Logo des Repositoriums

Auflistung nach Autor:in "Schunck, Christian H."

1 - 10 von 109
  • Konferenzbeitrag
    Accountable Banking Transactions
    (Open Identity Summit 2024, 2024) Mödersheim, Sebastian; Chen, Siyu
    This paper shows how to apply the idea of Three branches of Accountability by Mödersheim and Cuellar to make banking transactions accountable, i.e., neither can the customer later deny to have placed the order, nor can the bank execute a transaction that the customer did not order. This is done in a general way that deliberately gives freedom to instantiate the system in several different ways, as long as it follows a few basic principles, and we show accountability holds in every instance.
  • Konferenzbeitrag
    Accountable Trust Decisions: A Semantic Approach
    (Open Identity Summit 2020, 2020) Schlichtkrull, Anders; Mödersheim, Sebastian
    This paper is concerned with the question of how to obtain the highest possible assurance on trust policy decisions: when accepting an electronic transaction of substantial value or significant implications, we want to be sure that this did not happen because of a bug in a policy checker. Potential bugs include bugs in parsing documents, in signature checking, in checking trust lists, and in the logical evaluation of the policy. This paper focuses on the latter kind of problems and our idea is to validate the logical steps of the trust decision by another, complementary method. We have implemented this for the Trust Policy Language of the LIGHTest project and we use the completely independently developed FOL theorem prover RP_X as a complementary method.
  • Konferenzbeitrag
    Adapting the TPL Trust Policy Language for a Self-Sovereign Identity World
    (Open Identity Summit 2021, 2021) Alber, Lukas; More, Stefan; Mödersheim, Sebastian; Schlichtkrull, Anders
    Trust policies enable the automated processing of trust decisions for electronic transactions. We consider the Trust Policy Language TPL of the LIGHTest project [Mö19] that was designed for businesses and organizations to formulate their trust policies. Using TPL, organizations can decide if and how they want to rely on existing trust schemes like Europe’s eIDAS or trust scheme translations endorsed by them. While the LIGHTest project is geared towards classical approaches like PKI-based trust infrastructures and X.509 certificates, novel concepts are on the rise: one example is the self-sovereign identity (SSI) model that enables users better control of their credentials, offers more privacy, and supports decentralized solutions. Since SSI is based on distributed ledger (DL) technology, it is a question of how TPL can be adapted so that organizations can continue to enjoy the benefits of flexible policy descriptions with automated evaluation at a very high level of reliability. Our contribution is a first step towards integrating SSI and the interaction with a DL into a Trust Policy Language. We discuss this on a more conceptual level and also show required TPL modifications. We demonstrate that we can integrate SSI concepts into TPL without changing the syntax and semantics of TPL itself and have to add new formats and introduce a new built-in predicate for interacting with the DL. Another advantage of this is that the “business logic” aspect of a policy does not need to change, enable re-use of existing policies with the new trust model.
  • Konferenzbeitrag
    Adversary Tactics and Techniques specific to Cryptocurrency Scams
    (Open Identity Summit 2022, 2022) Horch, Andrea; Schunck, Christian H.; Ruff, Christopher
    At the end of the year 2020, there was a steep uptrend of the cryptocurrency market. The global market capitalization of cryptocurrencies climbed from 350 billion US$ in October 2020 to almost 2.5 trillion US$ in May 2021 and reached 3 trillion US$ in November 2021. Currently, there are more than 17,600 cryptocurrencies listed on CoinMarketCap. The ample amount of money within the market attracts investors as well as scammers and hackers. Recent incidents like the BadgerDAO hack have shown how easy it is to steal cryptocurrencies. While all the standard scamming and hacking techniques such as identity theft, social engineering and web application hacking are successfully employed by attackers, new scams very specific to cryptocurrencies emerged, which are the focus of this paper.
  • Konferenzbeitrag
    Agent-based Models as a Method to Analyse Privacy-friendly Business Models in an Assistant Ecosystem
    (Open Identity Summit 2020, 2020) Kubach, Michael; Fähnrich, Nicolas; Mihale-Wilson, Cristina
    Various projects and initiatives strive towards designing privacy friendly open platforms and ecosystems for digital products and services. However, besides mastering technical challenges, achieving economic viability and broad market success has so far proven to be difficult for these initiatives. Based on a publicly funded research project, this study focuses on the business model design for an open digital ecosystem for privacy friendly and trustworthy intelligent assistants. We present how the agent-based modelling technique can be employed to evaluate how business models perform in various constellations of an open digital ecosystem. Thus, our work relates to the strategic choice of suitable business models as an important success factor for privacy and security-relevant technologies.
  • Konferenzbeitrag
    Aligning ABAC policies with information security policies using controlled vocabulary
    (2016) Kuhlisch, Raik; Bittins, Sören
    Attribute-based Access Control (ABAC) policies are based on mutually processable policy attributes. Assigned permissions in such policies need to be reflected or combined with organisational constraints. Best practice in information security dictates having the operational need to access a particular information artifact independent from the function of the specific application systems. Consequently, any policy regulating the behaviour towards information access must adhere to a minimum degree of mutual semantic expressiveness to be combined and processed with the matching ABAC policy. We show how to detect policy attribute conflicts between ABAC policies and information access policies by means of controlled vocabulary and Semantic Web technologies.
  • Konferenzbeitrag
    An eid mechanism built along privacy by design principles using secure elements, pseudonyms and attributes
    (2016) Pinkas, Denis
    This eID mechanism has been built taking into consideration Privacy by Design principles. It uses some of the basic principles of the FIDO model (Fast Identification On-line) adding certain constraints and extending the model to push user attributes. It allows a user to open an anonymous account on a server using a random pseudonym and then to push one or more attributes contained in an access token that has been obtained from an Attribute Issuer. In order to prevent the forwarding of an access token between collaborative users, a Secure Element must be used. That Secure Element shall conform to specific requirements, e.g. defined using a Protection Profile. This eID mechanism will be worldwide usable as soon as the providers of such Secure Elements publish information that can verify the genuineness of these secure elements.
  • Konferenzbeitrag
    An interdisciplinary approach to develop secure, usable and economically successful software
    (2016) Hofer, Janina; Sellung, Rachelle
    Some argue that software developers of security solutions often neglect the importance of incorporating usability and socio-economic aspects and focus more on security and privacy aspects. However, it can be observed that many solutions are not accepted by both the users and the market, even though they are technically sophisticated. This work-in-progress paper proposes an interdisciplinary approach and a prospective supportive tool that guides the developer through the process, which is referred to as the Wizard. It consists of selected, carefully analyzed and edited methods and standards from the fields of (a) Usability and User Experience, (b) Socioeconomics, and (c) IT-Security and other disciplines. The Wizard proactively recommends various methods according to the status of the development and assists in their selection and application.
  • Konferenzbeitrag
    Analysing user’s privacy preferences in smart-home environments with situational contexts
    (Open Identity Summit 2023, 2023) Ruff, Christopher; Benthien, Benedict; Orlowski, Alexander
    Due to the increasing adoption of smart home devices and technologies, implications for privacy gain importance. In this paper, correlations between specific characteristics of people and their preferences regarding the activity status of components in smart home devices are investigated. In addition, said preferences are analysed for inherent patterns to assist people in their decisions by suggesting preferences, which often occur together. A special focus of this work is the differentiation of preferences according to situational contexts. An online survey was conducted, and the results were analysed. The results imply strong correlations within the preferences and differences in preferences across different contexts.
  • Konferenzbeitrag
    Analyzing Requirements for Post Quantum Secure Machine Readable Travel Documents
    (Open Identity Summit 2021, 2021) Morgner, Frank; von der Heyden, Jonas
    In a post-quantum world, the security of digital signatures and key agreements mechanisms used for Machine Readable Travel Documents (MRTDs) will be threatened by Shor’s algorithm. Due to the long validity period of MRTDs, upgrading travel documents with practical mechanisms which are resilient to attacks using quantum computers is an urgent issue. In this paper, we analyze potential quantum-resistant replacements that are suitable for those protocols and the ressource-constrained environment of embedded security chips.