What Can We Learn from Hobbes? : An Interpretative Approach to Contemporary Citizenship Deprivation Practices

Färdig, Helena

January 2019

Deprivation of citizenship is currently used in democratic states to combat international terrorism and constitutes ‘the securitisation of citizenship’. The usage of which is often justified by states as assuring national security. Among scholars, there seem to be a conflict between a perspective of rights and security, where critics usually come from the former. Can citizenship deprivation be justified from a security perspective as a counter-terrorism tool? That question is asked in this thesis. By conducting an interpretative analysis of Hobbes, the question is assessed from a security perspective and the answer is not clear cut. The research shows that even when practices are investigated through a lens of security, they are problematic as they currently stand.

Hobbes

deprivation of citizenship

revocation of citizenship

denationalisation

security

protection

Political Science

Statsvetenskap

Towards Efficient Certificate Revocation Status Validation in Vehicular Ad Hoc Networks with Data Mining

Zhang, Qingwei

January 2012

Vehicular Ad hoc Networks (VANETs) are emerging as a promising approach to improving traffic safety and providing a wide range of wireless applications for drivers and passengers. To perform reliable and trusted vehicular communications, one prerequisite is to ensure a peer vehicle’s credibility by means of digital certificates validation from messages that are sent out by other vehicles. However, in vehicular communication systems, certificates validation is more time consuming than in traditional networks, due to the fact that each vehicle receives a large number of messages in a short period of time. Another issue that needs to be addressed is the unsuccessful delivery of information between vehicles and other entities on the road as a result of their high mobility rate. For these reasons, we need new solutions to accelerate the process of certificates validation. In this thesis, we propose a certificate revocation status validation scheme using the concept of clustering; based on data mining practices, which can meet the aforementioned requirements. We employ the technique of k -means clustering to boost the efficiency of certificates validation, thereby enhancing the security of a vehicular ad hoc network. Additionally, a comprehensive analysis of the security of the proposed scheme is presented. The analytical results demonstrate that this scheme can effectively improve the validation of certificates and thus secure the vehicular communication in vehicular networks.

VANETs

digital certificates

Certificate Revocation List

k-Means

authentication

certificate validation

Understanding Certificate Revocation

Hagström, Åsa

January 2006

Correct certificate revocation practices are essential to each public-key infrastructure. While there exist a number of protocols to achieve revocation in PKI systems, there has been very little work on the theory behind it: Which different types of revocation can be identified? What is the intended effect of a specific revocation type to the knowledge base of each entity? As a first step towards a methodology for the development of reliable models, we present a graph-based formalism for specification and reasoning about the distribution and revocation of public keys and certificates. The model is an abstract generalization of existing PKIs and distributed in nature; each entity can issue certificates for public keys that they have confidence in, and distribute or revoke these to and from other entities. Each entity has its own public-key base and can derive new knowledge by combining this knowledge with certificates signed with known keys. Each statement that is deduced or quoted within the system derives its support from original knowledge formed outside the system. When such original knowledge is removed, all statements that depended upon it are removed as well. Cyclic support is avoided through the use of support sets. We define different revocation reasons and show how they can be modelled as specific actions. Revocation by removal, by inactivation, and by negation are all included. By policy, negative statements are the strongest, and positive are the weakest. Collisions are avoided by removing the weaker statement and, when necessary, its support. Graph transformation rules are the chosen formalism. Rules are either interactive changes that can be applied by entities, or automatically applied deductions that keep the system sound and complete after the application of an interactive rule. We show that the proposed model is sound and complete with respect to our definition of a valid state. / <p>Report code: LIU-TEK-LIC-2006:1</p>

Revocation

Public-key certificates

Graph transformation

Other Computer and Information Science

Annan data- och informationsvetenskap

Decision Making in Criminal Justice Revisited: Toward a General Theory of Criminal Justice

Lytle, Daniel J.

24 September 2013

No description available.

Criminology

criminal justice

decision making

arrest

sentencing

parole revocation

meta-analysis

Digital Certificate Revocation for the Internet of Things

Tanner Lindemer, Samuel

January 2019

Digital certificates have long been used for traditional Internet applications, and have now entered into widespread use for the Internet of Things. However, constrained devices currently have no means to verify the revocation status of certificates. Without the ability to revoke certificates, network administrators have no recourse in the event of a private key compromise. This thesis explores three alternatives to solve this problem: (1) implement the Online Certificate Status Protocol (OCSP) as is on a CoAP network stack, (2) compress certificate revocation lists (CRLs) using Bloom filters, and (3) design an optimized version of OCSP (referred to here as TinyOCSP). This work concludes that TinyOCSP reduces the message overhead of online validation by at least 73%. This reduced the energy consumption of certificate validation by 50% relative to OCSP in the experiments on constrained hardware, which shows that it may be a feasible solution for the IoT / Digitala certifikat har länge tillämpats inom traditionella internetappliceringar och har numera även omfattande användningsområden inom IoT. Begränsade apparater har i nuläget dock inga metoder för att verifiera återkallningsstatusar av certifikat. Utan förmågan att återkalla certifikat har nätverksadministratörer inga alternativ att återfalla till när en hemlig nyckel har blivit stulen. Denna uppsats undersöker tre alternativ för att lösa detta problem: (1) tillämpning av Online Certificate Status Protocol (OCSP) med CoAP, (2) komprimering av certificate revocation lists (CRLs) som använder Bloom filters, och (3) skapa en optimerad version av OCSP (TinyOCSP). Arbetet drar slutsatsen att TinyOCSP minskar message overhead av onlinevalidering med åtminstone 73%. Detta minskade energikonsumtion av certifikatsvalidering med 50% jämfört med OCSP i experimentet med begränsade apparater, vilket visar att detta är en tänkar lösning för IoT.

Computer and Information Sciences

Data- och informationsvetenskap

Mathematical Modelling of Delegation in Role Based Access Control

Subedi, Harendra

January 2017

One of the most widespread access control model that assigns permissions to a user is Role Based Access Control (RBAC). The basic idea is to limit the access to resources by using the indirection of roles, which are associated both to users and permissions. There has been research conducted with respect to clarifying RBAC and its components, as well as in creating mathematical models describing different aspects of its administrative issues in RBAC. But, till date no work has been done in terms of formalization (Mathematical Modelling) of delegation and revocation of roles in RBAC. Which provides most important extensions of the policy and provides flexibility in the user to user delegation of roles, especially in the environment where roles are organized in a hierarchy. The process allows a user with a role that is higher in the hierarchy to assign a part of the role to someone who is lower in the hierarchy or at the same level. This can be done for a limited time or permanently. The reverse process is called revocation and it consists of ending different types of delegations. This thesis has found the answer to the following research question i.e. how different mathematical Modelling for delegation and revocation of Roles in RBAC can be performed? This thesis presents different types of delegation and techniques for revocation with a comprehensive mathematical Modelling of both processes. As this can be clearly visible that this thesis objective is to derive a mathematical models for delegation and revocation of roles in RBAC policy, for deriving mathematical models formal method is applied. The mathematical models developed include grant and transfer delegation with and without role hierarchy, time based revocation, user based revocation and cascading revocation. The case scenario of an organization using RBAC is used to illustrate and clarify the mathematical models. The mathematical models presented here can serve as a starting point for developing, implementations of delegation and revocation on top of existing authorization modules based on the RBAC model.

Computer and Information Sciences

Data- och informationsvetenskap

Анализ и прогнозирование отзыва лицензий коммерческих банков : магистерская диссертация / Analysis and forecasting of revocation of licenses of commercial banks

Емельянова, Е. В., Emelyanova, E. V.

January 2018

Master's thesis is devoted to the analysis of revocation of licenses from commercial banks. The purpose of writing a master's thesis is to analyze the state of the banking sector from the perspective of reducing the number of valid licenses, suggest possible approaches to determining whether there is evidence of a possible revocation of a license from a credit institution and provide a forward-looking estimate of the further development of the banking sector. During the work, an analysis was made of the state of the banking sector of the country when revoking the license; identified and identified signs that can warn banks from the ban on the conduct of banking operations on the basis of the seven banks in the country, which allowed to assess the impact of revocation of a license for the development of the banking system of the Russian Federation. / Магистерская диссертация посвящена вопросам анализа отзыва лицензий у коммерческих банков. Цель написания магистерской диссертации – на основе анализа состояния банковского сектора с позиции сокращения количества действующих лицензий, предложить возможные подходы к определению наличия признаков возможного отзыва лицензии у кредитной организации и дать прогнозную оценку по дальнейшему развитию банковского сектора. В ходе работы был проведен анализ состояния банковского сектора страны при отзыве лицензии; выявлены и определены признаки, способные предостеречь банки от запрета на осуществление банковских операций на основе рассмотренных 7 банков страны.

MASTER'S THESIS

COMMERCIAL BANK

LICENSE REVOCATION

BANKRUPTCY

КОММЕРЧЕСКИЙ БАНК

ОТЗЫВ ЛИЦЕНЗИИ

БАНКРОТСТВО

Using Incumbent Channel Occupancy Prediction to Minimize Secondary License Grant Revocations

Ramanujachari, Divya

13 December 2018

With commercial deployment of the Citizens Band Radio Service commencing in the last quarter of 2018, efforts are in progress to improve the efficiency of the Spectrum Access System (SAS) functions. An area of concern as identified in recent field trials is the timebound evacuation of unlicensed secondary users from a frequency band by the SAS on the arrival of an incumbent user. In this thesis, we propose a way to optimize the evacuation process by reducing the number of secondary spectrum grant revocations to be performed. The proposed work leverages knowledge of incumbent user spectrum occupancy pattern obtained from historical spectrum usage data. Using an example model trained on 48 hours of an incumbent user transmission information, we demonstrate prediction of future incumbent user spectrum occupancy for the next 15 hours with 94.4% accuracy. The SAS uses this information to set the time validity of the secondary spectrum grants appropriately. In comparison to a case where spectrum grants are issued with no prior knowledge, the number of revocations declines by 87.5% with a 7.6% reduction in channel utilization. Further, the proposed technique provides a way for the SAS to plan ahead and prepare a backup channel to which secondary users can be redirected which can reduce the evacuation time significantly. / Master of Science / Studies on spectrum occupancy show that, in certain bands, licensed incumbent users use the spectrum only for some time or only within certain geographical limits. The dynamic spectrum access paradigm proposes to reclaim the underutilized spectrum by allowing unlicensed secondary users to access the spectrum opportunistically in the absence of the licensed users. In the United States, the Federal Communications Commission (FCC) has identified 150 MHz of spectrum space from 3550-3700 MHz to implement a dynamic spectrum sharing service called the Citizens Broadband Radio Service (CBRS). The guiding principle of this service is to maximize secondary user channel utilization while ensuring minimal incumbent user disruption. In this study, we propose that these conflicting requirements can be best balanced in the Spectrum Access System (SAS) by programming it to set the time validity of the secondary license grants by taking into consideration the incumbent spectrum occupancy pattern. In order to enable the SAS to learn incumbent spectrum occupancy in a privacy-preserving manner, we propose the use of a deep learning model, specifically the long-short term memory (LSTM). This model can be trained by federal agencies on historical incumbent spectrum occupancy information and then shared with the SAS in a secure manner to obtain prediction information about possible incumbent activity. Then, using the incumbent spectrum occupancy information from the LSTM model, the SAS could issue license grants that would expire before expected arrival time of incumbent user, thus minimizing the number of revocations on incumbent arrival. The scheme was validated using simulations that demonstrated the effectiveness of this approach in minimizing revocation complexity.

Dynamic Spectrum Access

Spectrum Access System

Spectrum Occupancy Prediction

Spectrum Grant Revocation

Developing a concept for handling IT security with secured and trusted electronic connections

Hockmann, Volker

January 2014

In this day and age, the Internet provides the biggest linkage of information, personal data and information, social contact facilities, entertainment and electronic repository for all things including software downloads and tools, online books and technical descriptions, music and movies - both legal and illegal [Clarke, 1994]. With the increasing bandwidth in the last few years worldwide, it is possible to access the so-called "Triple-Play-Solutions" - Voice over lP, High-Speed-Internet and Video on Demand. More than 100 million subscribers have signed on across Asia, Europe, and the Americas in 2007, and growth is likely to continue steadily in all three. As broadband moves into the mainstream, it is reshaping the telecommunications, cable and Internet access industrie [Beardsley, Scott and Doman, Andrew, and EdinMC Kinsey, Par, 2003]. Cisco [Cisco, 2012], one of the biggest network companies, will expect more than 966 exabytes (nearly 1 zettabyte) per year or 80.5 exabytes per month in 2015 and the "Global IP traffic has increased eightfold over the past 5 years, and will increase fourfold over the next 5 years. Overall, IP traffic will grow at a compound annual growth rate (CAGR) of 32 percent from 2010 to 2015" . More and more types of sensible data flow between different recipients. News from around the world are transferred within seconds from the one end to the other end of the world, and affect the financial market, stock exchange [Reuters, 2012] and also bring down whole governments. For instance, worldwide humoil might ensue if a hacker broke into the web-server of an international newspaper or news channel like N-TV in Germany or BBC in England and displayed messages of a political revolution in Dubai or the death of the CEO from Microsoft or IBM.

005.8

Použití smart-karet v moderní kryptografii / The use of smart-cards in modern cryptography

Kočíř, Michal

January 2013

This thesis discusses the general use of smart cards in MULTOS in cryptographic applications. At first is described two types of authentication - the authentication by the subject with focusing on authenticators and the authentication by the knowledge. Furthermore there is the description of the anonymous authentication and attribute authentization. This is followed by a description of smart cards with a focus on MULTOS cards. There is also performed analysis of programmable smart cards .NET, JavaCard and MULTOS. Practical part is focused on the implementation of an authentication scheme, which is being developed at FEEC. The communication of authentication protocol is between the MULTOS card and reader connected to a PC. The protocol is composed of cryptographic functions such as random number generation, hash function, modular exponentiation, modular multiplication and difference of large numbers. It was also implemented the measurement of specific applications.