing news/contents, through social media platforms and the World Wide Web has been seen to impact our perception of the truth, altering our views about politics, economics, relationships, needs and wants. This is because of the growing spread of misinformation and disinformation intentionally or unintentionally by individuals and organizations. This trend has grave political, social, ethical, and privacy implications for society due to 1) the rapid developments in the field of Machine Learning (ML) and Deep Learning (DL) algorithms in creating realistic-looking yet fake digital content (such as text, images, and videos), 2) the ability to customize the content feeds and to create a polarized so-called "filter-bubbles" leveraging the availability of the big-data. Therefore, there is an ethical need to combat the flow of fake content. This paper attempts to resolves some of the aspects of this combat by presenting a high-level overview of TRUSTD, a blockchain and collective signature based ecosystem to help content creators in getting their content backed by the community, and to help users judge on the credibility and correctness of these contents.
The paper introduces an approach to privacy enhancing technologies that sees privacy not merely as an individual right, but as a public good. This understanding of privacy has recently gained ground in the debate on appropriate legal protection for privacy in an online environment. The jurisprudential idea that privacy is a public good and prerequisite for a functioning democracy also entails that its protection should not be left exclusively to the individual whose privacy is infringed. This idea finds its correspondence in our approach to privacy protection through obfuscation, where everybody in a group takes a small privacy risk to protect the anonymity of fellow group members. We show how these ideas can be computationally realised in an Investigative Data Acquisition Platform (IDAP). IDAP is an efficient symmetric Private Information Retrieval (PIR) protocol optimised for the specific purpose of facilitating public authorities' enquiries for evidence.
This paper discusses privacy enhancing technologies in the field of inter-agency data sharing, a key government objective for efficient public service delivery. We analyse the legal and conceptual framework that governs multi-agency cooperation in particular in the field of child protection work, and develop two approaches to represent relevant data protection ideas computationally in the infrastructure that agencies use to exchange sensitive personal data.
The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to communicate with each other about an individual. A common approach is when a citizen discloses his personally identifiable information to both the HA a TC, if the test result comes positive, the information is used by the TC to alert the HA. Along with this, there can be other trusted entities that have other key elements of data related to the citizen. However, the existing approaches comprise severe flaws in terms of privacy and security. Additionally, the aforementioned approaches are not transparent and often being questioned for the efficacy of the implementations. In order to overcome the challenges, this paper outlines the PAN-DOMAIN infrastructure that allows for citizen identifiers to be matched amongst the TA, the HA and the GA. PAN-DOMAIN ensures that the citizen can keep control of the mapping between the trusted entities using a trusted converter, and has access to an audit log.
The introduction of Information Governance throughout the NHS in Great Britain from 2004 onwards, saw Pri-mary Care Medicine subject to a regulatory regime aligning current practice with codes, ethics, legislation and standards. However the Information Commissioners Office, as regulator of Healthcare Data Controllers, has issued statu-tory Undertakings to stem the tide of continued leakage of sensitive health data. Drawing on research from America, the issue of IT Security Risk is presented as problematic given the limitations of surveys indentifying industry trends and is viewed beyond the traditional Threat Value Asset Matrix towards a framework incorporating the reasonable man –taking all due care and diligence as is reasonably practicable in the circumstances. Following the identification of major problems across 10% of English general practices in comply-ing with both Confidentiality and Data Protection Assurance, and Information Security Assurance, a national survey of GP Practices was undertaken to investigate security incidents and risk. Contemporaneous to this, information on reported unto-ward security incidents was obtained from the regulator and all Health Boards across Scotland. Together, these results identified actual risk to securing patient data and concerns voiced from within the sector. This may be of relevance to practitioners, managers as well as policy makers particularly where changes to the structure of the NHS are proposed.
Societies are undergoing unprecedented demographic and socio-economical changes on a pace that has never been experienced before. Health care models are in transition to remain affordable for governments and individuals. Mobile technology and cloud computing will play a major role in order to help to achieve the necessary level of virtualization and service aggregation. There are, however, technological challenges in terms of security, trust, user friendliness and deployment of innovative E-Health strategies.
