Logo des Repositoriums

P277 - Open Identity Summit 2017

https://dl.gi.de/handle/20.500.12116/20999
Auflistung nach:

Auflistung P277 - Open Identity Summit 2017 nach Erscheinungsdatum

Zu einem Punkt im Index springen:
1 - 10 von 16
  • Textdokument
    Response and Cultural Biases in Information Security Policy Compliance Research
    (Open Identity Summit 2017, 2017) Kurowski, Sebastian; Dietrich, Fabina
    This contribution tries to shed light on whether current information security policy compliance research is affected by response (such as social desirability) or cultural biases. Based upon the hypothesis that response biases may be subject to information processing of the questionnaire item by the respondent, a classification of questionnaire items of 17 surveys is provided. Furthermore, the Individualism and Power Distance indices are gathered for the survey samples. Correlation analysis reveals that the Power Distance index correlates negatively, while Individualism correlates positively with the mean self-reported policy compliance. These findings support previous findings on the role of Power Distance and contradict the influence of response and social desirability biases on self-reported information security policy compliance.
  • Textdokument
    A Semantic Data Model for the Development of Secure and Valuable Software
    (Open Identity Summit 2017, 2017) Horch, Andrea; Laufs, Uwe; Sellung, Rachelle
    IT security is a crucial non-functional software requirement. Nevertheless, there are several other aspects that a softwares’ market success depends on. Therefore, it is vital that during the development process software developers consider different disciplines needs that essentially add value when going to market such as usability and socio-economics. The project CUES addresses these aspects by developing an interdisciplinary and integrated guidance tool, called the Wizard. The Wizard is designed to support software developers with interdisciplinary knowledge during the software development processes. The core of the Wizard builds a knowledge base, which is based on a semantic data model. While the semantic data model is finished, the Wizard is still undergoing development in the CUES project and is not yet complete. This paper presents the semantic data model as a first project result and as the core element of theWizard. The proposed data model stores knowledge about software development processes, methods and tools in order to derive problems and corresponding solutions which may occur in real software development processes.
  • Textdokument
    Towards a Smart Assistant for Enterprise Availability Management
    (Open Identity Summit 2017, 2017) Laufs, Uwe; Roßnagel, Heiko
    In today’s work environment, people are increasingly available because of the vast distribution of smartphones. This leads to a lack of real leisure time without being disturbed by phone calls or e-Mail concerning job issues. In the last few years, several large companies in Germany addressed this issue using more or less successful methods like switching off mail servers after working hours or deleting mails received during holidays [Fa14], [We14]. Tough, these methods seems to be either too strict or do not provide an accurate solution for the different needs of the different roles in a company. In project SANDRA, we aim at the development of a smart assistant in order to provide non-disturbed leisure time for employees. The assistant will both delay the delivery of mails based on the content (e.g. natural language processing, deep learning) and on additional information such as roles, holiday, or location. In addition, phone calls can be rejected by the assistant. The project also has a focus on privacy aspects and several legal aspects such as labour management regulations and data protection laws. The development will include enterprises for gathering of requirements, continuous testing and optimisation as well as for the evaluation. For the evaluation of the system, stress levels will be measured based on the heart frequencies of the test users with and without using the system over a longer period of time.
  • Textdokument
    Derived Partial Identities Generated from App Permissions
    (Open Identity Summit 2017, 2017) Fritsch, Lothar; Momen, Nurul
    This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
  • Textdokument
    An explorative approach on the impact of external and organizational events on information security
    (Open Identity Summit 2017, 2017) Ajazaj, Ilirjana; Kurowski, Sebastian
    This contribution aims at the research question on which observable organizational events occur prior to an information security incident, and how these may relate to the organization. It therefore uses a dataset that was built using Google News, and the list of data breaches from [Mc17] to analyse which organizational events occur most often. It provides a categorization of these events, which were built by using a grounded theory approach. On the other hand, causal chains are constructed by sing the sociologic system theory and constructivism. Both, the causal chains and the organizational event categories are applied together within this contribution to discuss, the likelihood of the causalities of the occurred events. However, events, such as financial gains also exhibit a higher occurrence prior to an information security incident. This contribution is a speculative, yet first approach on this question. Further research will focus on refining the constructed causalities.
  • Textdokument
    Towards secure and standard-compliant implementations of the PSD2 Directive
    (Open Identity Summit 2017, 2017) Wich, Tobias; Nemmert, Daniel; Hühnlein, Detlef
    The present article provides a compact overview of the most important requirements of the so-called “Payment Services Directive 2” (PSD2) [Di15], together with the related Regulatory Technical Standard on authentication and communication [Eu17] according to Article 98, and outlines how the pivotal “Access-to-Account-Interface” can be securely implemented based on widely acknowledged international standards.
  • Textdokument
    A service for the preservation of evidence and data – a key for a trustworthy & sustainable electronic business
    (Open Identity Summit 2017, 2017) Schwalm, Steffen
    There is as high need to digitize and automatize business processes as well as to preserve the created electronic records for 2 up to 100 years or more to make business transactions evident against third parties. This requirement is not only mandatory for public administrations but also private companies especially in high regulated industries such as aviation, LifeScience & Pharma or financial sector. According to decade-long retention time it`s a challenge to ensure the availability as well as the preserve the authenticity, integrity, negotiability or reliability of electronic records. A digital archive service based on SOA and current technical standards to preserve all electronic records and their evidences provides a sustainable solution to this challenge. The paper shows based on current standards and the long-term experiences of the author possible solutions and an example of an architecture framework a digital archive service.
  • Textdokument
    Towards Privacy-Preserving and User-Centric Identity Management as a Service
    (Open Identity Summit 2017, 2017) Dash, Pritam; Rabensteiner, Christof; Hörandner, Felix; Roth, Simon
    Identification, authentication and the exchange of users’ identity information are key factors in protecting access to online services. Especially cost-effectiveness is a considerable incentive to move identity management models into the public cloud. As cloud environments are not fully trusted, the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possible to share them. One approach is to employ proxy re-encryption, which enables the identity provider to transform a user’s encrypted attributes into ciphertext for an authorized service provider. However, for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendly and user-centric identity management solution that employs cryptographic mechanisms to protect the users’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryption into the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make this concept user-friendly, we introduce a mobile app that handles the involved cryptographic operations which rely on keys securely stored in a trusted execution environment.
  • Textdokument
    A Comparison of Payment Schemes for the IoT
    (Open Identity Summit 2017, 2017) Bohli, Jens-Matthias; Dietrich, Aljoscha; Petrlic, Ronald; Sorge, Christoph
    Technologies for the IoT have reached a high level of maturity, and a large-scale deployment will soon be possible. For the IoT to become an economic success, easy access to all kinds of real-world information must be enabled. Assuming that not all services will be available for free, an IoT infrastructure should support access control, accounting, and billing. We analyze available access control and payment schemes for their potential as payment schemes in the IoT. In addition to security and privacy, we discuss suitability for direct client to sensor communication and efficiency. We show shortcomings of existing protocols that need to be addressed by future research.
  • Textdokument
    Password Assistance
    (Open Identity Summit 2017, 2017) Horsch, Moritz; Braun, Johannes; Buchmann, Johannes
    For decades, users are not able to realize secure passwords for their user accounts at Internet services. Users’ passwords need to fulfil general security requirements and the password requirements of services. Furthermore, users need to cope with different password implementations at services. Finally, users need to perform a multitude of tasks to properly manage their large password portfolios. This is practically impossible. In this paper, we introduce the vision of a password assistant. It supports users in all duties and tasks with regard to their passwords, from the creation of secure passwords to the recovery of them in case of loss. Moreover, it provides an extensive automatization of all password tasks that reduces the users’ efforts and activities to deal with passwords to a minimum. A password assistant enables high security for passwords as well as improves their ease of use. First, we provide a detailed description of the problem of users to realize secure passwords for their accounts in practice. Second, we outline the vision of a password assistant, describe its technical foundation, and introduce the related open-source project starting to realize the first password assistant.