Logo des Repositoriums

Auflistung nach Schlagwort "cybersecurity"

1 - 7 von 7
  • Konferenzbeitrag
    Electronic identity mass compromize: Options for recovery
    (Open Identity Summit 2023, 2023) Fritsch, Lothar
    A National Digital Identity Framework should be designed in a proactive manner, should focus on a resilience-oriented approach, and should be aimed at limiting the risks that may originate from identity data management [IT18]. What is the preparedness of digital identity providers for recovery from compromise that affects large numbers of identities? Failures or attacks may destroy authenticators, data or trust chains that are the foundations of large identity ecosystems. The re-issuance of digital identities, of authenticators or the re-enrollment of the user base should get planned as contingency measures. Important parameters will be recovery time, complexity of re-registering subjects, distribution of effort between certification authorities, registrars and relying parties, and the availability of alternative technologies and staff resources. The article will, based on a review of standards and requirements documents, present evidence for a shortage of recovery readiness that endangers relying parties and identity ecosystems. From a review of standards and practice, we extract recovery procedures as far as they are planned for.
  • Konferenzbeitrag
    Exploring the Human Factor in IT-security: A mobile lab for Investigating User Behavior
    (Open Identity Summit 2023, 2023) Fähnrich, Nicolas; Köster, Kevin; Renkel, Patrick; Huber, Richard; Menz, Nadja
    The threat of cybersecurity incidents is increasingly challenging for companies and employee interaction plays a crucial role in the majority of cyberattacks. In this paper, we present a mobile, scalable IT-security lab to investigate the human factor in such incidents. The lab enables study participants to experience cyberattacks in an immersive workplace environment. In order to ensure that the target group of small and medium sized company (SME) employees is reached, we have designed the mobile lab in such a way that it can be easily operated in different locations and sizes.
  • Konferenzbeitrag
    Identification collapse - contingency in Identity Management
    (Open Identity Summit 2020, 2020) Fritsch, Lothar
    Identity management (IdM) facilitates identification, authentication and authorization in most digital processes that involve humans. Digital services as well as work processes, customer relationship management, telecommunications and payment systems rely on forms of IdM. IdM is a business-critical infrastructure. Organizations rely on one specific IdM technology chosen to fit a certain context. Registration, credential issuance and deployment of digital identities are then bound to the chosen technology. What happens if that technology is disrupted? This article discusses consequences and mitigation strategies for identification collapse based on case studies and literature search. The result is a surprising shortage of available documented mitigation and recovery strategies for identification collapse.
  • Workshopbeitrag
    The Notion of Relevance in Cybersecurity: A Categorization of Security Tools and Deduction of Relevance Notions
    (Mensch und Computer 2022 - Workshopband, 2022) Kuehn, Philipp; Bäumler, Julian; Kaufhold, Marc-André; Wendelborn, Marc; Reuter, Christian
    Proper cybersecurity requires timely information to defend the IT infrastructure. In a dynamic field like cybersecurity, gathering up-to-date information is usually a manual, time-consuming, and exhaustive task. Automatic and usable approaches are supposed to be a solution to this problem, but for this, they require a notion of information relevance to distinguish relevant from irrelevant information. First, on the basis of a literature review, this paper proposes a novel cybersecurity tool categorization based on corresponding tool types with their respective definitions and core features. Second, it elaborates information used in each category and deduces notions of relevance. Third, it outlines how these findings informed the design of a security dashboard to guide computer emergency response team staff in identifying current threats in open source intelligence sources while mitigating information overload.
  • Textdokument
    Secure OPC UA Server configuration for smart charging stations
    (INFORMATIK 2021, 2021) Schindler, Josef; Kirdan, Erkin; Waedt, Karl
    Direct-To-Consumer (D2C) marketing recently gains popularity in society by bypassing unnecessary mediators and thus avoiding cost. In Information and Communication Technology (ICT) terms, it is comparable with Machine-To-Machine (M2M) communication overcoming additional mediators, i.e. remote servers. In this paper, we research M2M communication for battery boosted charging station. Therefore, we consider a setup comprising an OPC Unified Architecture (OPC UA) Client and OPC UA Server. The server represents the smart charging station, where the client can reserve time slots for charging sessions. In this paper, we answer how to facilitate this using the different services provided by OPC UA. Additionally, we apply an OPC UA Metasploit module on two differently - according to the function manuals - configured OPC UA Servers. Afterwards, we validate the results.
  • Konferenzbeitrag
    Towards the COSCA framework for “COnseptualing Secure CArs”.
    (Open Identity Summit 2021, 2021) Bella, Giampaolo; Biondi, Pietro; Costantino, Gianpiero; Matteucci, Ilaria; Marchetti, Mirco
    Cyber risks associated with modern cars are often referred to safety. However, modern cars expose a variety of digital services and process a variety of personal data, at least of the driver’s. This paper unfolds the argument that car (cyber-)security and drivers’ privacy are worthy of additional consideration, and does so by advancing “COSCA”, a framework for “COnceptualising Secure CArs” as interconnected nodes of the Next Generation Internet. COSCA adopts an innovative socio-technical approach. It crowdsources drivers’ perceptions on core privacy topics and it classifies the data collected by cars and processed by manufacturers pursuant the General Data Protection Regulation. These steps inform a risk assessment which highlights the more relevant mitigation strategies and cyber security technologies. Finally, COSCA aims at designing novel interfaces to enable drivers to exercise their rights about personal data collection and processing.
  • Konferenzbeitrag
    A user-centric approach to IT-security risk analysis for an identity management solution
    (Open Identity Summit 2022, 2022) Fähnrich, Nicolas; Winterstetter, Matthias; Kubach, Michael
    In order to build identity management (IdM) solutions that are secure in the practical application context, a holistic approach their IT-security risk analysis is required. This complements the indispensable technical, and crypto-focused analysis of risks and vulnerabilities with an approach that puts another important vector for security in the center: the users and their usage of the technology over the whole lifecycle. In our short paper we focus exclusively on the user-centric approach and present an IT-security risk analysis that is structured around the IdM lifecycle.